Bug 1190067 (CVE-2021-3760)

Summary:	VUL-0: CVE-2021-3760: kernel-source: Use-After-Free vulnerability of ndev->rf_conn_info object
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Gianluca Gabrielli <gianluca.gabrielli>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	bpetkov, meissner, security-team, tiwai
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/308869/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-3760:6.4:(AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	Proposed patch

Description Gianluca Gabrielli 2021-09-01 14:09:10 UTC

From linux-distros ML
---

Hello there,

Our team found a UAF vulnerability of ndev->rf_conn_info object in the
kernel NFC stack. The root cause is that ndev->rf_conn_info is forgotten to
set to NULL when the object is released.


=*=*=*=*=*=*=*=*=  BUG DETAILS  =*=*=*=*=*=*=*=*=

We will talk about the ALLOC routine, the FREE routine, and the UAF routine.


>>>>>>>> ALLOC routine <<<<<<<<

With dynamic debugging, I found the object allocation routine is like below

.. -> nci_recv_frame()
      -> nci_rx_work()
         -> nci_rsp_packet()
            -> nci_rf_disc_rsp_packet()
               -> devm_kzalloc()

The function nci_rf_disc_rsp_packet() is like below

static void nci_rf_disc_rsp_packet(struct nci_dev *ndev, struct sk_buff
*skb)
{
    struct nci_conn_info    *conn_info;
    __u8 status = skb->data[0];

    pr_debug("status 0x%x\n", status);

    if (status == NCI_STATUS_OK) {
        atomic_set(&ndev->state, NCI_DISCOVERY);

        conn_info = ndev->rf_conn_info;
        if (!conn_info) {
            conn_info = devm_kzalloc(&ndev->nfc_dev->dev, /* ALLOCATING */
                         sizeof(struct nci_conn_info),
                         GFP_KERNEL);
            if (!conn_info) {
                status = NCI_STATUS_REJECTED;
                goto exit;
            }
            conn_info->conn_id = NCI_STATIC_RF_CONN_ID;
            INIT_LIST_HEAD(&conn_info->list);
            list_add(&conn_info->list, &ndev->conn_info_list);
            ndev->rf_conn_info = conn_info;
        }
    }

exit:
    nci_req_complete(ndev, status);
}

This function will allocate nci_conn_info object if the ndev->rf_conn_info
is NULL. It will also update conn_info->conn_id and add this info data to
ndev->conn_info_list. The ndev->rf_conn_info will be set to this newly
allocated object at last.


>>>>>>>> FREE routine <<<<<<<<

We now know that the conn_info is created when the sent discovery packet is
replied to. How about the deallocation? By reading through the source code,
we will find out the deallocation site is in
nci_core_conn_close_rsp_packet() function.

.. -> nci_recv_frame()
      -> nci_rx_work()
         -> nci_rsp_packet()
            -> nci_core_conn_close_rsp_packet()
               -> devm_kfree()


static void nci_core_conn_close_rsp_packet(struct nci_dev *ndev,
                       struct sk_buff *skb)
{
    struct nci_conn_info *conn_info;
    __u8 status = skb->data[0];

    pr_debug("status 0x%x\n", status);
    if (status == NCI_STATUS_OK) {
        conn_info = nci_get_conn_info_by_conn_id(ndev,
                             ndev->cur_conn_id);
        if (conn_info) {
            list_del(&conn_info->list);
            devm_kfree(&ndev->nfc_dev->dev, conn_info);
        }
    }
    nci_req_complete(ndev, status);
}

This function will call devm_kfree() to release conn_info, which is
obtained in function nci_get_conn_info_by_conn_id() with given conn_id.
(The cur_conn_id can be set in nci_send_data() function,
nci_nfcc_loopback() function and nci_core_conn_close() function).

In another word, the ndev->cur_conn_id is possible be NCI_STATIC_RF_CONN_ID
(0x00). That is, the devm_kfree() is possibly make the ndev->rf_conn_info a
dangling pointer.


>>>>>>>> UAF routine <<<<<<<<

We can find code side that dereference the dangling pointer
ndev->rf_conn_info. For example, the nci_rf_intf_activated_ntf_packet()
function.


static void nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev,
                                             struct sk_buff *skb)
{
/* ... */
exit:
        if (err == NCI_STATUS_OK) {
                conn_info = ndev->rf_conn_info;
                if (!conn_info) // This check is failed
                        return;

                conn_info->max_pkt_payload_len =
ntf.max_data_pkt_payload_size;
                conn_info->initial_num_credits = ntf.initial_num_credits;
/* ... */
}

As we can see, this function will check if the pointer ndev->rf_conn_info
is NULL. However, this check is failed because the ndev->rf_conn_info is
not set to NULL even if the object is released.
(In fact, I didn't find any code like ndev->rf_conn_info = NULL in the
kernel source code).

