SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 137 |
| CVE-ID | CVE-2021-4460 CVE-2022-43945 CVE-2022-48631 CVE-2022-50236 CVE-2022-50249 CVE-2022-50280 CVE-2022-50293 CVE-2022-50327 CVE-2022-50350 CVE-2022-50356 CVE-2022-50367 CVE-2022-50394 CVE-2022-50395 CVE-2022-50423 CVE-2022-50443 CVE-2022-50459 CVE-2022-50470 CVE-2022-50481 CVE-2022-50485 CVE-2022-50487 CVE-2022-50493 CVE-2022-50496 CVE-2022-50501 CVE-2022-50504 CVE-2022-50505 CVE-2022-50509 CVE-2022-50516 CVE-2022-50532 CVE-2022-50534 CVE-2022-50536 CVE-2022-50537 CVE-2022-50542 CVE-2022-50544 CVE-2022-50549 CVE-2022-50563 CVE-2022-50564 CVE-2022-50571 CVE-2022-50581 CVE-2023-53183 CVE-2023-53185 CVE-2023-53188 CVE-2023-53191 CVE-2023-53204 CVE-2023-53271 CVE-2023-53282 CVE-2023-53289 CVE-2023-53292 CVE-2023-53338 CVE-2023-53339 CVE-2023-53373 CVE-2023-53433 CVE-2023-53476 CVE-2023-53477 CVE-2023-53484 CVE-2023-53517 CVE-2023-53519 CVE-2023-53533 CVE-2023-53540 CVE-2023-53548 CVE-2023-53556 CVE-2023-53559 CVE-2023-53564 CVE-2023-53568 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53593 CVE-2023-53594 CVE-2023-53596 CVE-2023-53603 CVE-2023-53604 CVE-2023-53611 CVE-2023-53615 CVE-2023-53619 CVE-2023-53620 CVE-2023-53622 CVE-2023-53624 CVE-2023-53635 CVE-2023-53644 CVE-2023-53647 CVE-2023-53648 CVE-2023-53650 CVE-2023-53667 CVE-2023-53668 CVE-2023-53672 CVE-2023-53675 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687 CVE-2023-53695 CVE-2023-53696 CVE-2023-53705 CVE-2023-53707 CVE-2023-53715 CVE-2023-53717 CVE-2023-53722 CVE-2023-53733 CVE-2023-7324 CVE-2024-56633 CVE-2025-38539 CVE-2025-38680 CVE-2025-38691 CVE-2025-38695 CVE-2025-38699 CVE-2025-38700 CVE-2025-38714 CVE-2025-38718 CVE-2025-38724 CVE-2025-39676 CVE-2025-39702 CVE-2025-39724 CVE-2025-39756 CVE-2025-39772 CVE-2025-39812 CVE-2025-39813 CVE-2025-39841 CVE-2025-39866 CVE-2025-39876 CVE-2025-39911 CVE-2025-39923 CVE-2025-39929 CVE-2025-39931 CVE-2025-39945 CVE-2025-39949 CVE-2025-39955 CVE-2025-39968 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39997 CVE-2025-40018 CVE-2025-40044 CVE-2025-40049 CVE-2025-40078 CVE-2025-40082 CVE-2025-40088 |
| CWE-ID | CWE-682 CWE-119 CWE-667 CWE-665 CWE-401 CWE-476 CWE-416 CWE-125 CWE-404 CWE-20 CWE-399 CWE-617 CWE-835 CWE-388 CWE-362 CWE-908 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 SP5 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system kernel-default-kgraft-devel Operating systems & Components / Operating system package or component kernel-default-kgraft Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_280-default Operating systems & Components / Operating system package or component kernel-default-devel-debuginfo Operating systems & Components / Operating system package or component kernel-default-man Operating systems & Components / Operating system package or component kernel-macros Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component kernel-default-base-debuginfo Operating systems & Components / Operating system package or component kernel-default-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-default Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component cluster-md-kmp-default Operating systems & Components / Operating system package or component dlm-kmp-default Operating systems & Components / Operating system package or component cluster-md-kmp-default-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-default-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component kernel-default-debugsource Operating systems & Components / Operating system package or component gfs2-kmp-default Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component gfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 137 vulnerabilities.
1) Incorrect calculation
EUVDB-ID: #VU116299
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-4460
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the set_sched_resources() and initialize_cpsch() functions in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU69766
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-43945
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attacl.
