Bug 1196901

Summary: VUL-0: CVE-2022-23960,CVE-2022-0001,CVE-2022-0002,CVE-2021-26341,CVE-2021-26401: xen: Multiple speculative security issues (XSA-398)
Product: [Novell Products] SUSE Security Incidents Reporter: Gianluca Gabrielli <gianluca.gabrielli>
Component: IncidentsAssignee: Xen Virtualization <xen-bugs>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Upstream patches

Description Gianluca Gabrielli 2022-03-09 08:12:08 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

                    Xen Security Advisory XSA-398

                  Multiple speculative security issues

ISSUE DESCRIPTION
=================

Note: Multiple issues are contained in this XSA due to their interactions.

1) Researchers at VU Amsterdam have discovered Spectre-BHB, pertaining
   to the use of Branch History between privilege levels.

   ARM have assigned CVE-2022-23960.  Intel have assigned CVE-2022-0001
   (Branch History Injection) and CVE-2022-0002 (Intra-mode BTI).  AMD
   have no statement at the time of writing.

   For more details, see:
     https://vusec.net/projects/bhi-spectre-bhb
     https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
     https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html

2) Researchers at Open Source Security, Inc. have discovered that AMD
   CPUs may speculate beyond direct branches.

   AMD have assigned CVE-2021-26341.

   For more details, see:
     https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
     https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026

3) Researchers at Intel have discovered that previous Spectre-v2
   recommendations of using lfence/jmp is incomplete.

   AMD have assigned CVE-2021-26401.

   For more details, see:
     https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036

IMPACT
======

An attacker might be able to infer the contents of arbitrary host
memory, including memory assigned to other guests.

VULNERABLE SYSTEMS
==================

Systems running all versions of Xen are affected.

Whether a CPU is potentially vulnerable depends on its
microarchitecture.  Consult your hardware vendor.

Xen does not have a managed runtime environment, so is not believed to
be vulnerable to CVE-2022-0002 irrespective of any hardware
susceptibility.

Xen does not have any known gadgets vulnerable to Direct Branch Straight
Line Speculation.  Therefore, no changes for CVE-2021-26341 are being
provided at this time.

The AMD BTI (Spectre v2) protections do not depend on isolating
predictions between different privileges, so the fact that Branch
History is shared (just like the Branch Target Buffer) is not believed
to be relevant to existing mitigations.  Therefore, there is no believed
impact from Spectre-BHB on AMD hardware.

Patches to mitigate CVE-2022-23960 on affected ARM CPUs are provided.

Intel have recommended not making any changes by default for
CVE-2022-0001.  Existing Spectre-v2 mitigations on pre-eIBRS hardware
are believed to be sufficient.  On eIBRS capable hardware, there is
uncertainty over the utility of Branch History Injection to an
adversary.  However, the risk can be removed by using eIBRS in
combination with retpoline.

For CVE-2021-26401, AMD have recommended using retpoline in preference
to lfence/jmp as previously recommended to mitigate Spectre-v2.  This
recommendation also mitigates any risk from Branch History Injection.

For both CVE-2022-0001 on Intel, and CVE-2021-26401 on AMD, the
suggestion to use retpoline is incompatible with CET Shadow Stacks as
implemented in Xen 4.14 and later.  The security team has decided that
disabling CET Shadow Stacks to work around speculation problems is not a
reasonable option for downstreams and end users.

Therefore, patches are also provided to:
 * Use IBRS on capable AMD hardware.  This also mitigates
   CVE-2021-26401.
 * Use CET Indirect Branch Tracking on capable Intel hardware.  CET-IBT
   has architectural guarantees about halting speculation, on top of
   being a hardware mechanism to protect against Call/Jump Oriented
   Programming attacks.

Both provide CET Shadow Stack compatible mitigations to these issues.  A
practical consequence of this decision is that CET Shadow Stacks are now
considered security supported, upgraded from Tech Preview previously.

Note: CET-IBT patches are incomplete and will be backported at a later date.

MITIGATION
==========

On AMD systems, CVE-2021-26401 can be mitigated by specifying:

 With CET-SS,    `spec-ctrl=bti-thunk=jmp,ibrs`
 Without CET-SS, `spec-ctrl=bti-thunk=retpoline`

on Xen's command line, and rebooting.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball.  Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.

xsa398/xsa398-*.patch           xen-unstable
xsa398/xsa398-4.16-*.patch      Xen 4.16.x
xsa398/xsa398-4.15-*.patch      Xen 4.15.x
xsa398/xsa398-4.14-*.patch      Xen 4.14.x
xsa398/xsa398-4.13-*.patch      Xen 4.13.x
xsa398/xsa398-4.12-*.patch      Xen 4.12.x

