Bug 1191580 (CVE-2022-0001)

Summary: VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401: kernel: BHB speculation issues
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: afaerber, bschubert, jkosina, knut.trepte, lee.martin, matz, mbrugger, meissner, mhocko, ohering, pmladek, ptesarik, rfrohl, rguenther, shung-hsi.yu, tiwai, tonyj, zhao.yuhu
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/312331/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-26341:5.6:(AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) CVSSv3.1:SUSE:CVE-2021-26401:5.6:(AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) CVSSv3.1:SUSE:CVE-2022-0001:5.6:(AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) CVSSv3.1:SUSE:CVE-2022-0002:5.6:(AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) CVSSv3.1:SUSE:CVE-2022-23960:5.6:(AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1196915, 1195330, 1196657    
Bug Blocks: 1195283    

Comment 38 Marcus Meissner 2021-11-24 12:07:03 UTC
CRD: 2022-03-08

(2022 not 2021)
Comment 45 Marcus Meissner 2022-01-28 12:24:31 UTC
CRD: 2022-03-08
Comment 53 Marcus Meissner 2022-02-22 08:02:05 UTC
CRD: 2022-03-08 10:00PT
Comment 78 Marcus Meissner 2022-03-08 18:04:40 UTC
issue is public

https://twitter.com/vu5ec/status/1501256481097883648

Spectre-v2 is back! Disclosing Branch History Injection (#BHI/#Spectre-BHB), bypassing Spectre-v2 hw defenses to leak arbitrary kernel/host memory (e.g., root password hash below). Joint work by @enrico_barberis  @pit_frg  @nSinusR @herbertbos @c_giuffrida

https://www.vusec.net/projects/bhi-spectre-bhb/
Comment 79 Swamp Workflow Management 2022-03-08 23:18:48 UTC
openSUSE-SU-2022:0760-1: An update that solves 6 vulnerabilities, contains three features and has 50 fixes is now available.

Category: security (important)
Bug References: 1089644,1154353,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195286,1195352,1195378,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196373,1196400,1196403,1196516,1196584,1196585,1196601,1196612,1196776
CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375
JIRA References: SLE-20807,SLE-22135,SLE-22494
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.54.1, kernel-preempt-5.3.18-150300.59.54.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.54.1, kernel-64kb-5.3.18-150300.59.54.1, kernel-debug-5.3.18-150300.59.54.1, kernel-default-5.3.18-150300.59.54.1, kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3, kernel-docs-5.3.18-150300.59.54.1, kernel-kvmsmall-5.3.18-150300.59.54.1, kernel-obs-build-5.3.18-150300.59.54.1, kernel-obs-qa-5.3.18-150300.59.54.1, kernel-preempt-5.3.18-150300.59.54.1, kernel-source-5.3.18-150300.59.54.1, kernel-syms-5.3.18-150300.59.54.1, kernel-zfcpdump-5.3.18-150300.59.54.1
Comment 80 Swamp Workflow Management 2022-03-08 23:22:51 UTC
SUSE-SU-2022:0764-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191580,1192483,1195701,1195995,1196584
CVE References: CVE-2022-0001,CVE-2022-0002
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-76.1, kernel-rt_debug-5.3.18-76.1, kernel-source-rt-5.3.18-76.1, kernel-syms-rt-5.3.18-76.1
SUSE Linux Enterprise Micro 5.0 (src):    kernel-rt-5.3.18-76.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 81 Swamp Workflow Management 2022-03-08 23:24:11 UTC
SUSE-SU-2022:0762-1: An update that solves 7 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1146312,1185973,1191580,1193731,1194463,1195536,1195543,1195612,1195908,1195939,1196079,1196612
CVE References: CVE-2016-10905,CVE-2021-0920,CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0617,CVE-2022-24448
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.156.1, kernel-source-4.4.180-94.156.1, kernel-syms-4.4.180-94.156.1, kgraft-patch-SLE12-SP3_Update_43-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.156.1, kernel-source-4.4.180-94.156.1, kernel-syms-4.4.180-94.156.1, kgraft-patch-SLE12-SP3_Update_43-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.156.1, kernel-source-4.4.180-94.156.1, kernel-syms-4.4.180-94.156.1, kgraft-patch-SLE12-SP3_Update_43-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.156.1, kernel-source-4.4.180-94.156.1, kernel-syms-4.4.180-94.156.1, kgraft-patch-SLE12-SP3_Update_43-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.156.1, kernel-source-4.4.180-94.156.1, kernel-syms-4.4.180-94.156.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.156.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.156.1, kernel-source-4.4.180-94.156.1, kernel-syms-4.4.180-94.156.1, kgraft-patch-SLE12-SP3_Update_43-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 82 Swamp Workflow Management 2022-03-08 23:27:00 UTC
SUSE-SU-2022:0763-1: An update that solves three vulnerabilities, contains three features and has 43 fixes is now available.

