Bug 1179660 (CVE-2020-29368)

Summary:	VUL-0: CVE-2020-29368: kernel-source: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Robert Frohl <rfrohl>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	jack, meissner, mhocko, nstange, smash_bz, tiwai, vbabka
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/272433/
See Also:	https://bugzilla.suse.com/show_bug.cgi?id=1179428
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-29368:7.0:(AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Bug Depends on:
Bug Blocks:	1179664

Description Robert Frohl 2020-12-07 10:23:18 UTC

rh#1903244

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check.

Reference:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2045

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1903244
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29368
https://bugs.chromium.org/p/project-zero/issues/detail?id=2045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040

Comment 1 Robert Frohl 2020-12-07 10:31:20 UTC

tracking as affected:

- SUSE:SLE-12-SP4:Update/kernel-source
- SUSE:SLE-12-SP5:Update/kernel-source
- SUSE:SLE-15:Update/kernel-source
- SUSE:SLE-15-SP1:Update/kernel-source
- SUSE:SLE-15-SP2:Update/kernel-source
- SUSE:SLE-15-SP3:Update/kernel-source

Comment 2 Michal Hocko 2020-12-07 11:34:45 UTC

OK, so this seems to be the THP specific part of the original report in bug 1179428.

Comment 4 Vlastimil Babka 2021-02-15 18:22:09 UTC

Pushed the fix to SLE15-SP2, along with followup 1c2f67308af4 ("mm: thp: fix MADV_REMOVE deadlock on shmem THP")

(In reply to Nicolai Stange from comment #3)
> Just a heads-up: upstream commit c444eb564fb1 ("mm: thp: make the THP
> mapcount atomic against __split_huge_pmd_locked()") alone won't fix this for
> cve/linux-4.12: I turned that one into a livepatch and the POC from
> bug1179428 still succeeds.

Thanks for checking. I confirm this in my own testing.
 
> I think that we also need that page lock acquisition in
> do_huge_pmd_wp_page(), introduced with upstream commit ba3c4ce6def4 ("mm,
> THP, swap: make reuse_swap_page() works for THP swapped out").

That commit is part of larger series "mm, THP, swap: Delay splitting THP after swapped out" which we wouldn't want to risk backporting as a whole. I'll see if it's possible to just take the page locking part. I will also bring this upstream as upstream stable 4.9 LTS has the same issue.

Comment 6 Vlastimil Babka 2021-02-26 18:24:31 UTC

(In reply to Vlastimil Babka from comment #4)
> That commit is part of larger series "mm, THP, swap: Delay splitting THP
> after swapped out" which we wouldn't want to risk backporting as a whole.
> I'll see if it's possible to just take the page locking part. I will also
> bring this upstream as upstream stable 4.9 LTS has the same issue.

So I took just the page locking part and the PoC no longer reproduces. The result is in the branch users/vbabka/cve/linux-4.12/1179660 and I would appreciate review from Michal/Jack/Nicolai. Also posted a stable 4.9 patch upstream, so hopefully I'll get some feedback from there as well:

https://lore.kernel.org/linux-mm/20210226162200.20548-1-vbabka@suse.cz/

Comment 7 Nicolai Stange 2021-02-27 18:10:27 UTC

(In reply to Vlastimil Babka from comment #6)

> So I took just the page locking part and the PoC no longer reproduces. The
> result is in the branch users/vbabka/cve/linux-4.12/1179660 and I would
> appreciate review from Michal/Jack/Nicolai.

Looks good to me

Comment 8 Vlastimil Babka 2021-03-01 12:09:49 UTC

Thanks, pushed for-next.
Upstream 4.9 stable patch was picked too.

