Bug 1213286 (CVE-2023-20593)

Summary: VUL-0: CVE-2023-20593: kernel,kernel-firmware: AMD CPU: "ZenBleed": VZEROUPPER does not clear upper bits under certain conditions
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: Andreas.Stieger, ddavis, jslaby, logan.vance, meissner, mhocko, mjambor, mkoutny, nik.borisov, osalvador, roger.whittaker, tiwai, vbabka
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/372384/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Marcus Meissner 2023-07-13 10:59:07 UTC 
CRD: 2023-08-08
Comment 2 Nikolay Borisov 2023-07-18 10:49:21 UTC 
Which kernels does this have to be backported. The affected CPUs are: 

> AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0x30, 0x0, 0x4f, 0xf),
> AMD_MODEL_RANGE(0x17, 0x60, 0x0, 0x7f, 0xf),
> AMD_MODEL_RANGE(0x17, 0xa0, 0x0, 0xaf, 0xf));

That's family 0x17 (zen/zen+/zen2) and the model ranges are described by the 2nd argument of the AMD_MODEL_RANGE macros.
Comment 20 Nikolay Borisov 2023-07-21 15:02:05 UTC 
This is an official stance of Google, which was just mailed: 

> We intend to disclose Zenbleed early next week. We have not discussed this with > AMD PSIRT yet, but we will do it now (after I finish sending this email 😄, 
> once we hear back from them we can find out the exact day and time. We can 
> provide a preview of the advisory to you folks if you want, but it's pretty much > what you already saw.
Comment 21 Nikolay Borisov 2023-07-24 05:32:03 UTC 
> We are on for Monday noon pacific time. https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8 will contain the initial advisory and some additional information will be posted to the repository.
Comment 23 Marcus Meissner 2023-07-24 07:27:25 UTC 
CRD: 2023-07-24 19:00 UTC
Comment 27 Marcus Meissner 2023-07-24 14:36:59 UTC 
is now public via oss-sec

Hello, this is CVE-2023-20593, a use-after-free in AMD Zen2 processors.

Yes, you read that right :)

This includes at least the following products:

- AMD Ryzen 3000 Series Processors
- AMD Ryzen PRO 3000 Series Processors
- AMD Ryzen Threadripper 3000 Series Processors
- AMD Ryzen 4000 Series Processors with Radeon Graphics
- AMD Ryzen PRO 4000 Series Processors
- AMD Ryzen 5000 Series Processors with Radeon Graphics
- AMD Ryzen 7020 Series Processors with Radeon Graphics
- AMD EPYC 7002 Series Processors

I've written a blog post with a detailed description of this bug,
it's available here:

https://lock.cmpxchg8b.com/zenbleed.html

# Background

The vector register file (RF) is a resource shared among all tasks on
the same physical core. The register allocation table (RAT) keeps track
of how RF resources are assigned and mapped to named registers. However,
no RF space is needed to store a register with a zero value - a flag
called the z-bit can simply be set in the RAT.

# Vulnerability

If the z-bit is set speculatively, then it would not be sufficient to
unset it again on branch misprediction. That's because the previously
allocated RF space could have been reallocated between those two events.
That would effectively be a UaF.

We have discovered that this really can happen under certain specific
conditions. Specifically, an instruction that uses merge optimization, a
register rename, and a mispredicted VZEROUPPER instruction must enter
the FP backend simultaneously.

# Impact

The practical result here is that you can spy on the registers of other
processes. No system calls or privileges are required.

It works across virtual machines and affects all operating systems.

I have written a poc for this issue that's fast enough to reconstruct
keys and passwords as users log in.

# Solution

AMD have released a patch for this issue available here:

https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b250b32ab1d044953af2dc5e790819a7703b7ee6

There is a software workaround, you can set the chicken bit DE_CFG[9].
This may have some performance cost, and the microcode update is
preferred.

It is not sufficient to disable SMT.

# Credit

This bug was discovered by Tavis Ormandy of Google Information Security.


-- 
 _o)            $ lynx lock.cmpxchg8b.com
 /\\  _o)  _o)  $ finger taviso@sdf.org
_\_V _( ) _( )  @taviso
Comment 40 Jiri Slaby 2023-07-25 04:43:16 UTC 
FWIW 522b1d69219d8f included in 6.4.6, pushed to stable.
Comment 48 Maintenance Automation 2023-07-26 16:47:09 UTC 
SUSE-SU-2023:2986-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213286
CVE References: CVE-2023-20593
Sources used:
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): kernel-firmware-20170530-21.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 51 Maintenance Automation 2023-07-27 12:48:15 UTC 
SUSE-SU-2023:3001-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213286
CVE References: CVE-2023-20593
Sources used:
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-firmware-20190618-5.28.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-firmware-20190618-5.28.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-firmware-20190618-5.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 53 Maintenance Automation 2023-07-27 16:30:13 UTC 
SUSE-SU-2023:3006-1: An update that solves three vulnerabilities and has 60 fixes can now be installed.

