Bug 1124055 (CVE-2019-7308)

Summary: VUL-0: CVE-2019-7308: kernel-source: BPF spectre v1 mitigation bypass
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: jcheung, meissner, smash_bz, tiwai
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/224076/
Whiteboard: CVSSv3:SUSE:CVE-2019-7308:5.6:(AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2019-02-02 09:09:25 UTC 
CVE-2019-7308

via oss-sec

I discovered a bypass for the spectre v1 hardening in the eBPF engine
of the Linux kernel (which is exposed to unprivileged userspace since
kernel 4.4).

This is CVE-2019-7308. The issue has been fixed in 4.19.19 and 4.20.6
stable so far.

The main fix is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38
, but it depends both on its parent commits and one ancestor that
fixes a new issue introduced by it.

Full bug report is at
<https://bugs.chromium.org/p/project-zero/issues/detail?id=1711>.
Comment 1 Takashi Iwai 2019-02-08 14:06:28 UTC 
Gary, could you care this?
Comment 2 Gary Ching-Pang Lin 2019-02-12 08:13:51 UTC 
I've backported the patch series to SLE15 since it was in Joerg's kernel fix list. The backporting for 4.4 is not trivial, so it may take a while to figure out a proper fix.
Comment 3 Gary Ching-Pang Lin 2019-02-22 07:56:17 UTC 
It seems that kernel 4.4 is not affected.

The vulnerability is to exploit the out-of-bound speculation on the pointer arithmetic. Since the merge of the map entry access patch[*], the boundary check was introduced and the verifier relaxed the check on pointer arithmetic as long as it's bounded properly. However, the verifier in 4.4 doesn't include the patch. Once the 4.4 verifier detects pointer arithmetic, it rejects the program right the way. I'll take a closer look into the verifier to make sure that we don't need the patch in SLE12-SP3.

[*] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/bpf?id=484611357c19f9e19ef742ebef4505a07d243cc9
Comment 4 Gary Ching-Pang Lin 2019-03-11 06:30:17 UTC 
After double-checked the verifier in SLE12-SP3, I believe it's not affected by the out-of-bound speculation.
Comment 6 Swamp Workflow Management 2019-03-13 14:24:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1124055) was mentioned in
https://build.opensuse.org/request/show/684697 15.0 / kernel-source
Comment 7 Swamp Workflow Management 2019-03-15 09:58:09 UTC 
This is an autogenerated message for OBS integration:
This bug (1124055) was mentioned in
https://build.opensuse.org/request/show/685279 15.0 / kernel-source
Comment 15 Swamp Workflow Management 2019-03-26 13:35:51 UTC 
This is an autogenerated message for OBS integration:
This bug (1124055) was mentioned in
https://build.opensuse.org/request/show/688712 15.0 / kernel-source
Comment 16 Swamp Workflow Management 2019-03-26 20:29:05 UTC 
SUSE-SU-2019:0765-1: An update that solves 13 vulnerabilities and has 215 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1068032,1070995,1071995,1074562,1074578,1074701,1075006,1075419,1075748,1078355,1080039,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087084,1087092,1087939,1088133,1094555,1098382,1098425,1098995,1102055,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113769,1113939,1114279,1114585,1114893,1117108,1117155,1117645,1117947,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122159,1122192,1122292,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,807502,824948,828192,925178
CVE References: CVE-2017-5753,CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.13.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.13.1, kernel-obs-build-4.12.14-95.13.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.13.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2019-03-27 09:40:48 UTC 
SUSE-SU-2019:0765-1: An update that solves 13 vulnerabilities and has 215 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1068032,1070995,1071995,1074562,1074578,1074701,1075006,1075419,1075748,1078355,1080039,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087084,1087092,1087939,1088133,1094555,1098382,1098425,1098995,1102055,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113769,1113939,1114279,1114585,1114893,1117108,1117155,1117645,1117947,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122159,1122192,1122292,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,807502,824948,828192,925178
CVE References: CVE-2017-5753,CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.13.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.13.1, kernel-obs-build-4.12.14-95.13.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_3-1-6.7.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.13.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2019-03-27 18:59:21 UTC 
SUSE-SU-2019:0767-1: An update that solves 12 vulnerabilities and has 205 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087092,1088133,1094555,1098382,1098425,1098995,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113939,1114279,1114585,1114893,1117108,1117155,1117645,1117947,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122159,1122192,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126284,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127081,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127577,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128378,1128451,1128895,1129016,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,807502,828192
CVE References: CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-azure-4.12.14-6.9.1, kernel-source-azure-4.12.14-6.9.1, kernel-syms-azure-4.12.14-6.9.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2019-03-28 12:48:38 UTC 
SUSE-SU-2019:0784-1: An update that solves 12 vulnerabilities and has 197 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087092,1088133,1094555,1098382,1098425,1098995,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113939,1114279,1114585,1117108,1117155,1117645,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122192,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,824948
CVE References: CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.14.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.14.2, kernel-docs-4.12.14-150.14.1, kernel-obs-qa-4.12.14-150.14.2
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.14.2, kernel-livepatch-SLE15_Update_9-1-1.9.3
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.14.2
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.14.1, kernel-obs-build-4.12.14-150.14.2, kernel-source-4.12.14-150.14.1, kernel-syms-4.12.14-150.14.1, kernel-vanilla-4.12.14-150.14.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.14.2, kernel-source-4.12.14-150.14.1, kernel-zfcpdump-4.12.14-150.14.2
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.14.2