The vulnerability exists due to a boundary error within the Linux kernel NFSD implementation. A remote attacker can send the RPC message over TCP with garbage data added at the end of the message, trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper locking
EUVDB-ID: #VU92033
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48631
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ext4_ext_check() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Initialization
EUVDB-ID: #VU115560
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50236
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the mtk_iommu_isr() function in drivers/iommu/mtk_iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU115353
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50249
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the of_get_ddr_timings() function in drivers/memory/of_memory.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU115443
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50280
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the propagate_one() function in fs/pnode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU115594
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50293
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the btrfs_drop_extents() function in fs/btrfs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU115438
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50327
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_processor_get_lpi_info() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU115690
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50350
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsi_target_handle_csg_one() and iscsi_target_start_negotiation() functions in drivers/target/iscsi/iscsi_target_nego.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU115800
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50356
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sfb_reset() function in net/sched/sch_sfb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU115780
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50367
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inode_init_always() function in fs/inode.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU115909
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50394
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ismt_access() function in drivers/i2c/busses/i2c-ismt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU115873
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50395
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the integrity_init_keyring() function in security/integrity/digsig.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper resource shutdown or release
EUVDB-ID: #VU116340
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50423
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the acpi_ut_copy_ipackage_to_ipackage() function in drivers/acpi/acpica/utcopy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Incorrect calculation
EUVDB-ID: #VU116294
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50443
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the rk3288_lvds_poweron() and px30_lvds_poweron() functions in drivers/gpu/drm/rockchip/rockchip_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Incorrect calculation
EUVDB-ID: #VU116288
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50459
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the drivers/scsi/iscsi_tcp.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU116569
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50470
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xhci_free_virt_device() function in drivers/usb/host/xhci-mem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU116548
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50481
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cxl_guest_init_afu() and cxl_guest_init_adapter() functions in drivers/misc/cxl/guest.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU116568
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50485
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the swap_inode_boot_loader() function in fs/ext4/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow
EUVDB-ID: #VU116580
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50487
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfsd3_init_dirlist_pages() function in fs/nfsd/nfs3proc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU116566
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50493
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qla24xx_abort_iocb_timeout() function in drivers/scsi/qla2xxx/qla_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU116519
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50496
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the destroy() function in drivers/md/dm-cache-target.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU116546
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50501
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the coda_setup_iram() function in drivers/media/platform/chips-media/coda-bit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Resource management error
EUVDB-ID: #VU116583
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50504
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rtas_os_term() function in arch/powerpc/kernel/rtas.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Memory leak
EUVDB-ID: #VU116495
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50505
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ppr_notifier() function in drivers/iommu/amd/iommu_v2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU116794
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50509
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the coda_start_encoding() function in drivers/media/platform/chips-media/coda-bit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU116760
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50516
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the send_args() function in fs/dlm/lock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory leak
EUVDB-ID: #VU116715
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50532
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mpt3sas_transport_port_add() function in drivers/scsi/mpt3sas/mpt3sas_transport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper locking
EUVDB-ID: #VU116805
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50534
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __open_metadata() function in drivers/md/dm-thin-metadata.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU116758
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50536
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_bpf_send_verdict() function in net/ipv4/tcp_bpf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory leak
EUVDB-ID: #VU116714
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50537
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rpi_firmware_probe() function in drivers/firmware/raspberrypi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU116757
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50542
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the si470x_usb_driver_probe() function in drivers/media/radio/si470x/radio-si470x-usb.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Memory leak
EUVDB-ID: #VU116708
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50544
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xhci_alloc_stream_info() function in drivers/usb/host/xhci-mem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper locking
EUVDB-ID: #VU116804
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50549
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __create_persistent_data_objects(), dm_pool_metadata_close() and __set_abort_with_changes_flags() functions in drivers/md/dm-thin-metadata.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU117571
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50563
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __pool_destroy() function in drivers/md/dm-thin.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper Initialization
EUVDB-ID: #VU117605
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50564
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the netiucv_close() function in drivers/s390/net/netiucv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper locking
EUVDB-ID: #VU117596
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50571