Hence, the following dereference of max_pkt_payload_len and
initial_num_credits will cause UAF write.


=*=*=*=*=*=*=*=*=  BUG EFFECTS  =*=*=*=*=*=*=*=*=

Below we provide the report from KASan.

[   42.075031]
==================================================================
[   42.075705] BUG: KASAN: use-after-free in nci_ntf_packet+0x279a/0x2fd0
[   42.076322] Write of size 1 at addr ffff888009cad9c2 by task
kworker/u2:1/43
[   42.076976]
[   42.077126] CPU: 0 PID: 43 Comm: kworker/u2:1 Not tainted 5.13.1+ #26
[   42.077732] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[   42.078800] Workqueue: nfc2_nci_rx_wq nci_rx_work
[   42.079244] Call Trace:
[   42.079482]  dump_stack+0x157/0x1ae
[   42.079820]  print_address_description+0x7b/0x3a0
[   42.080265]  __kasan_report+0x14d/0x240
[   42.080628]  ? nci_ntf_packet+0x279a/0x2fd0
[   42.081022]  kasan_report+0x45/0x60
[   42.081353]  nci_ntf_packet+0x279a/0x2fd0
[   42.081738]  ? nfc_send_to_raw_sock+0x237/0x260
[   42.082165]  ? skb_dequeue+0x10f/0x140
[   42.082524]  nci_rx_work+0x140/0x280
[   42.082871]  process_one_work+0x7b1/0x1060
[   42.083264]  worker_thread+0xa56/0x1270
[   42.083627]  ? __schedule+0xc39/0x11d0
[   42.083984]  ? process_one_work+0x1060/0x1060
[   42.084394]  kthread+0x2ee/0x310
[   42.084701]  ? process_one_work+0x1060/0x1060
[   42.085111]  ? kthread_unuse_mm+0x1a0/0x1a0
[   42.085505]  ret_from_fork+0x22/0x30
[   42.085851]
[   42.085999] Allocated by task 0:
[   42.086307] (stack is not available)
[   42.086643]
[   42.086791] Freed by task 7:
[   42.087064]  kasan_set_track+0x3d/0x70
[   42.087419]  kasan_set_free_info+0x1f/0x40
[   42.087804]  ____kasan_slab_free+0x111/0x150
[   42.088204]  kfree+0xf6/0x2d0
[   42.088488]  nci_rsp_packet+0x119f/0x2060
[   42.088865]  nci_rx_work+0x102/0x280
[   42.089203]  process_one_work+0x7b1/0x1060
[   42.089588]  worker_thread+0xa56/0x1270
[   42.089954]  kthread+0x2ee/0x310
[   42.090261]  ret_from_fork+0x22/0x30
[   42.090600]
[   42.090747] The buggy address belongs to the object at ffff888009cad980
[   42.090747]  which belongs to the cache kmalloc-128 of size 128
[   42.091894] The buggy address is located 66 bytes inside of
[   42.091894]  128-byte region [ffff888009cad980, ffff888009cada00)
[   42.092964] The buggy address belongs to the page:
[   42.093411] page:000000005b218ee6 refcount:1 mapcount:0
mapping:0000000000000000 index:0x0 pfn:0x9cac
[   42.094269] head:000000005b218ee6 order:1 compound_mapcount:0
[   42.094803] flags: 0x100000000010200(slab|head|node=0|zone=1)
[   42.095340] raw: 0100000000010200 ffffea00004bf308 ffff888005c40e70
ffff888005c431c0
[   42.096055] raw: 0000000000000000 00000000000c000c 00000001ffffffff
0000000000000000
[   42.096769] page dumped because: kasan: bad access detected
[   42.097285]
[   42.097432] Memory state around the buggy address:
[   42.097885]  ffff888009cad880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc fc
[   42.098553]  ffff888009cad900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc fc
[   42.099218] >ffff888009cad980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb
fb fb
[   42.099885]                                            ^
[   42.100379]  ffff888009cada00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc fc
[   42.101047]  ffff888009cada80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc fc
[   42.101720]
==================================================================
[   42.102385] Disabling lock debugging due to kernel taint

In function nci_rf_intf_activated_ntf_packet(), the attacker is able to
corrupt 6 bytes of one released slub object.
Though it sounds very limited. But the write position (66 - 71 th bytes)
happens to be the metadata of a kmalloc-128 object. That is to say, one
skillful attack can use this UAF write primitive to corrupt the slub free
list to gain more powerful primitive like arbitrary address allocating.


=*=*=*=*=*=*=*=*=  BUG REPRODUCE  =*=*=*=*=*=*=*=*=

This UAF bug, in some perspective, is not easy to trigger. These three
routines are the interaction between the kernel NFC stack and the
underlying NFC controller. That is to say, the attacker may need to
compromise one real hardware controller before he can send these malicious
NFC packets.

