SB2024122066 - SUSE update for the Linux Kernel
Published: December 20, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2024-49995)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
2) Integer underflow (CVE-ID: CVE-2024-50290)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.
3) Resource management error (CVE-ID: CVE-2024-53063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.