Category: security (important)
Bug References: 1089644,1154353,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195286,1195352,1195378,1195506,1195668,1195701,1195798,1195799,1195823,1195928,1195957,1195995,1196195,1196235,1196339,1196400,1196516,1196584
CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-25375
JIRA References: SLE-20807,SLE-22135,SLE-22494
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.79.1, kernel-rt_debug-5.3.18-150300.79.1, kernel-source-rt-5.3.18-150300.79.1, kernel-syms-rt-5.3.18-150300.79.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.79.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 83 Swamp Workflow Management 2022-03-08 23:30:47 UTC
SUSE-SU-2022:0759-1: An update that solves 14 vulnerabilities, contains one feature and has 12 fixes is now available.

Category: security (important)
Bug References: 1189126,1191580,1192483,1194516,1195254,1195286,1195516,1195543,1195612,1195701,1195897,1195905,1195908,1195947,1195949,1195987,1195995,1196079,1196095,1196132,1196155,1196235,1196584,1196601,1196612,1196776
CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0847,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375
JIRA References: SLE-23652
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.107.1, kernel-livepatch-SLE15-SP2_Update_25-1-5.5.1
SUSE Linux Enterprise Micro 5.0 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.107.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 84 Swamp Workflow Management 2022-03-08 23:35:05 UTC
SUSE-SU-2022:0755-1: An update that solves 6 vulnerabilities, contains three features and has 56 fixes is now available.

Category: security (important)
Bug References: 1089644,1154353,1156395,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195142,1195352,1195378,1195476,1195477,1195478,1195479,1195480,1195481,1195482,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196400,1196403,1196516,1196584,1196601,1196612,1196776
CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375
JIRA References: SLE-20807,SLE-22135,SLE-22494
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.47.1, kernel-source-azure-5.3.18-150300.38.47.1, kernel-syms-azure-5.3.18-150300.38.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 85 Swamp Workflow Management 2022-03-08 23:39:55 UTC
SUSE-SU-2022:0766-1: An update that solves 9 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1107207,1185973,1191580,1194516,1195536,1195543,1195612,1195840,1195897,1195908,1195949,1195987,1196079,1196155,1196584,1196612
CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.86.1, kernel-docs-4.12.14-150.86.1, kernel-obs-build-4.12.14-150.86.1, kernel-source-4.12.14-150.86.1, kernel-syms-4.12.14-150.86.1, kernel-vanilla-4.12.14-150.86.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.86.1, kernel-docs-4.12.14-150.86.1, kernel-obs-build-4.12.14-150.86.1, kernel-source-4.12.14-150.86.1, kernel-syms-4.12.14-150.86.1, kernel-vanilla-4.12.14-150.86.1, kernel-zfcpdump-4.12.14-150.86.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.86.1, kernel-livepatch-SLE15_Update_28-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.86.1, kernel-docs-4.12.14-150.86.1, kernel-obs-build-4.12.14-150.86.1, kernel-source-4.12.14-150.86.1, kernel-syms-4.12.14-150.86.1, kernel-vanilla-4.12.14-150.86.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.86.1, kernel-docs-4.12.14-150.86.1, kernel-obs-build-4.12.14-150.86.1, kernel-source-4.12.14-150.86.1, kernel-syms-4.12.14-150.86.1, kernel-vanilla-4.12.14-150.86.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.86.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 86 Swamp Workflow Management 2022-03-08 23:43:04 UTC
openSUSE-SU-2022:0755-1: An update that solves 6 vulnerabilities, contains three features and has 56 fixes is now available.