Comment 12 OBSbugzilla Bot 2021-03-03 01:42:23 UTC

This is an autogenerated message for OBS integration:
This bug (1179660) was mentioned in
https://build.opensuse.org/request/show/876318 15.2 / kernel-source

Comment 15 Alexandros Toptsoglou 2021-03-03 11:59:06 UTC

*** Bug 1179428 has been marked as a duplicate of this bug. ***

Comment 22 Swamp Workflow Management 2021-03-08 11:23:25 UTC

openSUSE-SU-2021:0393-1: An update that solves 9 vulnerabilities and has 115 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1178995,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180964,1180989,1181133,1181259,1181544,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182697,1182770,1182798,1182800,1182801,1182854,1182856
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.66.2, kernel-default-5.3.18-lp152.66.2, kernel-default-base-5.3.18-lp152.66.2.lp152.8.23.2, kernel-docs-5.3.18-lp152.66.2, kernel-kvmsmall-5.3.18-lp152.66.2, kernel-obs-build-5.3.18-lp152.66.2, kernel-obs-qa-5.3.18-lp152.66.2, kernel-preempt-5.3.18-lp152.66.2, kernel-source-5.3.18-lp152.66.2, kernel-syms-5.3.18-lp152.66.2

Comment 23 Swamp Workflow Management 2021-03-09 20:22:24 UTC

SUSE-SU-2021:0738-1: An update that solves 9 vulnerabilities and has 114 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1178995,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180964,1180989,1181133,1181259,1181544,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182770,1182798,1182800,1182801,1182854,1182856
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.38.1, kernel-source-azure-5.3.18-18.38.1, kernel-syms-azure-5.3.18-18.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2021-03-09 20:51:14 UTC

SUSE-SU-2021:0735-1: An update that solves 9 vulnerabilities and has 112 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180989,1181133,1181259,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182770,1182798,1182800,1182801,1182854,1182856,1183022
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-28.1, kernel-rt_debug-5.3.18-28.1, kernel-source-rt-5.3.18-28.1, kernel-syms-rt-5.3.18-28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2021-03-09 21:08:06 UTC

SUSE-SU-2021:0741-1: An update that solves 9 vulnerabilities and has 117 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1178995,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180964,1180989,1181133,1181259,1181544,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182110,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182341,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182507,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182770,1182798,1182800,1182801,1182854,1182856
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.52.1, kernel-default-base-5.3.18-24.52.1.9.24.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.52.1, kernel-preempt-5.3.18-24.52.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.52.1, kernel-livepatch-SLE15-SP2_Update_11-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.52.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.52.1, kernel-obs-build-5.3.18-24.52.1, kernel-preempt-5.3.18-24.52.1, kernel-source-5.3.18-24.52.1, kernel-syms-5.3.18-24.52.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.52.1, kernel-default-base-5.3.18-24.52.1.9.24.1, kernel-preempt-5.3.18-24.52.1, kernel-source-5.3.18-24.52.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2021-03-09 21:22:21 UTC

SUSE-SU-2021:0736-1: An update that solves 5 vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 1065600,1163592,1176831,1178401,1178762,1179014,1179015,1179045,1179082,1179428,1179660,1180058,1180906,1181441,1181747,1181753,1181843,1182140,1182175
CVE References: CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.71.1, kernel-source-4.12.14-95.71.1, kernel-syms-4.12.14-95.71.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.71.1, kernel-source-4.12.14-95.71.1, kernel-syms-4.12.14-95.71.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.71.1, kernel-source-4.12.14-95.71.1, kernel-syms-4.12.14-95.71.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.71.1, kernel-source-4.12.14-95.71.1, kernel-syms-4.12.14-95.71.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.71.1, kgraft-patch-SLE12-SP4_Update_19-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.71.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2021-03-09 21:26:18 UTC