$ sha256sum xsa398* xsa398*/*
9219c48d103a7eeda0fa9cbb5fc5b2265713589e29a9a483d0f3fb6523859903  xsa398.meta
32e7a7627609de2273fe474979e339f6a578cbcf7ce007b6a047954a31aec135  xsa398/xsa398-1-xen-arm-Introduce-new-Arm-processors.patch
ef701fd64cfdd838299391cd736749db70ac3b18251d17768d42f4a610dda1be  xsa398/xsa398-2-xen-arm-move-errata-CSV2-check-earlier.patch
4d574bc40555f068608a595ade23ecdc224f8c0af86f447cba6e765d4ccde3ad  xsa398/xsa398-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
29a2880ab4fa492deecd2f3dc590609d0df5e9210565ab4121be0d731c4140b0  xsa398/xsa398-4.12-1-xen-arm-Introduce-new-Arm-processors.patch
b81eb6a0f8ecde53318eeff1ec8bf1b3fd5f1b211a499317f6c596e831a90101  xsa398/xsa398-4.12-2-xen-arm-move-errata-CSV2-check-earlier.patch
a9f5adc44eeeaf5a694f94c91a32e714c765bbcf61066a03e3c52d79d28a3366  xsa398/xsa398-4.12-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
e70d4c06f789c8f5f45c7e27289f8c7aa4c448a6e33f67fb113630ed79382fd9  xsa398/xsa398-4.12-4-xen-arm-Add-Spectre-BHB-handling.patch
6766c0b0d89f3be90046c05358e8b7c43c87b3e1012118af013faa098e783e74  xsa398/xsa398-4.12-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
fd047878fd53e130cd7d8cfd1d50334a958e7e962606afaacd5aa1da186f6341  xsa398/xsa398-4.12-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
1ef4fae89d2bc75e33eb6c8e5f55d0b6f5ba45a274f6d3b5ea7e2eef4c08ad63  xsa398/xsa398-4.13-1-xen-arm-Introduce-new-Arm-processors.patch
b0c25a34055dd5401dff1686f4f7ab978c6a449a76aa0e1b369f483fa184851a  xsa398/xsa398-4.13-2-xen-arm-move-errata-CSV2-check-earlier.patch
c6ffa2818480740dc30e232215531ab69c252e564df365c466e759886b207450  xsa398/xsa398-4.13-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
a272621b1f03b2096a41d675b3ed46ff2c737cd2afcb3e2156a7ec2f8c31748b  xsa398/xsa398-4.13-4-xen-arm-Add-Spectre-BHB-handling.patch
8df9f4d3e7bd154246ebe7cd1bc0908ead1076aa35c0a183cd95359aa2173ad0  xsa398/xsa398-4.13-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
02c3a3c45bf3c2592bbc809ce4a8eb24d0b9d31856e9641d5566af68ebf2b476  xsa398/xsa398-4.13-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
59edd0b8303a39451893d425b8e7ab8aeacf3e6d0bf460ba66a3a323dc0e3145  xsa398/xsa398-4.14-1-xen-arm-Introduce-new-Arm-processors.patch
60bd3003759404b60fd8a7dcf0de87a13463bf64c3724f8fe6570e07c515cecb  xsa398/xsa398-4.14-2-xen-arm-move-errata-CSV2-check-earlier.patch
138511c69d00ef1dc0dfe5432af06d744e7b66945bada78024e343943fc001f2  xsa398/xsa398-4.14-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
9c1b338511422629c98f11c42da27b1cd82435decc0531bca6b8a51218909101  xsa398/xsa398-4.14-4-xen-arm-Add-Spectre-BHB-handling.patch
1a212de641ac1cebfc1aee32c55e9f8bfac6b059f5419ed62589eed99cc0dea5  xsa398/xsa398-4.14-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
da382a5baee60ecdf8b4cb0da2c1901b23f324b03dbbe33018fb825e70f78446  xsa398/xsa398-4.14-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
296e5fdd53328e768908a4e790959841264a410548b4f52f7ccdcf793e9aca7a  xsa398/xsa398-4.15-1-xen-arm-Introduce-new-Arm-processors.patch
4498957a1f91c69e2a72cfcfb88804537ee0c05f05fa5d898f452a4dc8205f9e  xsa398/xsa398-4.15-2-xen-arm-move-errata-CSV2-check-earlier.patch
2f2b9ec3945283e48486cfd32d5b4343892040d48adc105a89e15953a128df3d  xsa398/xsa398-4.15-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
6d0ade4dfb59fc87c7ae22e4faa333fb5ccef5ecc595de58ef9bcf35f4e3eb26  xsa398/xsa398-4.15-4-xen-arm-Add-Spectre-BHB-handling.patch
77a0a93cd9617c8f0ec0bab1b79f6ed60cab20f5b6ea76a9b6158c4d3a1d0d89  xsa398/xsa398-4.15-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
7df5b320c5887c72c8ed4ffe5b4bcdce9263fde76fe6a67e0876933f8d1ebcff  xsa398/xsa398-4.15-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
92bdba8102f88a2c9d71b46df4db43176fbf0082f9d438101407dbb7e6d458c6  xsa398/xsa398-4.16-1-xen-arm-Introduce-new-Arm-processors.patch
0c9a6fbebc13a0dee288d67a94562fd76e3c6aec20b543c66ac2c16a812973ee  xsa398/xsa398-4.16-2-xen-arm-move-errata-CSV2-check-earlier.patch
4f084857ed79af49d2814c02ff6e090a14d77bb0f0d29ac6ddce3576fdb98c68  xsa398/xsa398-4.16-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
8032757effe8dbc5ef8479403461e604b1520f007489620eace3857b467a4fe2  xsa398/xsa398-4.16-4-xen-arm-Add-Spectre-BHB-handling.patch
3763998bb62d9b251b9358edff220fd22847729768c98dbd46362c290041025b  xsa398/xsa398-4.16-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
114f07da2d79f45e0fa45c826c308b273e8c29b6d458bac10fe1aa231a3c2748  xsa398/xsa398-4.16-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
1bedca674ecee5437e492e2f71275cd32e799d839d26a8f0d75ddee44db2e4d2  xsa398/xsa398-4-xen-arm-Add-Spectre-BHB-handling.patch
6d63089af3eca863599bbe20e26f1f12d2d9c9b637317e7af44fc59750b09f77  xsa398/xsa398-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
f79e357079744bbee3e1f7d99d93196e925739297a16fdd8bc1cc86d3b846ce3  xsa398/xsa398-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
$
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmInnKUMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZ6XQIAIpVmnShgCYyb51BWYzZJ1yG2elg2sVPByc7NF2C
5VcIVOpE3QHRxmJzMIM01peHrfIbY61ZFfD76pKaBaSxUjkvWII+9Q7Qir+q9I4+
X6Kwmf7pbjX2AsFR08TQoYyNMWKFwf0fhc4AK0BtDe83FuEu0wg3EY0sThzS32jf
WcBSVf29KOlh7dVEbBHKQsaGGjVJsgdloIK3z8XX4ACRpku+eUrl/7O7lJBtT0Zo
BxBPObMteh9IA3Pt0UqHqB8XZWLP95XDAq/FvLGts/EqxxKQAlfIm9hN8MJeDQUl
4Sh0dAE1Ab2eGdQSl5OeqXdvs+ZTBqlDbbLD/grIfJcYHUg=
=qv9D
-----END PGP SIGNATURE-----
Comment 1 Gianluca Gabrielli 2022-03-09 08:13:15 UTC
Created attachment 856866 [details]
Upstream patches
Comment 2 Marcus Meissner 2022-03-09 13:50:08 UTC
dup of bug 1196915