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bitmap_clear_bits(), __load_free_space_cache(), load_free_space_cache() and __btrfs_return_cluster_to_free_space() functions in fs/btrfs/free-space-cache.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU117582
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50581
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfs_write_inode() function in fs/hfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Reachable assertion
EUVDB-ID: #VU115507
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53183
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the prepare_to_merge() and merge_reloc_roots() functions in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Input validation error
EUVDB-ID: #VU115653
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53185
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the htc_process_conn_rsp() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Infinite loop
EUVDB-ID: #VU115551
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53188
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the do_output() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Memory leak
EUVDB-ID: #VU115340
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53191
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the alpine_msix_init_domains() function in drivers/irqchip/irq-alpine-msi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper locking
EUVDB-ID: #VU115471
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53204
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the unix_inflight(), unix_notinflight() and too_many_unix_fds() functions in net/unix/scm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Buffer overflow
EUVDB-ID: #VU115593
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53271
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ubi_resize_volume() function in drivers/mtd/ubi/vmt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Resource management error
EUVDB-ID: #VU115604
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53282
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the lpfc_wr_object() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Input validation error
EUVDB-ID: #VU115648
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53289
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bdisp_probe() function in drivers/media/platform/st/sti/bdisp/bdisp-v4l2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Input validation error
EUVDB-ID: #VU115649
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53292
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the blk_mq_elv_switch_none() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU115779
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53338
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the run_lwt_bpf() and bpf_lwt_xmit_reroute() functions in net/core/lwt_bpf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper error handling
EUVDB-ID: #VU115811
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53339
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the btrfs_cancel_balance() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use-after-free
EUVDB-ID: #VU115898
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53373
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seqiv_aead_encrypt_complete2() function in crypto/seqiv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Improper error handling
EUVDB-ID: #VU115937
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53433
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the packet_parse_headers() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Input validation error
EUVDB-ID: #VU116379
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53476
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the c4iw_fill_res_cm_id_entry() function in drivers/infiniband/hw/cxgb4/restrack.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Input validation error
EUVDB-ID: #VU116372
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53477
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rt6_nlmsg_size() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Incorrect calculation
EUVDB-ID: #VU116284
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53484
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the free_irq_cpu_rmap(), irq_cpu_rmap_release() and irq_cpu_rmap_add() functions in lib/cpu_rmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Race condition
EUVDB-ID: #VU116263
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53517
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tipc_link_proto_rcv() function in net/tipc/link.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Input validation error
EUVDB-ID: #VU116362
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53519
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/media/v4l2-mem2mem.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Memory leak
EUVDB-ID: #VU116494
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53533
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rpi_ts_probe() function in drivers/input/touchscreen/raspberrypi-ts.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Input validation error
EUVDB-ID: #VU116598
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53540
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cfg80211_mlme_auth() and cfg80211_mlme_assoc() functions in net/wireless/mlme.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Resource management error
EUVDB-ID: #VU116591
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53548
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Use-after-free
EUVDB-ID: #VU116513
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53556
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iavf_alloc_q_vectors() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use-after-free
EUVDB-ID: #VU116512
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53559
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vti_tunnel_xmit() function in net/ipv4/ip_vti.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Reachable assertion
EUVDB-ID: #VU116570
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53564
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __ocfs2_move_extent() function in fs/ocfs2/move_extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Memory leak
EUVDB-ID: #VU116490
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53568
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zcdn_create() function in drivers/s390/crypto/zcrypt_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Out-of-bounds read
EUVDB-ID: #VU116524
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53582
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the brcmf_c_preinit_dcmds() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU116508
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53587
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rb_free_cpu_buffer() and ring_buffer_free() functions in kernel/trace/ring_buffer.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Input validation error
EUVDB-ID: #VU116565
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53589
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iwl_mvm_update_mcc() function in drivers/net/wireless/intel/iwlwifi/mvm/nvm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Memory leak
EUVDB-ID: #VU116485
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53593
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cifs_readpage_worker() function in fs/cifs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Memory leak
EUVDB-ID: #VU116484
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53594
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the device_add() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Memory leak
EUVDB-ID: #VU116483
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53596
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the device_del() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) NULL pointer dereference
EUVDB-ID: #VU116532
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53603
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_issue_sa_replace_iocb() function in drivers/scsi/qla2xxx/qla_edif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Memory leak
EUVDB-ID: #VU116480
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53604
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dm_integrity_init() function in drivers/md/dm-integrity.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Memory leak
EUVDB-ID: #VU116476
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53611
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the try_smi_init() function in drivers/char/ipmi/ipmi_si_intf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Improper locking