SUSE-SU-2021:0737-1: An update that solves 5 vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 1065600,1163617,1170442,1176855,1179082,1179428,1179660,1180058,1180262,1180964,1181671,1181747,1181753,1181843,1181854,1182047,1182130,1182140,1182175
CVE References: CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-default-4.12.14-197.86.1, kernel-docs-4.12.14-197.86.1, kernel-obs-build-4.12.14-197.86.1, kernel-source-4.12.14-197.86.1, kernel-syms-4.12.14-197.86.1, kernel-zfcpdump-4.12.14-197.86.1
SUSE Manager Retail Branch Server 4.0 (src):    kernel-default-4.12.14-197.86.1, kernel-docs-4.12.14-197.86.1, kernel-obs-build-4.12.14-197.86.1, kernel-source-4.12.14-197.86.1, kernel-syms-4.12.14-197.86.1
SUSE Manager Proxy 4.0 (src):    kernel-default-4.12.14-197.86.1, kernel-docs-4.12.14-197.86.1, kernel-obs-build-4.12.14-197.86.1, kernel-source-4.12.14-197.86.1, kernel-syms-4.12.14-197.86.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.86.1, kernel-docs-4.12.14-197.86.1, kernel-obs-build-4.12.14-197.86.1, kernel-source-4.12.14-197.86.1, kernel-syms-4.12.14-197.86.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.86.1, kernel-docs-4.12.14-197.86.1, kernel-obs-build-4.12.14-197.86.1, kernel-source-4.12.14-197.86.1, kernel-syms-4.12.14-197.86.1, kernel-zfcpdump-4.12.14-197.86.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.86.1, kernel-docs-4.12.14-197.86.1, kernel-obs-build-4.12.14-197.86.1, kernel-source-4.12.14-197.86.1, kernel-syms-4.12.14-197.86.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.86.1, kernel-livepatch-SLE15-SP1_Update_23-1-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.86.1, kernel-docs-4.12.14-197.86.1, kernel-obs-build-4.12.14-197.86.1, kernel-source-4.12.14-197.86.1, kernel-syms-4.12.14-197.86.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.86.1, kernel-docs-4.12.14-197.86.1, kernel-obs-build-4.12.14-197.86.1, kernel-source-4.12.14-197.86.1, kernel-syms-4.12.14-197.86.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.86.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.86.1, kernel-docs-4.12.14-197.86.1, kernel-obs-build-4.12.14-197.86.1, kernel-source-4.12.14-197.86.1, kernel-syms-4.12.14-197.86.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.86.1, kernel-docs-4.12.14-197.86.1, kernel-obs-build-4.12.14-197.86.1, kernel-source-4.12.14-197.86.1, kernel-syms-4.12.14-197.86.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2021-03-09 21:32:20 UTC

SUSE-SU-2021:0740-1: An update that solves 5 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1065600,1163592,1178401,1178762,1179014,1179015,1179045,1179082,1179428,1179660,1180058,1181747,1181753,1181843,1182140,1182175
CVE References: CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.69.1, kernel-docs-4.12.14-150.69.1, kernel-obs-build-4.12.14-150.69.1, kernel-source-4.12.14-150.69.1, kernel-syms-4.12.14-150.69.1, kernel-vanilla-4.12.14-150.69.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.69.1, kernel-docs-4.12.14-150.69.1, kernel-obs-build-4.12.14-150.69.1, kernel-source-4.12.14-150.69.1, kernel-syms-4.12.14-150.69.1, kernel-vanilla-4.12.14-150.69.1, kernel-zfcpdump-4.12.14-150.69.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.69.1, kernel-livepatch-SLE15_Update_23-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.69.1, kernel-docs-4.12.14-150.69.1, kernel-obs-build-4.12.14-150.69.1, kernel-source-4.12.14-150.69.1, kernel-syms-4.12.14-150.69.1, kernel-vanilla-4.12.14-150.69.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.69.1, kernel-docs-4.12.14-150.69.1, kernel-obs-build-4.12.14-150.69.1, kernel-source-4.12.14-150.69.1, kernel-syms-4.12.14-150.69.1, kernel-vanilla-4.12.14-150.69.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.69.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Vlastimil Babka 2021-03-18 00:30:02 UTC