Category: security (important)
Bug References: 1150305, 1173438, 1202716, 1205496, 1207617, 1207620, 1207629, 1207630, 1207633, 1207634, 1207653, 1208788, 1210584, 1210765, 1210766, 1210771, 1211867, 1212301, 1212657, 1212741, 1212835, 1212871, 1212905, 1212986, 1212987, 1212988, 1212989, 1212990, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213017, 1213018, 1213019, 1213020, 1213021, 1213022, 1213023, 1213024, 1213025, 1213032, 1213033, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213042, 1213059, 1213133, 1213215, 1213218, 1213221, 1213286, 1213344, 1213346, 1213525
CVE References: CVE-2023-20593, CVE-2023-2985, CVE-2023-35001
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-source-rt-4.12.14-10.133.1, kernel-syms-rt-4.12.14-10.133.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 56 Maintenance Automation 2023-07-28 20:30:03 UTC 
SUSE-SU-2023:3022-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213286
CVE References: CVE-2023-20593
Sources used:
openSUSE Leap 15.4 (src): kernel-firmware-20220509-150400.4.19.1
openSUSE Leap Micro 5.3 (src): kernel-firmware-20220509-150400.4.19.1
openSUSE Leap Micro 5.4 (src): kernel-firmware-20220509-150400.4.19.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-firmware-20220509-150400.4.19.1
SUSE Linux Enterprise Micro 5.3 (src): kernel-firmware-20220509-150400.4.19.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-firmware-20220509-150400.4.19.1
SUSE Linux Enterprise Micro 5.4 (src): kernel-firmware-20220509-150400.4.19.1
Basesystem Module 15-SP4 (src): kernel-firmware-20220509-150400.4.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 57 Maintenance Automation 2023-07-28 20:30:09 UTC 
SUSE-SU-2023:3020-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213286
CVE References: CVE-2023-20593
Sources used:
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-firmware-20200107-150100.3.34.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-firmware-20200107-150100.3.34.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-firmware-20200107-150100.3.34.1
SUSE CaaS Platform 4.0 (src): kernel-firmware-20200107-150100.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-firmware-20200107-150100.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-firmware-20200107-150100.3.34.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-firmware-20200107-150100.3.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 58 Maintenance Automation 2023-07-28 20:30:11 UTC 
SUSE-SU-2023:3019-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213286
CVE References: CVE-2023-20593
Sources used:
openSUSE Leap 15.5 (src): kernel-firmware-20230724-150500.3.3.1
Basesystem Module 15-SP5 (src): kernel-firmware-20230724-150500.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 62 Maintenance Automation 2023-08-03 09:40:45 UTC 
SUSE-SU-2023:3172-1: An update that solves seven vulnerabilities, contains two features and has 25 fixes can now be installed.

Category: security (important)
Bug References: 1150305, 1193629, 1194869, 1207894, 1208788, 1211243, 1211867, 1212256, 1212301, 1212525, 1212846, 1212905, 1213059, 1213061, 1213205, 1213206, 1213226, 1213233, 1213245, 1213247, 1213252, 1213258, 1213259, 1213263, 1213264, 1213286, 1213493, 1213523, 1213524, 1213533, 1213543, 1213705
CVE References: CVE-2023-20593, CVE-2023-2985, CVE-2023-3117, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3812
Jira References: PED-4718, PED-4758
Sources used:
openSUSE Leap 15.5 (src): kernel-obs-qa-5.14.21-150500.55.12.1, kernel-source-5.14.21-150500.55.12.1, kernel-obs-build-5.14.21-150500.55.12.1, kernel-livepatch-SLE15-SP5_Update_2-1-150500.11.3.2, kernel-default-base-5.14.21-150500.55.12.1.150500.6.4.2, kernel-syms-5.14.21-150500.55.12.1
Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.12.1, kernel-default-base-5.14.21-150500.55.12.1.150500.6.4.2
Development Tools Module 15-SP5 (src): kernel-obs-build-5.14.21-150500.55.12.1, kernel-source-5.14.21-150500.55.12.1, kernel-syms-5.14.21-150500.55.12.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_2-1-150500.11.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 63 Maintenance Automation 2023-08-03 09:41:15 UTC 
SUSE-SU-2023:3171-1: An update that solves seven vulnerabilities and has 70 fixes can now be installed.