*** This bug has been marked as a duplicate of bug 1196915 ***
Comment 3 Swamp Workflow Management 2022-04-14 10:23:25 UTC
SUSE-SU-2022:1196-1: An update that solves 22 vulnerabilities, contains three features and has 39 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1191580,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196657,1196723,1196761,1196830,1196836,1196901,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1197914,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0001,CVE-2022-0002,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-23960,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.116.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.116.1, kernel-obs-build-4.12.14-122.116.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.116.1, kernel-source-4.12.14-122.116.1, kernel-syms-4.12.14-122.116.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.116.1, kgraft-patch-SLE12-SP5_Update_30-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.116.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2022-05-12 19:17:56 UTC
SUSE-SU-2022:1651-1: An update that solves 13 vulnerabilities and has 20 fixes is now available.

Category: security (important)
Bug References: 1028340,1065729,1071995,1084513,1114648,1121726,1129770,1137728,1172456,1183723,1187055,1191647,1191958,1194625,1196018,1196247,1196657,1196901,1197075,1197343,1197663,1197888,1197914,1198217,1198228,1198400,1198413,1198516,1198660,1198687,1198742,1198825,1199012
CVE References: CVE-2018-7755,CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-43389,CVE-2022-1011,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-23960,CVE-2022-28748
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.97.1, kernel-source-azure-4.12.14-16.97.1, kernel-syms-azure-4.12.14-16.97.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2022-07-12 22:17:14 UTC
SUSE-SU-2022:2376-1: An update that solves 9 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1065729,1179195,1180814,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1199487,1199489,1199657,1200217,1200263,1200442,1200571,1200599,1200600,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222
CVE References: CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.69.1, kernel-source-azure-5.3.18-150300.38.69.1, kernel-syms-azure-5.3.18-150300.38.69.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.69.1, kernel-source-azure-5.3.18-150300.38.69.1, kernel-syms-azure-5.3.18-150300.38.69.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2022-07-13 13:22:22 UTC
SUSE-SU-2022:2379-1: An update that solves 9 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1066618,1146519,1194013,1196901,1199487,1199657,1200571,1200604,1200605,1200619,1200692,1201050,1201080
CVE References: CVE-2017-16525,CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.178.1, kernel-source-4.4.121-92.178.1, kernel-syms-4.4.121-92.178.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2022-07-14 13:21:04 UTC
SUSE-SU-2022:2393-1: An update that solves 21 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1158266,1162338,1162369,1173871,1177282,1194013,1196901,1198577,1199426,1199487,1199507,1199657,1200059,1200143,1200144,1200249,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1200762,1201050,1201080,1201251
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-26341,CVE-2021-4157,CVE-2022-1184,CVE-2022-1679,CVE-2022-1729,CVE-2022-1974,CVE-2022-1975,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-21499,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33981
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.102.1, kernel-source-4.12.14-95.102.1, kernel-syms-4.12.14-95.102.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.102.1, kernel-source-4.12.14-95.102.1, kernel-syms-4.12.14-95.102.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.102.1, kernel-source-4.12.14-95.102.1, kernel-syms-4.12.14-95.102.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.102.1, kernel-source-4.12.14-95.102.1, kernel-syms-4.12.14-95.102.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.102.1, kgraft-patch-SLE12-SP4_Update_28-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.102.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2022-07-15 13:18:36 UTC
SUSE-SU-2022:2407-1: An update that solves 15 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1177282,1194013,1196901,1199487,1199657,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1200762,1201050,1201080,1201251
CVE References: CVE-2020-26541,CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33981
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.95.1, kernel-docs-4.12.14-150000.150.95.1, kernel-obs-build-4.12.14-150000.150.95.1, kernel-source-4.12.14-150000.150.95.1, kernel-syms-4.12.14-150000.150.95.1, kernel-vanilla-4.12.14-150000.150.95.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.95.1, kernel-docs-4.12.14-150000.150.95.1, kernel-obs-build-4.12.14-150000.150.95.1, kernel-source-4.12.14-150000.150.95.1, kernel-syms-4.12.14-150000.150.95.1, kernel-vanilla-4.12.14-150000.150.95.1, kernel-zfcpdump-4.12.14-150000.150.95.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.95.1, kernel-livepatch-SLE15_Update_31-1-150000.1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.95.1, kernel-docs-4.12.14-150000.150.95.1, kernel-obs-build-4.12.14-150000.150.95.1, kernel-source-4.12.14-150000.150.95.1, kernel-syms-4.12.14-150000.150.95.1, kernel-vanilla-4.12.14-150000.150.95.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.95.1, kernel-docs-4.12.14-150000.150.95.1, kernel-obs-build-4.12.14-150000.150.95.1, kernel-source-4.12.14-150000.150.95.1, kernel-syms-4.12.14-150000.150.95.1, kernel-vanilla-4.12.14-150000.150.95.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.95.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2022-07-15 16:18:25 UTC