Category: security (important)
Bug References: 1089644,1154353,1156395,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195142,1195352,1195378,1195476,1195477,1195478,1195479,1195480,1195481,1195482,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196400,1196403,1196516,1196584,1196601,1196612,1196776
CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375
JIRA References: SLE-20807,SLE-22135,SLE-22494
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.47.1, kernel-source-azure-5.3.18-150300.38.47.1, kernel-syms-azure-5.3.18-150300.38.47.1
Comment 87 Swamp Workflow Management 2022-03-08 23:48:06 UTC
SUSE-SU-2022:0768-1: An update that solves 9 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1185973,1191580,1194516,1195536,1195543,1195612,1195840,1195897,1195908,1195949,1195987,1196079,1196155,1196584,1196612
CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1, kernel-zfcpdump-4.12.14-197.108.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.108.1, kernel-livepatch-SLE15-SP1_Update_29-1-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.108.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.108.1, kernel-docs-4.12.14-197.108.1, kernel-obs-build-4.12.14-197.108.1, kernel-source-4.12.14-197.108.1, kernel-syms-4.12.14-197.108.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 88 Swamp Workflow Management 2022-03-08 23:50:22 UTC
SUSE-SU-2022:14905-1: An update that solves 10 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1171420,1179599,1190025,1191580,1193157,1193669,1193867,1194272,1195109,1195543,1195908,1196079,1196612
CVE References: CVE-2019-0136,CVE-2020-12770,CVE-2020-27820,CVE-2021-3753,CVE-2021-4155,CVE-2021-45095,CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0617
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.135.1, kernel-default-3.0.101-108.135.1, kernel-ec2-3.0.101-108.135.1, kernel-pae-3.0.101-108.135.1, kernel-ppc64-3.0.101-108.135.1, kernel-source-3.0.101-108.135.1, kernel-syms-3.0.101-108.135.1, kernel-trace-3.0.101-108.135.1, kernel-xen-3.0.101-108.135.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.135.1, kernel-pae-3.0.101-108.135.1, kernel-ppc64-3.0.101-108.135.1, kernel-trace-3.0.101-108.135.1, kernel-xen-3.0.101-108.135.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.135.1, kernel-default-3.0.101-108.135.1, kernel-ec2-3.0.101-108.135.1, kernel-pae-3.0.101-108.135.1, kernel-ppc64-3.0.101-108.135.1, kernel-trace-3.0.101-108.135.1, kernel-xen-3.0.101-108.135.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 89 Swamp Workflow Management 2022-03-08 23:51:54 UTC
openSUSE-SU-2022:0768-1: An update that solves 9 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1185973,1191580,1194516,1195536,1195543,1195612,1195840,1195897,1195908,1195949,1195987,1196079,1196155,1196584,1196612
CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-197.108.1, kernel-default-4.12.14-197.108.1, kernel-kvmsmall-4.12.14-197.108.1, kernel-vanilla-4.12.14-197.108.1, kernel-zfcpdump-4.12.14-197.108.1
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-197.108.1, kernel-default-4.12.14-197.108.1, kernel-kvmsmall-4.12.14-197.108.1, kernel-vanilla-4.12.14-197.108.1, kernel-zfcpdump-4.12.14-197.108.1
Comment 90 Swamp Workflow Management 2022-03-08 23:55:12 UTC
SUSE-SU-2022:0760-1: An update that solves 6 vulnerabilities, contains three features and has 50 fixes is now available.

Category: security (important)
Bug References: 1089644,1154353,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195286,1195352,1195378,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196373,1196400,1196403,1196516,1196584,1196585,1196601,1196612,1196776
CVE References: CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375
JIRA References: SLE-20807,SLE-22135,SLE-22494
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.54.1, kernel-preempt-5.3.18-150300.59.54.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.54.1, kernel-livepatch-SLE15-SP3_Update_15-1-150300.7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.54.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.54.1, kernel-obs-build-5.3.18-150300.59.54.1, kernel-preempt-5.3.18-150300.59.54.1, kernel-source-5.3.18-150300.59.54.1, kernel-syms-5.3.18-150300.59.54.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.54.1, kernel-default-5.3.18-150300.59.54.1, kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3, kernel-preempt-5.3.18-150300.59.54.1, kernel-source-5.3.18-150300.59.54.1, kernel-zfcpdump-5.3.18-150300.59.54.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.54.1, kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.54.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 91 Swamp Workflow Management 2022-03-09 00:02:46 UTC
SUSE-SU-2022:0761-1: An update that solves 7 vulnerabilities, contains one feature and has 47 fixes is now available.

Category: security (important)
Bug References: 1046306,1050244,1089644,1094978,1097583,1097584,1097585,1097586,1097587,1097588,1101674,1101816,1103991,1109837,1111981,1112374,1114648,1114685,1114893,1117495,1118661,1119113,1136460,1136461,1157038,1157923,1158533,1174852,1185973,1187716,1189126,1191271,1191580,1191655,1193857,1195080,1195377,1195536,1195543,1195638,1195795,1195823,1195840,1195897,1195908,1195934,1195987,1195995,1196079,1196155,1196400,1196516,1196584,1196612
CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24959
JIRA References: SLE-20809
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.81.1, kernel-rt_debug-4.12.14-10.81.1, kernel-source-rt-4.12.14-10.81.1, kernel-syms-rt-4.12.14-10.81.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 92 Swamp Workflow Management 2022-03-09 00:08:49 UTC
SUSE-SU-2022:0767-1: An update that solves 10 vulnerabilities, contains one feature and has 50 fixes is now available.