Category: security (important)
Bug References: 1150305, 1193629, 1194869, 1207894, 1208788, 1210565, 1210584, 1210853, 1211243, 1211811, 1211867, 1212301, 1212846, 1212905, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213059, 1213061, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213134, 1213245, 1213247, 1213252, 1213258, 1213259, 1213263, 1213264, 1213286, 1213523, 1213524, 1213543, 1213705
CVE References: CVE-2023-20593, CVE-2023-2985, CVE-2023-3117, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3812
Sources used:
openSUSE Leap 15.4 (src): kernel-source-5.14.21-150400.24.74.1, kernel-syms-5.14.21-150400.24.74.1, kernel-livepatch-SLE15-SP4_Update_15-1-150400.9.3.3, kernel-obs-qa-5.14.21-150400.24.74.1, kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3, kernel-obs-build-5.14.21-150400.24.74.1
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
openSUSE Leap Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
Basesystem Module 15-SP4 (src): kernel-source-5.14.21-150400.24.74.1, kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
Development Tools Module 15-SP4 (src): kernel-syms-5.14.21-150400.24.74.1, kernel-source-5.14.21-150400.24.74.1, kernel-obs-build-5.14.21-150400.24.74.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_15-1-150400.9.3.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 65 Maintenance Automation 2023-08-03 20:30:28 UTC 
SUSE-SU-2023:3182-1: An update that solves nine vulnerabilities, contains one feature and has 70 fixes can now be installed.

Category: security (important)
Bug References: 1150305, 1193629, 1194869, 1207894, 1208788, 1210565, 1210584, 1210853, 1211243, 1211811, 1211867, 1212301, 1212846, 1212905, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213059, 1213061, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213134, 1213245, 1213247, 1213252, 1213258, 1213259, 1213263, 1213264, 1213286, 1213523, 1213524, 1213543, 1213585, 1213586, 1213705
CVE References: CVE-2023-20593, CVE-2023-2985, CVE-2023-3117, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3609, CVE-2023-3611, CVE-2023-3812
Jira References: PED-4758
Sources used:
openSUSE Leap 15.4 (src): kernel-source-azure-5.14.21-150400.14.60.1, kernel-syms-azure-5.14.21-150400.14.60.1
Public Cloud Module 15-SP4 (src): kernel-source-azure-5.14.21-150400.14.60.1, kernel-syms-azure-5.14.21-150400.14.60.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 66 Maintenance Automation 2023-08-03 20:30:43 UTC 
SUSE-SU-2023:3180-1: An update that solves seven vulnerabilities, contains two features and has 26 fixes can now be installed.

Category: security (important)
Bug References: 1150305, 1193629, 1194869, 1207894, 1208788, 1211243, 1211867, 1212256, 1212301, 1212525, 1212846, 1212905, 1213059, 1213061, 1213205, 1213206, 1213226, 1213233, 1213245, 1213247, 1213252, 1213258, 1213259, 1213263, 1213264, 1213286, 1213311, 1213493, 1213523, 1213524, 1213533, 1213543, 1213705
CVE References: CVE-2023-20593, CVE-2023-2985, CVE-2023-3117, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3812
Jira References: PED-4718, PED-4758
Sources used:
openSUSE Leap 15.5 (src): kernel-source-azure-5.14.21-150500.33.11.1, kernel-syms-azure-5.14.21-150500.33.11.1
Public Cloud Module 15-SP5 (src): kernel-source-azure-5.14.21-150500.33.11.1, kernel-syms-azure-5.14.21-150500.33.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 72 Maintenance Automation 2023-08-07 16:30:31 UTC 
SUSE-SU-2023:3206-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213286
CVE References: CVE-2023-20593
Sources used:
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-firmware-20210208-150300.4.13.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-firmware-20210208-150300.4.13.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-firmware-20210208-150300.4.13.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-firmware-20210208-150300.4.13.1
SUSE Manager Proxy 4.2 (src): kernel-firmware-20210208-150300.4.13.1
SUSE Manager Retail Branch Server 4.2 (src): kernel-firmware-20210208-150300.4.13.1
SUSE Manager Server 4.2 (src): kernel-firmware-20210208-150300.4.13.1
SUSE Enterprise Storage 7.1 (src): kernel-firmware-20210208-150300.4.13.1
SUSE Linux Enterprise Micro 5.1 (src): kernel-firmware-20210208-150300.4.13.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-firmware-20210208-150300.4.13.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-firmware-20210208-150300.4.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 88 Maintenance Automation 2023-08-14 08:30:29 UTC 
SUSE-SU-2023:3302-1: An update that solves 28 vulnerabilities, contains two features and has 115 fixes can now be installed.