EUVDB-ID: #VU116550
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qlt_free_session_done() and qlt_unreg_sess() functions in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Use-after-free
EUVDB-ID: #VU116754
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53619
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_conntrack_helper_register() and nf_conntrack_helper_fini() functions in net/netfilter/nf_conntrack_helper.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Improper locking
EUVDB-ID: #VU116803
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53620
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the status_resync() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Improper locking
EUVDB-ID: #VU116802
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53622
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gfs2_show_options() function in fs/gfs2/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Improper locking
EUVDB-ID: #VU116800
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53624
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the function in tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq.json. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Resource management error
EUVDB-ID: #VU116826
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53635
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ctnetlink_dump_status() and ctnetlink_create_conntrack() functions in net/netfilter/nf_conntrack_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Improper locking
EUVDB-ID: #VU116798
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53644
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usb_shark_probe() function in drivers/media/radio/radio-shark2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) NULL pointer dereference
EUVDB-ID: #VU116780
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53647
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vmbus_acpi_add() function in drivers/hv/vmbus_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) NULL pointer dereference
EUVDB-ID: #VU116779
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53648
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_ac97_mixer() function in sound/pci/ac97/ac97_codec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Memory leak
EUVDB-ID: #VU116696
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53650
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mipid_spi_probe() function in drivers/video/fbdev/omap/lcd_mipid.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Improper locking
EUVDB-ID: #VU116797
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53667
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cdc_ncm_check_tx_max() and cdc_ncm_fill_tx_frame() functions in drivers/net/usb/cdc_ncm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Improper locking
EUVDB-ID: #VU116796
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53668
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ring_buffer_size() function in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Resource management error
EUVDB-ID: #VU116825
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53672
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the lookup_inline_extent_backref() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Out-of-bounds read
EUVDB-ID: #VU116763
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53675
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ses_enclosure_data_process() function in drivers/scsi/ses.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) NULL pointer dereference
EUVDB-ID: #VU116772
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53681
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __bch_btree_node_alloc() function in drivers/md/bcache/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Improper error handling
EUVDB-ID: #VU116814
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53683
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the hfsplus_cat_read_inode() and hfsplus_cat_write_inode() functions in fs/hfsplus/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Memory leak
EUVDB-ID: #VU116687
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53687
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the s3c24xx_serial_getclk() function in drivers/tty/serial/samsung.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Input validation error
EUVDB-ID: #VU117617
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53695
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __udf_iget() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Memory leak
EUVDB-ID: #VU117553
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53696
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qla2x00_probe_one() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Out-of-bounds read
EUVDB-ID: #VU117580
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53705
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipv6_find_tlv() function in net/ipv6/exthdrs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Use of uninitialized resource
EUVDB-ID: #VU117599
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53707
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the amdgpu_cs_pass1() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Memory leak
EUVDB-ID: #VU117548
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53715
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the brcmf_map_fw_linkdown_reason() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Out-of-bounds read
EUVDB-ID: #VU117578
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53717
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Out-of-bounds read
EUVDB-ID: #VU117579
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53722
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the raid1_remove_disk() function in drivers/md/raid1.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Input validation error
EUVDB-ID: #VU117661
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53733
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the u32_set_parms() and u32_change() functions in net/sched/cls_u32.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Out-of-bounds read
EUVDB-ID: #VU117795
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-7324
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ses_match_host(), ses_process_descriptor() and ses_enclosure_data_process() functions in drivers/scsi/ses.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Use-after-free
EUVDB-ID: #VU102025
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56633
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sock_put() function in net/ipv4/tcp_bpf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Improper locking
EUVDB-ID: #VU114155
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38539
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __register_event() and __trace_add_event_dirs() functions in kernel/trace/trace_events.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Out-of-bounds read
EUVDB-ID: #VU114816
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38680
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Use-after-free
EUVDB-ID: #VU114803
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38691
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext_tree_encode_commit(), ext_tree_prepare_commit() and dprintk() functions in fs/nfs/blocklayout/extent_tree.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) NULL pointer dereference
EUVDB-ID: #VU114827
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38695
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_sli4_vport_delete_fcp_xri_aborted() function in drivers/scsi/lpfc/lpfc_scsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Use-after-free
EUVDB-ID: #VU114802
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38699
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfad_im_probe() function in drivers/scsi/bfa/bfad_im.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) NULL pointer dereference
EUVDB-ID: #VU114823
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38700
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsi_conn_setup() function in drivers/scsi/libiscsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Out-of-bounds read
EUVDB-ID: #VU114811
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38714
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the is_bnode_offset_valid(), hfs_bnode_write(), hfs_bnode_clear(), hfs_bnode_copy() and hfs_bnode_move() functions in fs/hfsplus/bnode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Improper locking