SUSE-SU-2022:2411-1: An update that solves 14 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1194013,1196901,1199487,1199657,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1200762,1201050,1201080,1201251
CVE References: CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33981
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.117.1, kernel-default-4.12.14-150100.197.117.1, kernel-kvmsmall-4.12.14-150100.197.117.1, kernel-vanilla-4.12.14-150100.197.117.1, kernel-zfcpdump-4.12.14-150100.197.117.1
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.117.1, kernel-default-4.12.14-150100.197.117.1, kernel-kvmsmall-4.12.14-150100.197.117.1, kernel-vanilla-4.12.14-150100.197.117.1, kernel-zfcpdump-4.12.14-150100.197.117.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.117.1, kernel-docs-4.12.14-150100.197.117.1, kernel-obs-build-4.12.14-150100.197.117.1, kernel-source-4.12.14-150100.197.117.1, kernel-syms-4.12.14-150100.197.117.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.117.1, kernel-docs-4.12.14-150100.197.117.1, kernel-obs-build-4.12.14-150100.197.117.1, kernel-source-4.12.14-150100.197.117.1, kernel-syms-4.12.14-150100.197.117.1, kernel-zfcpdump-4.12.14-150100.197.117.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.117.1, kernel-docs-4.12.14-150100.197.117.1, kernel-obs-build-4.12.14-150100.197.117.1, kernel-source-4.12.14-150100.197.117.1, kernel-syms-4.12.14-150100.197.117.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.117.1, kernel-livepatch-SLE15-SP1_Update_32-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.117.1, kernel-docs-4.12.14-150100.197.117.1, kernel-obs-build-4.12.14-150100.197.117.1, kernel-source-4.12.14-150100.197.117.1, kernel-syms-4.12.14-150100.197.117.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.117.1, kernel-docs-4.12.14-150100.197.117.1, kernel-obs-build-4.12.14-150100.197.117.1, kernel-source-4.12.14-150100.197.117.1, kernel-syms-4.12.14-150100.197.117.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.117.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.117.1, kernel-docs-4.12.14-150100.197.117.1, kernel-obs-build-4.12.14-150100.197.117.1, kernel-source-4.12.14-150100.197.117.1, kernel-syms-4.12.14-150100.197.117.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.117.1, kernel-docs-4.12.14-150100.197.117.1, kernel-obs-build-4.12.14-150100.197.117.1, kernel-source-4.12.14-150100.197.117.1, kernel-syms-4.12.14-150100.197.117.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-07-18 10:17:15 UTC
SUSE-SU-2022:2423-1: An update that solves 9 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1194013,1195775,1196901,1197362,1199487,1199489,1199657,1200263,1200442,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1201050,1201080
CVE References: CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.120.1, kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2, kernel-docs-5.3.18-150200.24.120.1, kernel-obs-build-5.3.18-150200.24.120.1, kernel-preempt-5.3.18-150200.24.120.1, kernel-source-5.3.18-150200.24.120.1, kernel-syms-5.3.18-150200.24.120.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.120.1, kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2, kernel-docs-5.3.18-150200.24.120.1, kernel-preempt-5.3.18-150200.24.120.1, kernel-source-5.3.18-150200.24.120.1, kernel-syms-5.3.18-150200.24.120.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.120.1, kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2, kernel-docs-5.3.18-150200.24.120.1, kernel-preempt-5.3.18-150200.24.120.1, kernel-source-5.3.18-150200.24.120.1, kernel-syms-5.3.18-150200.24.120.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.120.1, kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2, kernel-docs-5.3.18-150200.24.120.1, kernel-obs-build-5.3.18-150200.24.120.1, kernel-preempt-5.3.18-150200.24.120.1, kernel-source-5.3.18-150200.24.120.1, kernel-syms-5.3.18-150200.24.120.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.120.1, kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2, kernel-docs-5.3.18-150200.24.120.1, kernel-obs-build-5.3.18-150200.24.120.1, kernel-preempt-5.3.18-150200.24.120.1, kernel-source-5.3.18-150200.24.120.1, kernel-syms-5.3.18-150200.24.120.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.120.1, kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2, kernel-docs-5.3.18-150200.24.120.1, kernel-preempt-5.3.18-150200.24.120.1, kernel-source-5.3.18-150200.24.120.1, kernel-syms-5.3.18-150200.24.120.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.120.1, kernel-livepatch-SLE15-SP2_Update_28-1-150200.5.5.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.120.1, kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2, kernel-docs-5.3.18-150200.24.120.1, kernel-obs-build-5.3.18-150200.24.120.1, kernel-preempt-5.3.18-150200.24.120.1, kernel-source-5.3.18-150200.24.120.1, kernel-syms-5.3.18-150200.24.120.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.120.1, kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2, kernel-docs-5.3.18-150200.24.120.1, kernel-obs-build-5.3.18-150200.24.120.1, kernel-preempt-5.3.18-150200.24.120.1, kernel-source-5.3.18-150200.24.120.1, kernel-syms-5.3.18-150200.24.120.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.120.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.120.1, kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2, kernel-docs-5.3.18-150200.24.120.1, kernel-obs-build-5.3.18-150200.24.120.1, kernel-preempt-5.3.18-150200.24.120.1, kernel-source-5.3.18-150200.24.120.1, kernel-syms-5.3.18-150200.24.120.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-07-18 10:20:07 UTC
SUSE-SU-2022:2424-1: An update that solves 10 vulnerabilities, contains one feature and has 43 fixes is now available.