(P.S. This bug is found by fuzzing whose threat model is assuming the
controller is already be compromised. I didn't test if this bug can be
triggered remotely using a normal controller).

However, similar to some bugs I found in the Bluetooth stack, I found that
the NFC controller can also be simulated in userspace when the attacker
gains NET_ADMIN privilege. And this is proven to be possible!!

Hence, this bug reproducing can be achieved using the virtual_nfc driver or
the UART device simulation. The POC code for the second choice is provided
as an attachment to allow everyone to trigger this crash.

In a nutshell, the malicious controller only needs to send three packets:

1. nci_rf_disc_rsp_packet: this will awake ALLOC routine.
2. nci_core_conn_close_rsp_packet: this will awake FREE routine.
3. nci_rf_intf_activated_ntf_packet: this will cause UAF.


=*=*=*=*=*=*=*=*=  SUGGESTED FIX  =*=*=*=*=*=*=*=*=

Given the fact that I am not quite clear about the NFC protocol internals,
I can only offer one patch according to my best understanding. (which is
quite simple).

The fix is like below. (also provided as attachment)

diff --git a/net/nfc/nci/rsp.c b/net/nfc/nci/rsp.c
index e9605922a322..49cbc44e075d 100644
--- a/net/nfc/nci/rsp.c
+++ b/net/nfc/nci/rsp.c
@@ -330,6 +330,8 @@ static void nci_core_conn_close_rsp_packet(struct
nci_dev *ndev,
                             ndev->cur_conn_id);
        if (conn_info) {
            list_del(&conn_info->list);
+           if (conn_info == ndev->rf_conn_info)
+               ndev->rf_conn_info = NULL;
            devm_kfree(&ndev->nfc_dev->dev, conn_info);
        }
    }
--
2.32.0

That is, an additional check is added to make sure ndev->rf_conn_info will
be set to NULL when its corresponding conn_info is released by the
devm_kfree(...).

The POC code will no longer trigger the KASan report with this patch added.

=*=*=*=*=*=*=*=*=  ABOUT FIX and OTHER  =*=*=*=*=*=*=*=*=

I'd like to ask for 14 days of the embargo and I will do my best to work
with the developer on fixing this.
Moreover, it will be much appreciated if your group can also assign the CVE
id for this.

Best Regards
Lin Ma

Comment 1 Gianluca Gabrielli 2021-09-01 14:09:49 UTC

Created attachment 852220 [details]
Proposed patch

Comment 5 Gianluca Gabrielli 2021-09-01 14:33:52 UTC

Affected base branches:
 - SLE15-SP3
 - SLE15-SP2
 - SLE12-SP5
 - linux-4.12
 - linux-4.4
 - stable

Comment 8 Marcus Meissner 2021-09-06 07:04:47 UTC

I assume physical attack vector as you need to plugin a bad NFC controller somehow (via USB?)

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Comment 13 Marcus Meissner 2021-10-26 11:07:48 UTC

public now

From: Lin Horse <kylin.formalin@gmail.com>
Subject: [oss-security] CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object

Hello there,

Our team found a UAF vulnerability of ndev->rf_conn_info object in the
kernel NFC stack. The root cause is that ndev->rf_conn_info is forgotten to
set to NULL when the object is released.

=*=*=*=*=*=*=*=*=  BUG DETAILS  =*=*=*=*=*=*=*=*=

We will talk about the ALLOC routine, the FREE routine, and the UAF routine.

>>>>>>>> ALLOC routine <<<<<<<<

With dynamic debugging, I found the object allocation routine is like below

.. -> nci_recv_frame()
      -> nci_rx_work()
         -> nci_rsp_packet()
            -> nci_rf_disc_rsp_packet()
               -> devm_kzalloc()

The function nci_rf_disc_rsp_packet() is like below

static void nci_rf_disc_rsp_packet(struct nci_dev *ndev, struct sk_buff
*skb)
{
    struct nci_conn_info    *conn_info;
    __u8 status = skb->data[0];

    pr_debug("status 0x%x\n", status);

    if (status == NCI_STATUS_OK) {
        atomic_set(&ndev->state, NCI_DISCOVERY);

        conn_info = ndev->rf_conn_info;
        if (!conn_info) {
            conn_info = devm_kzalloc(&ndev->nfc_dev->dev, /* ALLOCATING */
                         sizeof(struct nci_conn_info),
                         GFP_KERNEL);
            if (!conn_info) {
                status = NCI_STATUS_REJECTED;
                goto exit;
            }
            conn_info->conn_id = NCI_STATIC_RF_CONN_ID;
            INIT_LIST_HEAD(&conn_info->list);
            list_add(&conn_info->list, &ndev->conn_info_list);
            ndev->rf_conn_info = conn_info;
        }
    }

exit:
    nci_req_complete(ndev, status);
}

This function will allocate nci_conn_info object if the ndev->rf_conn_info
is NULL. It will also update conn_info->conn_id and add this info data to
ndev->conn_info_list. The ndev->rf_conn_info will be set to this newly
allocated object at last.