Category: security (important)
Bug References: 1150305, 1187829, 1193629, 1194869, 1206418, 1207129, 1207894, 1207948, 1208788, 1210335, 1210565, 1210584, 1210627, 1210780, 1210825, 1210853, 1211014, 1211131, 1211243, 1211738, 1211811, 1211867, 1212051, 1212256, 1212265, 1212301, 1212445, 1212456, 1212502, 1212525, 1212603, 1212604, 1212685, 1212766, 1212835, 1212838, 1212842, 1212846, 1212848, 1212861, 1212869, 1212892, 1212901, 1212905, 1212961, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213059, 1213061, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213116, 1213134, 1213167, 1213205, 1213206, 1213226, 1213233, 1213245, 1213247, 1213252, 1213258, 1213259, 1213263, 1213264, 1213272, 1213286, 1213287, 1213304, 1213417, 1213493, 1213523, 1213524, 1213533, 1213543, 1213578, 1213585, 1213586, 1213588, 1213601, 1213620, 1213632, 1213653, 1213705, 1213713, 1213715, 1213747, 1213756, 1213759, 1213777, 1213810, 1213812, 1213856, 1213857, 1213863, 1213867, 1213870, 1213871, 1213872
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-1829, CVE-2023-20569, CVE-2023-20593, CVE-2023-21400, CVE-2023-2156, CVE-2023-2166, CVE-2023-2430, CVE-2023-2985, CVE-2023-3090, CVE-2023-31083, CVE-2023-3111, CVE-2023-3117, CVE-2023-31248, CVE-2023-3212, CVE-2023-3268, CVE-2023-3389, CVE-2023-3390, CVE-2023-35001, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-3812, CVE-2023-38409, CVE-2023-3863, CVE-2023-4004
Jira References: PED-4718, PED-4758
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5-RT_Update_3-1-150500.11.5.1, kernel-syms-rt-5.14.21-150500.13.11.1, kernel-source-rt-5.14.21-150500.13.11.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_3-1-150500.11.5.1
SUSE Real Time Module 15-SP5 (src): kernel-syms-rt-5.14.21-150500.13.11.1, kernel-source-rt-5.14.21-150500.13.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 89 Maintenance Automation 2023-08-15 12:30:24 UTC 
SUSE-SU-2023:3318-1: An update that solves 20 vulnerabilities and has 89 fixes can now be installed.

Category: security (important)
Bug References: 1150305, 1193629, 1194869, 1206418, 1207129, 1207894, 1208788, 1210565, 1210584, 1210627, 1210780, 1210853, 1211131, 1211243, 1211738, 1211811, 1211867, 1212301, 1212502, 1212604, 1212846, 1212901, 1212905, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213059, 1213061, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213134, 1213167, 1213245, 1213247, 1213252, 1213258, 1213259, 1213263, 1213264, 1213272, 1213286, 1213287, 1213304, 1213523, 1213524, 1213543, 1213585, 1213586, 1213588, 1213620, 1213653, 1213705, 1213713, 1213715, 1213747, 1213756, 1213759, 1213777, 1213810, 1213812, 1213856, 1213857, 1213863, 1213867, 1213870, 1213871
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-20593, CVE-2023-21400, CVE-2023-2156, CVE-2023-2166, CVE-2023-2985, CVE-2023-31083, CVE-2023-3117, CVE-2023-31248, CVE-2023-3268, CVE-2023-3390, CVE-2023-35001, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-3812, CVE-2023-4004
Sources used:
openSUSE Leap 15.4 (src): kernel-syms-rt-5.14.21-150400.15.46.1, kernel-source-rt-5.14.21-150400.15.46.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_11-1-150400.1.5.1
SUSE Real Time Module 15-SP4 (src): kernel-syms-rt-5.14.21-150400.15.46.1, kernel-source-rt-5.14.21-150400.15.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 90 Maintenance Automation 2023-08-16 08:31:36 UTC 
SUSE-SU-2023:3324-1: An update that solves 14 vulnerabilities and has two fixes can now be installed.