Category: security (important)
Bug References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222
CVE References: CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918
JIRA References: SLE-15442
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.96.1, kernel-rt_debug-5.3.18-150300.96.1, kernel-source-rt-5.3.18-150300.96.1, kernel-syms-rt-5.3.18-150300.96.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.96.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.96.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-07-18 10:26:31 UTC
SUSE-SU-2022:2422-1: An update that solves 11 vulnerabilities and has 44 fixes is now available.

Category: security (important)
Bug References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222
CVE References: CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.81.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.81.1, kernel-64kb-5.3.18-150300.59.81.1, kernel-debug-5.3.18-150300.59.81.1, kernel-default-5.3.18-150300.59.81.1, kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2, kernel-docs-5.3.18-150300.59.81.1, kernel-kvmsmall-5.3.18-150300.59.81.1, kernel-obs-build-5.3.18-150300.59.81.1, kernel-obs-qa-5.3.18-150300.59.81.1, kernel-preempt-5.3.18-150300.59.81.1, kernel-source-5.3.18-150300.59.81.1, kernel-syms-5.3.18-150300.59.81.1, kernel-zfcpdump-5.3.18-150300.59.81.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.81.1, kernel-preempt-5.3.18-150300.59.81.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.81.1, kernel-livepatch-SLE15-SP3_Update_21-1-150300.7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.81.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.81.1, kernel-obs-build-5.3.18-150300.59.81.1, kernel-preempt-5.3.18-150300.59.81.1, kernel-source-5.3.18-150300.59.81.1, kernel-syms-5.3.18-150300.59.81.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.81.1, kernel-default-5.3.18-150300.59.81.1, kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2, kernel-preempt-5.3.18-150300.59.81.1, kernel-source-5.3.18-150300.59.81.1, kernel-zfcpdump-5.3.18-150300.59.81.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.81.1, kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.81.1, kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.81.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2022-07-21 13:18:56 UTC
SUSE-SU-2022:2478-1: An update that solves 9 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1066618,1146519,1194013,1196901,1199487,1199657,1200571,1200604,1200605,1200619,1200692,1201050,1201080
CVE References: CVE-2017-16525,CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.167.1, kernel-source-4.4.180-94.167.1, kernel-syms-4.4.180-94.167.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2022-07-21 22:29:46 UTC
SUSE-SU-2022:2520-1: An update that solves 49 vulnerabilities, contains 26 features and has 207 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1071995,1089644,1103269,1118212,1121726,1137728,1156395,1157038,1157923,1175667,1179439,1179639,1180814,1183682,1183872,1184318,1184924,1187716,1188885,1189998,1190137,1190208,1190336,1190497,1190768,1190786,1190812,1191271,1191663,1192483,1193064,1193277,1193289,1193431,1193556,1193629,1193640,1193787,1193823,1193852,1194086,1194111,1194191,1194409,1194501,1194523,1194526,1194583,1194585,1194586,1194625,1194765,1194826,1194869,1195099,1195287,1195478,1195482,1195504,1195651,1195668,1195669,1195775,1195823,1195826,1195913,1195915,1195926,1195944,1195957,1195987,1196079,1196114,1196130,1196213,1196306,1196367,1196400,1196426,1196478,1196514,1196570,1196723,1196779,1196830,1196836,1196866,1196868,1196869,1196901,1196930,1196942,1196960,1197016,1197157,1197227,1197243,1197292,1197302,1197303,1197304,1197362,1197386,1197501,1197601,1197661,1197675,1197761,1197817,1197819,1197820,1197888,1197889,1197894,1197915,1197917,1197918,1197920,1197921,1197922,1197926,1198009,1198010,1198012,1198013,1198014,1198015,1198016,1198017,1198018,1198019,1198020,1198021,1198022,1198