>>>>>>>> FREE routine <<<<<<<<

We now know that the conn_info is created when the sent discovery packet is
replied to. How about the deallocation? By reading through the source code,
we will find out the deallocation site is in nci_core_conn_close_rsp_packet()
function.

.. -> nci_recv_frame()
      -> nci_rx_work()
         -> nci_rsp_packet()
            -> nci_core_conn_close_rsp_packet()
               -> devm_kfree()

static void nci_core_conn_close_rsp_packet(struct nci_dev *ndev,
                       struct sk_buff *skb)
{
    struct nci_conn_info *conn_info;
    __u8 status = skb->data[0];

    pr_debug("status 0x%x\n", status);
    if (status == NCI_STATUS_OK) {
        conn_info = nci_get_conn_info_by_conn_id(ndev,
                             ndev->cur_conn_id);
        if (conn_info) {
            list_del(&conn_info->list);
            devm_kfree(&ndev->nfc_dev->dev, conn_info);
        }
    }
    nci_req_complete(ndev, status);
}

This function will call devm_kfree() to release conn_info, which is
obtained in function nci_get_conn_info_by_conn_id() with given conn_id.
(The cur_conn_id can be set in nci_send_data() function,
nci_nfcc_loopback() function and nci_core_conn_close() function).

In another word, the ndev->cur_conn_id is possible be NCI_STATIC_RF_CONN_ID
(0x00). That is, the devm_kfree() is possibly make the ndev->rf_conn_info a
dangling pointer.

>>>>>>>> UAF routine <<<<<<<<

We can find code side that dereference the dangling pointer
ndev->rf_conn_info. For example, the nci_rf_intf_activated_ntf_packet()
function.

static void nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev,
                                             struct sk_buff *skb)
{
/* ... */
exit:
        if (err == NCI_STATUS_OK) {
                conn_info = ndev->rf_conn_info;
                if (!conn_info) // This check is failed
                        return;

                conn_info->max_pkt_payload_len =
ntf.max_data_pkt_payload_size;
                conn_info->initial_num_credits = ntf.initial_num_credits;
/* ... */
}

As we can see, this function will check if the pointer ndev->rf_conn_info
is NULL. However, this check is failed because the ndev->rf_conn_info is
not set to NULL even if the object is released.
(In fact, I didn't find any code like ndev->rf_conn_info = NULL in the
kernel source code).

Hence, the following dereference of max_pkt_payload_len and
initial_num_credits will cause UAF write.

=*=*=*=*=*=*=*=*=  BUG EFFECTS  =*=*=*=*=*=*=*=*=

Below we provide the report from KASan.