Category: security (important)
Bug References: 1046306,1050244,1089644,1094978,1097583,1097584,1097585,1097586,1097587,1097588,1101674,1101816,1103991,1109837,1111981,1112374,1114648,1114685,1114893,1117495,1118661,1119113,1136460,1136461,1157038,1157923,1158533,1174852,1185377,1185973,1187716,1189126,1191271,1191580,1191655,1193857,1193867,1194048,1194516,1195080,1195377,1195536,1195543,1195612,1195638,1195795,1195823,1195840,1195897,1195908,1195934,1195949,1195987,1195995,1196079,1196155,1196400,1196516,1196584,1196612
CVE References: CVE-2021-44879,CVE-2021-45095,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959
JIRA References: SLE-20809
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.113.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.113.1, kernel-obs-build-4.12.14-122.113.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.113.1, kernel-source-4.12.14-122.113.1, kernel-syms-4.12.14-122.113.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.113.1, kgraft-patch-SLE12-SP5_Update_29-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.113.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 93 Swamp Workflow Management 2022-03-09 00:15:07 UTC
SUSE-SU-2022:0765-1: An update that solves 10 vulnerabilities, contains one feature and has 50 fixes is now available.

Category: security (important)
Bug References: 1046306,1050244,1089644,1094978,1097583,1097584,1097585,1097586,1097587,1097588,1101674,1101816,1103991,1109837,1111981,1112374,1114648,1114685,1114893,1117495,1118661,1119113,1136460,1136461,1157038,1157923,1158533,1174852,1185377,1185973,1187716,1189126,1191271,1191580,1191655,1193857,1193867,1194048,1194516,1195080,1195377,1195536,1195543,1195612,1195638,1195795,1195823,1195840,1195897,1195908,1195934,1195949,1195987,1195995,1196079,1196155,1196400,1196516,1196584,1196612
CVE References: CVE-2021-44879,CVE-2021-45095,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959
JIRA References: SLE-20809
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.91.1, kernel-source-azure-4.12.14-16.91.1, kernel-syms-azure-4.12.14-16.91.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 94 Swamp Workflow Management 2022-03-09 00:18:20 UTC
SUSE-SU-2022:0756-1: An update that solves 7 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1146312,1190717,1191580,1193731,1194463,1195543,1195612,1195908,1195939,1196079,1196612
CVE References: CVE-2016-10905,CVE-2021-0920,CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0617,CVE-2022-24448
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.169.1, kernel-source-4.4.121-92.169.1, kernel-syms-4.4.121-92.169.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 95 Swamp Workflow Management 2022-03-09 00:20:17 UTC
SUSE-SU-2022:0757-1: An update that solves 10 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1107207,1114893,1185973,1191580,1194516,1195536,1195543,1195612,1195840,1195897,1195908,1195934,1195949,1195987,1196079,1196155,1196584,1196601,1196612
CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-0847,CVE-2022-24448,CVE-2022-24959
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.93.1, kernel-source-4.12.14-95.93.1, kernel-syms-4.12.14-95.93.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.93.1, kernel-source-4.12.14-95.93.1, kernel-syms-4.12.14-95.93.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.93.1, kernel-source-4.12.14-95.93.1, kernel-syms-4.12.14-95.93.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.93.1, kernel-source-4.12.14-95.93.1, kernel-syms-4.12.14-95.93.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.93.1, kgraft-patch-SLE12-SP4_Update_25-1-6.5.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.93.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 111 Swamp Workflow Management 2022-04-14 10:20:58 UTC
SUSE-SU-2022:1196-1: An update that solves 22 vulnerabilities, contains three features and has 39 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1191580,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196657,1196723,1196761,1196830,1196836,1196901,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1197914,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0001,CVE-2022-0002,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-23960,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.116.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.116.1, kernel-obs-build-4.12.14-122.116.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.116.1, kernel-source-4.12.14-122.116.1, kernel-syms-4.12.14-122.116.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.116.1, kgraft-patch-SLE12-SP5_Update_30-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.116.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 112 Petr Mladek 2022-05-03 13:01:49 UTC
This bug seems to approach a good date for CVE SLA fulfillment [1].

What is its status, please?
Were the extra fixes for arm64 applied, please?  (comment #107)
 
[1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel
Comment 113 Borislav Petkov 2022-05-03 13:38:03 UTC
(In reply to Petr Mladek from comment #112)
> What is its status, please?

I think the x86 side has been taken care of.

> Were the extra fixes for arm64 applied, please?  (comment #107)

Matthias?
Comment 115 Matthias Brugger 2022-05-05 08:59:30 UTC
(In reply to Borislav Petkov from comment #113)
> (In reply to Petr Mladek from comment #112)
> > What is its status, please?
> 
> I think the x86 side has been taken care of.
> 
> > Were the extra fixes for arm64 applied, please?  (comment #107)
> 
> Matthias?

These patches are for arm 32bit, so Leap material not SLES material. I'll backport them right now but should not stop this bug from going forward.