023,1198024,1198027,1198030,1198034,1198058,1198217,1198379,1198400,1198402,1198410,1198412,1198413,1198438,1198484,1198577,1198585,1198660,1198802,1198803,1198806,1198811,1198826,1198829,1198835,1198968,1198971,1199011,1199024,1199035,1199046,1199052,1199063,1199163,1199173,1199260,1199314,1199390,1199426,1199433,1199439,1199482,1199487,1199505,1199507,1199605,1199611,1199626,1199631,1199650,1199657,1199674,1199736,1199793,1199839,1199875,1199909,1200015,1200019,1200045,1200046,1200144,1200205,1200211,1200259,1200263,1200284,1200315,1200343,1200420,1200442,1200475,1200502,1200567,1200569,1200571,1200599,1200600,1200608,1200611,1200619,1200692,1200762,1200763,1200806,1200807,1200808,1200809,1200810,1200812,1200813,1200815,1200816,1200820,1200821,1200822,1200824,1200825,1200827,1200828,1200829,1200830,1200845,1200882,1200925,1201050,1201080,1201160,1201171,1201177,1201193,1201196,1201218,1201222,1201228,1201251,1201381,1201471,1201524
CVE References: CVE-2021-26341,CVE-2021-33061,CVE-2021-4204,CVE-2021-44879,CVE-2021-45402,CVE-2022-0264,CVE-2022-0494,CVE-2022-0617,CVE-2022-1012,CVE-2022-1016,CVE-2022-1184,CVE-2022-1198,CVE-2022-1205,CVE-2022-1462,CVE-2022-1508,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1998,CVE-2022-20132,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-23222,CVE-2022-26365,CVE-2022-26490,CVE-2022-29582,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33743,CVE-2022-33981,CVE-2022-34918
JIRA References: SLE-13513,SLE-13521,SLE-15442,SLE-17855,SLE-18194,SLE-18234,SLE-18375,SLE-18377,SLE-18378,SLE-18382,SLE-18385,SLE-18901,SLE-18938,SLE-18978,SLE-19001,SLE-19026,SLE-19242,SLE-19249,SLE-19253,SLE-19924,SLE-21315,SLE-23643,SLE-24072,SLE-24093,SLE-24350,SLE-24549
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.11.1, kernel-64kb-5.14.21-150400.24.11.1, kernel-debug-5.14.21-150400.24.11.1, kernel-default-5.14.21-150400.24.11.1, kernel-default-base-5.14.21-150400.24.11.1.150400.24.3.6, kernel-docs-5.14.21-150400.24.11.1, kernel-kvmsmall-5.14.21-150400.24.11.1, kernel-obs-build-5.14.21-150400.24.11.1, kernel-obs-qa-5.14.21-150400.24.11.1, kernel-source-5.14.21-150400.24.11.1, kernel-syms-5.14.21-150400.24.11.1, kernel-zfcpdump-5.14.21-150400.24.11.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.11.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.11.1, kernel-livepatch-SLE15-SP4_Update_1-1-150400.9.5.3
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.11.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.11.1, kernel-obs-build-5.14.21-150400.24.11.1, kernel-source-5.14.21-150400.24.11.1, kernel-syms-5.14.21-150400.24.11.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.11.1, kernel-default-5.14.21-150400.24.11.1, kernel-default-base-5.14.21-150400.24.11.1.150400.24.3.6, kernel-source-5.14.21-150400.24.11.1, kernel-zfcpdump-5.14.21-150400.24.11.1
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2022-07-26 16:20:46 UTC
SUSE-SU-2022:2549-1: An update that solves 11 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222,1201644,1201664,1201672,1201673,1201676
CVE References: CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.87.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.87.1, kernel-64kb-5.3.18-150300.59.87.1, kernel-debug-5.3.18-150300.59.87.1, kernel-default-5.3.18-150300.59.87.1, kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2, kernel-docs-5.3.18-150300.59.87.1, kernel-kvmsmall-5.3.18-150300.59.87.1, kernel-obs-build-5.3.18-150300.59.87.1, kernel-obs-qa-5.3.18-150300.59.87.1, kernel-preempt-5.3.18-150300.59.87.1, kernel-source-5.3.18-150300.59.87.1, kernel-syms-5.3.18-150300.59.87.1, kernel-zfcpdump-5.3.18-150300.59.87.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.87.1, kernel-preempt-5.3.18-150300.59.87.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.87.1, kernel-livepatch-SLE15-SP3_Update_22-1-150300.7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.87.