[   42.075031] ============================================================
======
[   42.075705] BUG: KASAN: use-after-free in nci_ntf_packet+0x279a/0x2fd0
[   42.076322] Write of size 1 at addr ffff888009cad9c2 by task
kworker/u2:1/43
[   42.076976]
[   42.077126] CPU: 0 PID: 43 Comm: kworker/u2:1 Not tainted 5.13.1+ #26
[   42.077732] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[   42.078800] Workqueue: nfc2_nci_rx_wq nci_rx_work
[   42.079244] Call Trace:
[   42.079482]  dump_stack+0x157/0x1ae
[   42.079820]  print_address_description+0x7b/0x3a0
[   42.080265]  __kasan_report+0x14d/0x240
[   42.080628]  ? nci_ntf_packet+0x279a/0x2fd0
[   42.081022]  kasan_report+0x45/0x60
[   42.081353]  nci_ntf_packet+0x279a/0x2fd0
[   42.081738]  ? nfc_send_to_raw_sock+0x237/0x260
[   42.082165]  ? skb_dequeue+0x10f/0x140
[   42.082524]  nci_rx_work+0x140/0x280
[   42.082871]  process_one_work+0x7b1/0x1060
[   42.083264]  worker_thread+0xa56/0x1270
[   42.083627]  ? __schedule+0xc39/0x11d0
[   42.083984]  ? process_one_work+0x1060/0x1060
[   42.084394]  kthread+0x2ee/0x310
[   42.084701]  ? process_one_work+0x1060/0x1060
[   42.085111]  ? kthread_unuse_mm+0x1a0/0x1a0
[   42.085505]  ret_from_fork+0x22/0x30
[   42.085851]
[   42.085999] Allocated by task 0:
[   42.086307] (stack is not available)
[   42.086643]
[   42.086791] Freed by task 7:
[   42.087064]  kasan_set_track+0x3d/0x70
[   42.087419]  kasan_set_free_info+0x1f/0x40
[   42.087804]  ____kasan_slab_free+0x111/0x150
[   42.088204]  kfree+0xf6/0x2d0
[   42.088488]  nci_rsp_packet+0x119f/0x2060
[   42.088865]  nci_rx_work+0x102/0x280
[   42.089203]  process_one_work+0x7b1/0x1060
[   42.089588]  worker_thread+0xa56/0x1270
[   42.089954]  kthread+0x2ee/0x310
[   42.090261]  ret_from_fork+0x22/0x30
[   42.090600]
[   42.090747] The buggy address belongs to the object at ffff888009cad980
[   42.090747]  which belongs to the cache kmalloc-128 of size 128
[   42.091894] The buggy address is located 66 bytes inside of
[   42.091894]  128-byte region [ffff888009cad980, ffff888009cada00)
[   42.092964] The buggy address belongs to the page:
[   42.093411] page:000000005b218ee6 refcount:1 mapcount:0
mapping:0000000000000000 index:0x0 pfn:0x9cac
[   42.094269] head:000000005b218ee6 order:1 compound_mapcount:0
[   42.094803] flags: 0x100000000010200(slab|head|node=0|zone=1)
[   42.095340] raw: 0100000000010200 ffffea00004bf308 ffff888005c40e70
ffff888005c431c0
[   42.096055] raw: 0000000000000000 00000000000c000c 00000001ffffffff
0000000000000000
[   42.096769] page dumped because: kasan: bad access detected
[   42.097285]
[   42.097432] Memory state around the buggy address:
[   42.097885]  ffff888009cad880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc fc
[   42.098553]  ffff888009cad900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc fc
[   42.099218] >ffff888009cad980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb
fb fb
[   42.099885]                                            ^
[   42.100379]  ffff888009cada00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc fc
[   42.101047]  ffff888009cada80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc fc
[   42.101720] ============================================================
======
[   42.102385] Disabling lock debugging due to kernel taint

In function nci_rf_intf_activated_ntf_packet(), the attacker is able to
corrupt 6 bytes of one released slub object.
Though it sounds very limited. But the write position (66 - 71 th bytes)
happens to be the metadata of a kmalloc-128 object. That is to say, one
skillful attack can use this UAF write primitive to corrupt the slub free
list to gain more powerful primitive like arbitrary address allocating.

=*=*=*=*=*=*=*=*=  BUG REPRODUCE  =*=*=*=*=*=*=*=*=

This UAF bug, in some perspective, is not easy to trigger. These three
routines are the interaction between the kernel NFC stack and the
underlying NFC controller. That is to say, the attacker may need to
compromise one real hardware controller before he can send these malicious
NFC packets.

(P.S. This bug is found by fuzzing whose threat model is assuming the
controller is already be compromised. I didn't test if this bug can be
triggered remotely using a normal controller).

However, similar to some bugs I found in the Bluetooth stack, I found that
the NFC controller can also be simulated in userspace when the attacker
gains NET_ADMIN privilege. And this is proven to be possible!!

Hence, this bug reproducing can be achieved using the virtual_nfc driver or
the UART device simulation. The POC code for the second choice is provided
as an attachment to allow everyone to trigger this crash.

In a nutshell, the malicious controller only needs to send three packets:

1. nci_rf_disc_rsp_packet: this will awake ALLOC routine.
2. nci_core_conn_close_rsp_packet: this will awake FREE routine.
3. nci_rf_intf_activated_ntf_packet: this will cause UAF.

=*=*=*=*=*=*=*=*=  Timeline  =*=*=*=*=*=*=*=*=

2021-09-01 Report to security and linux-distro
2021-09-01 CVE-2021-3760 assigned
2021-10-26 patch upstream

Sorry for the delay of this report T.T

Best wishes

Comment 14 Marcus Meissner 2021-10-26 12:34:03 UTC

The commit for the fix is 1b1499a817c90fd1ce9453a2c98d2a01cca0e775 (link:                                                                                                                    
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1b1499a817c90fd1ce9453a2c98d2a01cca0e775                                                                         
)

Comment 15 Takashi Iwai 2021-10-27 08:54:54 UTC

The fix was backported to SLE15-SP4, SLE15-SP2, cve/linux-4.12 and cve/linux-4.4 branches.  stable branch got the fix via stable 5.14.x.

Reassigned back to security team.