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 20 Swamp Workflow Management 2019-03-28 12:52:28 UTC 
SUSE-SU-2019:0784-1: An update that solves 12 vulnerabilities and has 197 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087092,1088133,1094555,1098382,1098425,1098995,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113939,1114279,1114585,1117108,1117155,1117645,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122192,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,824948
CVE References: CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.14.2, kernel-livepatch-SLE15_Update_9-1-1.9.3

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2019-03-28 12:54:04 UTC 
SUSE-SU-2019:0767-1: An update that solves 12 vulnerabilities and has 205 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087092,1088133,1094555,1098382,1098425,1098995,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113939,1114279,1114585,1114893,1117108,1117155,1117645,1117947,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122159,1122192,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126284,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127081,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127577,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128378,1128451,1128895,1129016,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,807502,828192
CVE References: CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-azure-4.12.14-6.9.1, kernel-source-azure-4.12.14-6.9.1, kernel-syms-azure-4.12.14-6.9.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2019-03-28 14:27:13 UTC 
SUSE-SU-2019:0785-1: An update that solves 12 vulnerabilities and has 198 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087092,1088133,1094555,1098382,1098425,1098995,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113939,1114279,1114585,1117108,1117155,1117645,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122192,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127578,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,824948
CVE References: CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.24.1, kernel-source-azure-4.12.14-5.24.1, kernel-syms-azure-4.12.14-5.24.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2019-04-03 10:09:32 UTC 
This is an autogenerated message for OBS integration:
This bug (1124055) was mentioned in
https://build.opensuse.org/request/show/690934 15.0 / kernel-source
Comment 24 Swamp Workflow Management 2019-04-12 10:24:08 UTC 
openSUSE-SU-2019:1193-1: An update that solves 6 vulnerabilities and has 171 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050549,1051510,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1086095,1086282,1088133,1094244,1094555,1098995,1100132,1103429,1106811,1107078,1107665,1108101,1110096,1113042,1113399,1113722,1113939,1114279,1114585,1117108,1117645,1119019,1119086,1119843,1120008,1120601,1120854,1120902,1120909,1121317,1121789,1121805,1122192,1122764,1122822,1122982,1123060,1123061,1123105,1123161,1123456,1123882,1124055,1124235,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1125125,1125252,1125315,1125342,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126356,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126740,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127378,1127445,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129276,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129770,1129923,1130130,1130154,1130335,1130336,1130337,1130338,1130425,1130427,1130518,1131062,824948
CVE References: CVE-2019-2024,CVE-2019-3819,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.58.1, kernel-default-4.12.14-lp150.12.58.1, kernel-docs-4.12.14-lp150.12.58.1, kernel-kvmsmall-4.12.14-lp150.12.58.1, kernel-obs-build-4.12.14-lp150.12.58.1, kernel-obs-qa-4.12.14-lp150.12.58.1, kernel-source-4.12.14-lp150.12.58.1, kernel-syms-4.12.14-lp150.12.58.1, kernel-vanilla-4.12.14-lp150.12.58.1
Comment 32 Marcus Meissner 2019-07-15 05:49:29 UTC 
done