Skip to main content

SUSE Linux Kernel Multiple Vulnerabilities

Last Update Date: 6 Feb 2025 Release Date: 13 Jan 2025 3512 Views

RISK: Medium Risk

TYPE: Operating Systems - Linux

TYPE: Linux

Multiple vulnerabilities were identified in SUSE Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

 

Note:

CVE-2017-1000253 is being exploited in the wild. An unprivileged local user with access to SUID PIE binary (or otherwise privileged) could use this exploit to escalate their privileges on the system.

 

CVE-2024-53104 is being exploited in the wild. Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege. Since the exploitation requires physical connection to malicious hardware, the risk level remains Medium. 

 

[Updated on 2025-01-16]

Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links

 

[Updated on 2025-01-17]

Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links

 

[Updated on 2025-01-20]

Updated Description, System / Technologies affected, Solutions, Vulnerability Identifier and Related Links

 

[Updated on 2025-01-21]

Updated Solutions, Vulnerability Identifier and Related Links

 

[Updated on 2025-01-23]

Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links

 

[Updated on 2025-01-27]

Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links

 

[Updated on 2025-01-28]

Updated Solutions, Vulnerability Identifier and Related Links

 

[Updated on 2025-02-06]

Updated Description, Source and Related Links


Impact

  • Remote Code Execution
  • Denial of Service
  • Information Disclosure
  • Security Restriction Bypass
  • Elevation of Privilege

System / Technologies affected

  • Basesystem Module 15-SP6
  • Development Tools Module 15-SP6
  • Legacy Module 15-SP6
  • openSUSE Leap 15.3
  • openSUSE Leap 15.4
  • openSUSE Leap 15.5
  • openSUSE Leap 15.6
  • Public Cloud Module 15-SP5
  • Public Cloud Module 15-SP6
  • SUSE Enterprise Storage 7.1
  • SUSE Linux Enterprise Desktop 15 SP6
  • SUSE Linux Enterprise High Availability Extension 12 SP5
  • SUSE Linux Enterprise High Availability Extension 15 SP3
  • SUSE Linux Enterprise High Availability Extension 15 SP4
  • SUSE Linux Enterprise High Availability Extension 15 SP5
  • SUSE Linux Enterprise High Availability Extension 15 SP6
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise High Performance Computing 15 SP3
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP5
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  • SUSE Linux Enterprise Live Patching 12-SP5
  • SUSE Linux Enterprise Live Patching 15-SP3
  • SUSE Linux Enterprise Live Patching 15-SP4
  • SUSE Linux Enterprise Live Patching 15-SP5
  • SUSE Linux Enterprise Live Patching 15-SP6
  • SUSE Linux Enterprise Micro 5.1
  • SUSE Linux Enterprise Micro 5.2
  • SUSE Linux Enterprise Micro 5.3
  • SUSE Linux Enterprise Micro 5.4
  • SUSE Linux Enterprise Micro 5.5
  • SUSE Linux Enterprise Micro for Rancher 5.2
  • SUSE Linux Enterprise Micro for Rancher 5.3
  • SUSE Linux Enterprise Micro for Rancher 5.4
  • SUSE Linux Enterprise Real Time 15 SP4
  • SUSE Linux Enterprise Real Time 15 SP5
  • SUSE Linux Enterprise Real Time 15 SP6
  • SUSE Linux Enterprise Server 11 SP4
  • SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server 12 SP5 LTSS
  • SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
  • SUSE Linux Enterprise Server 15 SP3
  • SUSE Linux Enterprise Server 15 SP3 Business Critical Linux
  • SUSE Linux Enterprise Server 15 SP3 LTSS
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server 15 SP4 LTSS
  • SUSE Linux Enterprise Server 15 SP5
  • SUSE Linux Enterprise Server 15 SP5 LTSS
  • SUSE Linux Enterprise Server 15 SP6
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP6
  • SUSE Linux Enterprise Workstation Extension 15 SP6
  • SUSE Manager Proxy 4.2
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.2
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.2
  • SUSE Manager Server 4.3
  • SUSE Real Time Module 15-SP6

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:


Vulnerability Identifier


Source


Related Link