Comment 20 OBSbugzilla Bot 2021-11-02 21:41:42 UTC

This is an autogenerated message for OBS integration:
This bug (1190067) was mentioned in
https://build.opensuse.org/request/show/928854 15.2 / kernel-source

Comment 27 Swamp Workflow Management 2021-11-08 14:22:54 UTC

openSUSE-SU-2021:1460-1: An update that solves 15 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1100416,1129735,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176940,1184673,1185762,1186109,1187167,1188563,1188876,1188983,1188985,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190941,1191229,1191238,1191241,1191315,1191317,1191343,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191731,1191800,1191934,1191958,1192036,1192040,1192041,1192107,1192145,1192267
CVE References: CVE-2018-13405,CVE-2021-33033,CVE-2021-34556,CVE-2021-3542,CVE-2021-35477,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.98.1, kernel-default-5.3.18-lp152.98.1, kernel-default-base-5.3.18-lp152.98.1.lp152.8.46.1, kernel-docs-5.3.18-lp152.98.1, kernel-kvmsmall-5.3.18-lp152.98.1, kernel-obs-build-5.3.18-lp152.98.1, kernel-obs-qa-5.3.18-lp152.98.1, kernel-preempt-5.3.18-lp152.98.1, kernel-source-5.3.18-lp152.98.1, kernel-syms-5.3.18-lp152.98.1

Comment 29 Swamp Workflow Management 2021-11-09 20:18:56 UTC

SUSE-SU-2021:3642-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    kernel-rt-5.3.18-60.1
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-60.1, kernel-rt_debug-5.3.18-60.1, kernel-source-rt-5.3.18-60.1, kernel-syms-rt-5.3.18-60.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2021-11-09 20:25:21 UTC

SUSE-SU-2021:3641-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.28.2, kernel-source-azure-5.3.18-38.28.2, kernel-syms-azure-5.3.18-38.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Swamp Workflow Management 2021-11-09 20:31:40 UTC

openSUSE-SU-2021:3641-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.28.2, kernel-source-azure-5.3.18-38.28.2, kernel-syms-azure-5.3.18-38.28.1

Comment 32 Swamp Workflow Management 2021-11-09 20:37:56 UTC

SUSE-SU-2021:3640-1: An update that solves 11 vulnerabilities and has 35 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1133021,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176940,1184673,1185762,1186063,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190941,1191229,1191241,1191315,1191317,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191731,1191800,1191934,1191958,1192040,1192041,1192107,1192145
CVE References: CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.72.2, kernel-source-azure-5.3.18-18.72.2, kernel-syms-azure-5.3.18-18.72.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 36 Swamp Workflow Management 2021-11-11 14:21:19 UTC

openSUSE-SU-2021:3655-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-59.30.1, kernel-64kb-5.3.18-59.30.1, kernel-debug-5.3.18-59.30.1, kernel-default-5.3.18-59.30.1, kernel-default-base-5.3.18-59.30.1.18.17.1, kernel-docs-5.3.18-59.30.1, kernel-kvmsmall-5.3.18-59.30.1, kernel-obs-build-5.3.18-59.30.1, kernel-obs-qa-5.3.18-59.30.1, kernel-preempt-5.3.18-59.30.1, kernel-source-5.3.18-59.30.1, kernel-syms-5.3.18-59.30.1, kernel-zfcpdump-5.3.18-59.30.1

Comment 37 Swamp Workflow Management 2021-11-11 14:30:20 UTC

SUSE-SU-2021:3658-1: An update that solves 11 vulnerabilities and has 35 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176940,1184673,1185762,1186063,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190941,1191229,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191731,1191800,1191934,1191958,1192040,1192041,1192107,1192145
CVE References: CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-5.3.18-57.1
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-57.1, kernel-rt_debug-5.3.18-57.1, kernel-source-rt-5.3.18-57.1, kernel-syms-rt-5.3.18-57.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 38 Swamp Workflow Management 2021-11-11 14:41:06 UTC

SUSE-SU-2021:3655-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    kernel-default-5.3.18-59.30.1, kernel-default-base-5.3.18-59.30.1.18.17.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.30.1, kernel-preempt-5.3.18-59.30.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.30.1, kernel-livepatch-SLE15-SP3_Update_8-1-7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.30.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.30.1, kernel-obs-build-5.3.18-59.30.1, kernel-preempt-5.3.18-59.30.1, kernel-source-5.3.18-59.30.1, kernel-syms-5.3.18-59.30.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.30.1, kernel-default-5.3.18-59.30.1, kernel-default-base-5.3.18-59.30.1.18.17.1, kernel-preempt-5.3.18-59.30.1, kernel-source-5.3.18-59.30.1, kernel-zfcpdump-5.3.18-59.30.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 42 Swamp Workflow Management 2021-11-15 17:21:50 UTC