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.87.1, kernel-obs-build-5.3.18-150300.59.87.1, kernel-preempt-5.3.18-150300.59.87.1, kernel-source-5.3.18-150300.59.87.1, kernel-syms-5.3.18-150300.59.87.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.87.1, kernel-default-5.3.18-150300.59.87.1, kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2, kernel-preempt-5.3.18-150300.59.87.1, kernel-source-5.3.18-150300.59.87.1, kernel-zfcpdump-5.3.18-150300.59.87.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.87.1, kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.87.1, kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.87.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2022-08-01 13:31:32 UTC
SUSE-SU-2022:2615-1: An update that solves 48 vulnerabilities, contains 26 features and has 202 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1071995,1089644,1103269,1118212,1121726,1137728,1156395,1157038,1157923,1175667,1179439,1179639,1180814,1183682,1183872,1184318,1184924,1187716,1188885,1189998,1190137,1190208,1190336,1190497,1190768,1190786,1190812,1191271,1191663,1192483,1193064,1193277,1193289,1193431,1193556,1193629,1193640,1193787,1193823,1193852,1194086,1194111,1194191,1194409,1194501,1194523,1194526,1194583,1194585,1194586,1194625,1194765,1194826,1194869,1195099,1195287,1195478,1195482,1195504,1195651,1195668,1195669,1195775,1195823,1195826,1195913,1195915,1195926,1195944,1195957,1195987,1196079,1196114,1196130,1196213,1196306,1196367,1196400,1196426,1196478,1196514,1196570,1196723,1196779,1196830,1196836,1196866,1196868,1196869,1196901,1196930,1196942,1196960,1197016,1197157,1197227,1197243,1197292,1197302,1197303,1197304,1197362,1197386,1197501,1197601,1197661,1197675,1197761,1197817,1197819,1197820,1197888,1197889,1197894,1197915,1197917,1197918,1197920,1197921,1197922,1197926,1198009,1198010,1198012,1198013,1198014,1198015,1198016,1198017,1198018,1198019,1198020,1198021,1198022,1198023,1198024,1198027,1198030,1198034,1198058,1198217,1198379,1198400,1198402,1198412,1198413,1198438,1198484,1198577,1198585,1198660,1198802,1198803,1198806,1198811,1198826,1198835,1198968,1198971,1199011,1199024,1199035,1199046,1199052,1199063,1199163,1199173,1199260,1199314,1199390,1199426,1199433,1199439,1199482,1199487,1199505,1199507,1199605,1199611,1199626,1199631,1199650,1199657,1199674,1199736,1199793,1199839,1199875,1199909,1200015,1200019,1200045,1200046,1200144,1200205,1200211,1200259,1200263,1200284,1200315,1200343,1200420,1200442,1200475,1200502,1200567,1200569,1200571,1200572,1200599,1200600,1200608,1200611,1200619,1200692,1200762,1200763,1200806,1200807,1200808,1200809,1200810,1200812,1200815,1200816,1200820,1200822,1200824,1200825,1200827,1200828,1200829,1200830,1200845,1200882,1200925,1201050,1201160,1201171,1201177,1201193,1201196,1201218,1201222,1201228,1201251,150300
CVE References: CVE-2021-26341,CVE-2021-33061,CVE-2021-4204,CVE-2021-44879,CVE-2021-45402,CVE-2022-0264,CVE-2022-0494,CVE-2022-0617,CVE-2022-1012,CVE-2022-1016,CVE-2022-1184,CVE-2022-1198,CVE-2022-1205,CVE-2022-1508,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1998,CVE-2022-20132,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-23222,CVE-2022-26365,CVE-2022-26490,CVE-2022-29582,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33743,CVE-2022-33981,CVE-2022-34918
JIRA References: SLE-13513,SLE-13521,SLE-15442,SLE-17855,SLE-18194,SLE-18234,SLE-18375,SLE-18377,SLE-18378,SLE-18382,SLE-18385,SLE-18901,SLE-18938,SLE-18978,SLE-19001,SLE-19026,SLE-19242,SLE-19249,SLE-19253,SLE-19924,SLE-21315,SLE-23643,SLE-24072,SLE-24093,SLE-24350,SLE-24549
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.7.1, kernel-source-azure-5.14.21-150400.14.7.1, kernel-syms-azure-5.14.21-150400.14.7.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.7.1, kernel-source-azure-5.14.21-150400.14.7.1, kernel-syms-azure-5.14.21-150400.14.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2022-08-02 19:17:33 UTC
SUSE-SU-2022:2629-1: An update that solves 33 vulnerabilities and has 41 fixes is now available.