EUVDB-ID: #VU114833
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38718
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sctp_rcv() function in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Use-after-free
EUVDB-ID: #VU114799
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38724
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfsd4_setclientid_confirm() function in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) NULL pointer dereference
EUVDB-ID: #VU114933
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39676
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla4xxx_get_ep_fwdb() function in drivers/scsi/qla4xxx/ql4_os.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Resource management error
EUVDB-ID: #VU114962
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39702
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the seg6_hmac_validate_skb() function in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Improper error handling
EUVDB-ID: #VU114949
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39724
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the serial8250_do_startup() function in drivers/tty/serial/8250/8250_port.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Resource management error
EUVDB-ID: #VU115586
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39756
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the alloc_fdtable() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) NULL pointer dereference
EUVDB-ID: #VU115460
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hibmc_load() function in drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Input validation error
EUVDB-ID: #VU115643
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39812
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sctp_v6_from_sk() function in net/sctp/ipv6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Resource management error
EUVDB-ID: #VU115599
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39813
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ftrace_dump() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Use-after-free
EUVDB-ID: #VU115979
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39841
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_nvmet_defer_rcv() function in drivers/scsi/lpfc/lpfc_nvmet.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Use-after-free
EUVDB-ID: #VU115974
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39866
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mark_inode_dirty() function in fs/fs-writeback.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) NULL pointer dereference
EUVDB-ID: #VU116045
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39876
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fec_enet_phy_reset_after_clk_enable() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Resource management error
EUVDB-ID: #VU116248
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39911
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_vsi_request_irq_msix() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Improper error handling
EUVDB-ID: #VU116244
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39923
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bam_dma_probe() function in drivers/dma/qcom/bam_dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Memory leak
EUVDB-ID: #VU116455
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39929
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smbd_negotiate() function in fs/smb/client/smbdirect.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Infinite loop
EUVDB-ID: #VU116473
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39931
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the af_alg_sendmsg() function in crypto/af_alg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Use-after-free
EUVDB-ID: #VU116459
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39945
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cnic_cm_stop_bnx2x_hw() function in drivers/net/ethernet/broadcom/cnic.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Improper error handling
EUVDB-ID: #VU116469
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39949
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qed_protection_override_dump() function in drivers/net/ethernet/qlogic/qed/qed_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Resource management error
EUVDB-ID: #VU116879
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39955
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_disconnect() function in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Buffer overflow
EUVDB-ID: #VU117288
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39968
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the i40e_vc_del_cloud_filter() and i40e_vc_add_cloud_filter() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Out-of-bounds read
EUVDB-ID: #VU117267
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39970
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the i40e_validate_cloud_filter() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Input validation error
EUVDB-ID: #VU117276
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39971
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_vc_config_queues_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Input validation error
EUVDB-ID: #VU117277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39972
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_validate_queue_map() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Input validation error
EUVDB-ID: #VU117274
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39973
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_config_vsi_tx_queue() and i40e_config_vsi_rx_queue() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Use-after-free
EUVDB-ID: #VU117254
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39997
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_usbmidi_free() function in sound/usb/midi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Use-after-free
EUVDB-ID: #VU117654
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40018
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ip_vs_ftp_exit() and ip_vs_ftp_init() functions in net/netfilter/ipvs/ip_vs_ftp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Use-after-free
EUVDB-ID: #VU117723
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40044
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the udf_current_aext() function in fs/udf/inode.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Use of uninitialized resource
EUVDB-ID: #VU117753
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40049
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the fs/squashfs/squashfs_fs_i.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Resource management error
EUVDB-ID: #VU117761
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40078
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sock_addr_is_valid_access() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Out-of-bounds read
EUVDB-ID: #VU117726
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40082
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Out-of-bounds read
EUVDB-ID: #VU117848
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40088
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hfsplus_strcasecmp() and hfsplus_strcmp() functions in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-kgraft-devel: before 4.12.14-122.280.1
kernel-default-kgraft: before 4.12.14-122.280.1
kgraft-patch-4_12_14-122_280-default: before 1-8.5.1
kernel-default-devel-debuginfo: before 4.12.14-122.280.1
kernel-default-man: before 4.12.14-122.280.1
kernel-macros: before 4.12.14-122.280.1
kernel-devel: before 4.12.14-122.280.1
kernel-source: before 4.12.14-122.280.1
kernel-default: before 4.12.14-122.280.1
kernel-default-base-debuginfo: before 4.12.14-122.280.1
kernel-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-devel: before 4.12.14-122.280.1
cluster-md-kmp-default: before 4.12.14-122.280.1
dlm-kmp-default: before 4.12.14-122.280.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.280.1
dlm-kmp-default-debuginfo: before 4.12.14-122.280.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
kernel-default-debugsource: before 4.12.14-122.280.1
gfs2-kmp-default: before 4.12.14-122.280.1
kernel-default-base: before 4.12.14-122.280.1
kernel-syms: before 4.12.14-122.280.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.280.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kgraft-patch-4_12_14-122_280-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