openSUSE-SU-2021:1477-1: An update that solves 15 vulnerabilities and has 41 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1100416,1129735,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176940,1184673,1185762,1186109,1187167,1188563,1188876,1188983,1188985,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190941,1191229,1191238,1191241,1191315,1191317,1191343,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191731,1191800,1191934,1191958,1192036,1192040,1192041,1192107,1192145,1192267,1192549
CVE References: CVE-2018-13405,CVE-2021-33033,CVE-2021-34556,CVE-2021-3542,CVE-2021-35477,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.102.1, kernel-default-5.3.18-lp152.102.1, kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1, kernel-docs-5.3.18-lp152.102.1, kernel-kvmsmall-5.3.18-lp152.102.1, kernel-obs-build-5.3.18-lp152.102.1, kernel-obs-qa-5.3.18-lp152.102.1, kernel-preempt-5.3.18-lp152.102.1, kernel-source-5.3.18-lp152.102.1, kernel-syms-5.3.18-lp152.102.1

Comment 43 Swamp Workflow Management 2021-11-16 20:21:57 UTC

SUSE-SU-2021:3675-1: An update that solves 15 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1089118,1094840,1133021,1152472,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176447,1176774,1176914,1176940,1178134,1180100,1180749,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1188601,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191851,1191867,1191934,1191958,1191980,1192040,1192041,1192074,1192107,1192145,1192229,1192267,1192288,1192549
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056,CVE-2021-43389
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    kernel-default-5.3.18-59.34.1, kernel-default-base-5.3.18-59.34.1.18.21.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.34.1, kernel-preempt-5.3.18-59.34.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.34.1, kernel-livepatch-SLE15-SP3_Update_9-1-7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.34.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.34.1, kernel-obs-build-5.3.18-59.34.1, kernel-preempt-5.3.18-59.34.1, kernel-source-5.3.18-59.34.1, kernel-syms-5.3.18-59.34.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.34.1, kernel-default-5.3.18-59.34.1, kernel-default-base-5.3.18-59.34.1.18.21.1, kernel-preempt-5.3.18-59.34.1, kernel-source-5.3.18-59.34.1, kernel-zfcpdump-5.3.18-59.34.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 44 Swamp Workflow Management 2021-11-16 20:32:33 UTC

openSUSE-SU-2021:3675-1: An update that solves 15 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1089118,1094840,1133021,1152472,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176447,1176774,1176914,1176940,1178134,1180100,1180749,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1188601,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191851,1191867,1191934,1191958,1191980,1192040,1192041,1192074,1192107,1192145,1192229,1192267,1192288,1192549
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056,CVE-2021-43389
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-59.34.1, kernel-64kb-5.3.18-59.34.1, kernel-debug-5.3.18-59.34.1, kernel-default-5.3.18-59.34.1, kernel-default-base-5.3.18-59.34.1.18.21.1, kernel-docs-5.3.18-59.34.1, kernel-kvmsmall-5.3.18-59.34.1, kernel-obs-build-5.3.18-59.34.1, kernel-obs-qa-5.3.18-59.34.1, kernel-preempt-5.3.18-59.34.1, kernel-source-5.3.18-59.34.1, kernel-syms-5.3.18-59.34.1, kernel-zfcpdump-5.3.18-59.34.1

Comment 45 Swamp Workflow Management 2021-11-17 14:24:04 UTC

SUSE-SU-2021:3723-1: An update that solves 14 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1050549,1065729,1085030,1094840,1114648,1180624,1184673,1186063,1186109,1188563,1188601,1188983,1188985,1190006,1190067,1190317,1190349,1190351,1190479,1190620,1190795,1190941,1191241,1191315,1191317,1191349,1191450,1191452,1191455,1191500,1191579,1191628,1191662,1191667,1191713,1191801,1192145,1192379
CVE References: CVE-2018-13405,CVE-2021-33033,CVE-2021-34556,CVE-2021-3542,CVE-2021-35477,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.65.1, kernel-rt_debug-4.12.14-10.65.1, kernel-source-rt-4.12.14-10.65.1, kernel-syms-rt-4.12.14-10.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 46 Swamp Workflow Management 2021-11-19 20:35:32 UTC

SUSE-SU-2021:3748-1: An update that solves 13 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 1050549,1065729,1085030,1114648,1180624,1184673,1186063,1186109,1188563,1188601,1188983,1188985,1190006,1190067,1190317,1190349,1190397,1190479,1190620,1190795,1190941,1191241,1191315,1191317,1191349,1191450,1191452,1191455,1191500,1191579,1191628,1191662,1191667,1191713,1191801,1191888,1192145,1192267
CVE References: CVE-2018-13405,CVE-2021-33033,CVE-2021-34556,CVE-2021-3542,CVE-2021-35477,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.98.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.98.1, kernel-obs-build-4.12.14-122.98.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.98.1, kernel-source-4.12.14-122.98.1, kernel-syms-4.12.14-122.98.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.98.1, kgraft-patch-SLE12-SP5_Update_25-1-8.7.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 47 Swamp Workflow Management 2021-11-19 23:22:00 UTC