All done, reassigning to security@

Comment 34 Swamp Workflow Management 2021-04-13 19:29:56 UTC

SUSE-SU-2021:1175-1: An update that solves 24 vulnerabilities and has 51 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1103990,1103991,1103992,1104270,1104353,1109837,1111981,1112374,1113994,1118657,1118661,1119113,1126390,1129770,1132477,1142635,1152446,1154048,1169709,1172455,1173485,1175165,1176720,1176855,1178163,1179243,1179428,1179454,1179660,1179755,1180846,1181507,1181515,1181544,1181655,1181674,1181747,1181753,1181843,1182011,1182175,1182485,1182574,1182715,1182716,1182717,1183018,1183022,1183023,1183378,1183379,1183380,1183381,1183382,1183416,1183509,1183593,1183646,1183662,1183686,1183692,1183696,1183775,1183861,1183871,1184114,1184167,1184168,1184170,1184192,1184193,1184196,1184198
CVE References: CVE-2020-0433,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-29368,CVE-2020-29374,CVE-2020-35519,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-3428,CVE-2021-3444
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.50.1, kernel-source-azure-4.12.14-16.50.1, kernel-syms-azure-4.12.14-16.50.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 35 Swamp Workflow Management 2021-04-13 19:38:44 UTC

SUSE-SU-2021:1176-1: An update that solves 25 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1103990,1103991,1103992,1104270,1104353,1109837,1111981,1112374,1113994,1118657,1118661,1119113,1126390,1129770,1132477,1142635,1152446,1154048,1169709,1172455,1173485,1175165,1176720,1176855,1177411,1178163,1179243,1179428,1179454,1179660,1179755,1180846,1181515,1181544,1181655,1181674,1181747,1181753,1181843,1182011,1182175,1182485,1182574,1182715,1182716,1182717,1183018,1183022,1183023,1183378,1183379,1183380,1183381,1183382,1183416,1183509,1183593,1183646,1183686,1183692,1183696,1183775,1183861,1183871,1184114,1184167,1184168,1184170,1184192,1184193,1184196,1184198
CVE References: CVE-2020-0433,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-29368,CVE-2020-29374,CVE-2020-35519,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-3428,CVE-2021-3444
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.37.1, kernel-rt_debug-4.12.14-10.37.1, kernel-source-rt-4.12.14-10.37.1, kernel-syms-rt-4.12.14-10.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 37 Swamp Workflow Management 2021-04-15 16:35:05 UTC

SUSE-SU-2021:1210-1: An update that solves 33 vulnerabilities and has 53 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1103990,1103991,1103992,1104270,1104353,1109837,1111981,1112374,1113295,1113994,1118657,1118661,1119113,1126390,1129770,1132477,1142635,1152446,1154048,1169709,1172455,1173485,1175165,1176720,1176855,1178163,1178181,1179243,1179428,1179454,1179660,1179755,1180846,1181507,1181515,1181544,1181655,1181674,1181747,1181753,1181843,1182011,1182175,1182485,1182574,1182715,1182716,1182717,1183018,1183022,1183023,1183378,1183379,1183380,1183381,1183382,1183405,1183416,1183509,1183593,1183646,1183662,1183686,1183692,1183696,1183755,1183775,1183861,1183871,1184114,1184120,1184167,1184168,1184170,1184192,1184193,1184196,1184198,1184391,1184393,1184397,1184494,1184511,1184583
CVE References: CVE-2020-0433,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-29368,CVE-2020-29374,CVE-2020-35519,CVE-2020-36311,CVE-2021-20219,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.66.2
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.66.2, kernel-obs-build-4.12.14-122.66.2
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.66.2, kernel-source-4.12.14-122.66.2, kernel-syms-4.12.14-122.66.2
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.66.2, kgraft-patch-SLE12-SP5_Update_17-1-8.3.2
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.66.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 40 Marcus Meissner 2021-09-17 09:46:29 UTC

released