Category: security (important)
Bug References: 1024718,1055117,1061840,1065729,1129770,1158266,1177282,1188885,1194013,1194124,1196426,1196570,1196901,1196964,1197170,1197219,1197601,1198438,1198577,1198866,1198899,1199035,1199063,1199237,1199239,1199314,1199399,1199426,1199482,1199487,1199505,1199507,1199526,1199605,1199631,1199650,1199657,1199671,1199839,1200015,1200045,1200143,1200144,1200173,1200249,1200343,1200549,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200762,1200806,1200807,1200809,1200810,1200813,1200820,1200821,1200822,1200829,1200868,1200869,1200870,1200871,1200872,1200873,1200925,1201050,1201080,1201251
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-26341,CVE-2021-33061,CVE-2021-39711,CVE-2021-4157,CVE-2022-1012,CVE-2022-1184,CVE-2022-1652,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1836,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.94.1, kernel-rt_debug-4.12.14-10.94.1, kernel-source-rt-4.12.14-10.94.1, kernel-syms-rt-4.12.14-10.94.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2022-08-15 22:17:54 UTC
SUSE-SU-2022:2809-1: An update that solves 22 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1114648,1194013,1195478,1195775,1196472,1196901,1197362,1198829,1199487,1199489,1199647,1199648,1199657,1200263,1200442,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1200762,1200905,1200910,1201050,1201080,1201251,1201429,1201458,1201635,1201636,1201644,1201664,1201672,1201673,1201676,1201742,1201752,1201930,1201940
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-26341,CVE-2021-33655,CVE-2021-33656,CVE-2021-4157,CVE-2022-1116,CVE-2022-1462,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33981,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-livepatch-SLE15-SP2_Update_29-1-150200.5.5.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.126.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2022-09-01 13:58:29 UTC
openSUSE-SU-2022:2549-1: An update that solves 11 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222,1201644,1201664,1201672,1201673,1201676
CVE References: CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.87.1, kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2
Comment 20 Swamp Workflow Management 2022-09-01 14:10:38 UTC
openSUSE-SU-2022:2422-1: An update that solves 11 vulnerabilities and has 44 fixes is now available.

Category: security (important)
Bug References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222
CVE References: CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.81.1, kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2
Comment 21 Swamp Workflow Management 2022-09-01 14:58:33 UTC
SUSE-SU-2022:2424-2: An update that solves 10 vulnerabilities, contains one feature and has 43 fixes is now available.

Category: security (important)
Bug References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222
CVE References: CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918
JIRA References: SLE-15442
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-rt-5.3.18-150300.96.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.