SUSE-SU-2021:3754-1: An update that solves 11 vulnerabilities and has 37 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176940,1184673,1185762,1186063,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190941,1191229,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191731,1191800,1191934,1191958,1192040,1192041,1192107,1192145,1192267,1192549
CVE References: CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.93.1, kernel-default-base-5.3.18-24.93.1.9.42.5
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.93.1, kernel-preempt-5.3.18-24.93.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.93.1, kernel-livepatch-SLE15-SP2_Update_21-1-5.3.5
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.93.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.93.1, kernel-obs-build-5.3.18-24.93.1, kernel-preempt-5.3.18-24.93.1, kernel-source-5.3.18-24.93.1, kernel-syms-5.3.18-24.93.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.93.1, kernel-default-base-5.3.18-24.93.1.9.42.5, kernel-preempt-5.3.18-24.93.1, kernel-source-5.3.18-24.93.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.93.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 60 Swamp Workflow Management 2021-12-02 11:25:17 UTC

openSUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-197.102.2, kernel-default-4.12.14-197.102.2, kernel-kvmsmall-4.12.14-197.102.2, kernel-vanilla-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2

Comment 61 Swamp Workflow Management 2021-12-02 11:37:30 UTC

SUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-livepatch-SLE15-SP1_Update_27-1-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.102.2
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 62 Swamp Workflow Management 2021-12-06 14:39:20 UTC

SUSE-SU-2021:3929-1: An update that solves 36 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1068032,1087082,1098425,1100416,1119934,1129735,1171217,1171420,1173346,1176724,1183089,1184673,1186109,1186390,1188172,1188325,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189706,1190023,1190025,1190067,1190117,1190159,1190276,1190349,1190351,1190601,1191193,1191315,1191790,1191958,1191961,1192781,802154
CVE References: CVE-2017-5753,CVE-2018-13405,CVE-2018-16882,CVE-2020-0429,CVE-2020-12655,CVE-2020-14305,CVE-2020-3702,CVE-2021-20265,CVE-2021-20322,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-3896,CVE-2021-40490,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.161.1, kernel-source-4.4.121-92.161.1, kernel-syms-4.4.121-92.161.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 63 Swamp Workflow Management 2021-12-06 18:17:06 UTC

SUSE-SU-2021:3935-1: An update that solves 38 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1073928,1098425,1100416,1119934,1129735,1171217,1171420,1173346,1176724,1177666,1181158,1181854,1181855,1183089,1184673,1185726,1185727,1185758,1185973,1186109,1186390,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189278,1189291,1189399,1189420,1189706,1190022,1190023,1190025,1190067,1190117,1190159,1190194,1190349,1190351,1190601,1190717,1191193,1191315,1191790,1191801,1191958,1191961,1192267,1192400,1192775,1192781
CVE References: CVE-2017-17862,CVE-2017-17864,CVE-2018-13405,CVE-2018-16882,CVE-2020-0429,CVE-2020-12655,CVE-2020-14305,CVE-2020-3702,CVE-2020-4788,CVE-2021-20265,CVE-2021-20322,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-3896,CVE-2021-40490,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.150.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 64 Swamp Workflow Management 2021-12-07 20:25:33 UTC

SUSE-SU-2021:3969-1: An update that solves 37 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 1085235,1085308,1087078,1087082,1100394,1102640,1105412,1108488,1129898,1133374,1171420,1173489,1174161,1181854,1184804,1185377,1185726,1185758,1186109,1186482,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190117,1190159,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191790,1191800,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-3639,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20320,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1, kernel-zfcpdump-4.12.14-150.78.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.78.1, kernel-livepatch-SLE15_Update_26-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.78.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 65 Swamp Workflow Management 2021-12-08 14:24:33 UTC

SUSE-SU-2021:3972-1: An update that solves 40 vulnerabilities and has 47 fixes is now available.

Category: security (important)
Bug References: 1087082,1100416,1108488,1129735,1129898,1133374,1153720,1171420,1176724,1176931,1180624,1181854,1181855,1183050,1183861,1184673,1184804,1185377,1185677,1185726,1185727,1185758,1185973,1186063,1186482,1186483,1186672,1188026,1188172,1188563,1188601,1188613,1188838,1188842,1188876,1188983,1188985,1189057,1189262,1189278,1189291,1189399,1189400,1189418,1189420,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190118,1190159,1190276,1190349,1190350,1190351,1190432,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191318,1191529,1191530,1191628,1191660,1191790,1191801,1191813,1191961,1192036,1192045,1192048,1192267,1192379,1192400,1192444,1192549,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.83.2, kgraft-patch-SLE12-SP4_Update_23-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.83.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.