Category: security (important)
Bug References: 1087082, 1126703, 1206418, 1207561, 1209779, 1210584, 1211738, 1211867, 1212502, 1213059, 1213167, 1213251, 1213286, 1213287, 1213585, 1213588
CVE References: CVE-2018-20784, CVE-2018-3639, CVE-2022-40982, CVE-2023-0459, CVE-2023-1637, CVE-2023-20569, CVE-2023-20593, CVE-2023-2985, CVE-2023-3106, CVE-2023-3268, CVE-2023-35001, CVE-2023-3567, CVE-2023-3611, CVE-2023-3776
Sources used:
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): kernel-syms-4.4.121-92.208.1, kernel-source-4.4.121-92.208.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 91 Maintenance Automation 2023-08-16 12:30:06 UTC 
SUSE-SU-2023:3333-1: An update that solves 13 vulnerabilities can now be installed.

Category: security (important)
Bug References: 1087082, 1102851, 1205803, 1206418, 1211738, 1212128, 1212129, 1212154, 1212501, 1212502, 1213167, 1213286, 1213588
CVE References: CVE-2017-18344, CVE-2018-3639, CVE-2022-40982, CVE-2022-45919, CVE-2023-0459, CVE-2023-20593, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3567, CVE-2023-35824, CVE-2023-3776
Sources used:
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (src): kernel-syms-3.0.101-108.144.1, kernel-source-3.0.101-108.144.1
SUSE Linux Enterprise Server 11 SP4 (src): kernel-syms-3.0.101-108.144.1, kernel-source-3.0.101-108.144.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 92 Maintenance Automation 2023-08-17 16:30:16 UTC 
SUSE-SU-2023:3349-1: An update that solves 11 vulnerabilities and has 74 fixes can now be installed.

Category: security (important)
Bug References: 1087082, 1150305, 1173438, 1188885, 1202670, 1202716, 1205496, 1206418, 1207526, 1207528, 1207561, 1207617, 1207620, 1207629, 1207630, 1207633, 1207634, 1207653, 1208788, 1210584, 1210765, 1210766, 1210771, 1211738, 1211867, 1212266, 1212301, 1212657, 1212741, 1212835, 1212871, 1212905, 1212986, 1212987, 1212988, 1212989, 1212990, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213017, 1213018, 1213019, 1213020, 1213021, 1213022, 1213023, 1213024, 1213025, 1213032, 1213033, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213042, 1213059, 1213133, 1213167, 1213215, 1213218, 1213221, 1213286, 1213287, 1213344, 1213346, 1213350, 1213525, 1213585, 1213586, 1213588, 1213705, 1213747, 1213766, 1213819, 1213823, 1213825, 1213827
CVE References: CVE-2018-3639, CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-20593, CVE-2023-2985, CVE-2023-35001, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-azure-4.12.14-16.146.1, kernel-source-azure-4.12.14-16.146.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-azure-4.12.14-16.146.1, kernel-source-azure-4.12.14-16.146.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-azure-4.12.14-16.146.1, kernel-source-azure-4.12.14-16.146.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 93 Maintenance Automation 2023-08-23 16:30:06 UTC 
SUSE-SU-2023:3392-1: An update that solves 13 vulnerabilities and has five fixes can now be installed.

Category: security (important)
Bug References: 1206418, 1207088, 1210584, 1211738, 1211867, 1212301, 1212741, 1212835, 1213059, 1213167, 1213286, 1213287, 1213546, 1213585, 1213586, 1213588, 1213970, 1214019
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-20593, CVE-2023-2985, CVE-2023-34319, CVE-2023-35001, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-4133, CVE-2023-4194
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_43-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-source-4.12.14-150100.197.154.1, kernel-syms-4.12.14-150100.197.154.1, kernel-obs-build-4.12.14-150100.197.154.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-source-4.12.14-150100.197.154.1, kernel-syms-4.12.14-150100.197.154.1, kernel-obs-build-4.12.14-150100.197.154.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-source-4.12.14-150100.197.154.1, kernel-syms-4.12.14-150100.197.154.1, kernel-obs-build-4.12.14-150100.197.154.1
SUSE CaaS Platform 4.0 (src): kernel-source-4.12.14-150100.197.154.1, kernel-syms-4.12.14-150100.197.154.1, kernel-obs-build-4.12.14-150100.197.154.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 94 Maintenance Automation 2023-08-23 16:30:14 UTC 
SUSE-SU-2023:3390-1: An update that solves 16 vulnerabilities and has eight fixes can now be installed.

Category: security (important)
Bug References: 1206418, 1207088, 1209342, 1210584, 1211738, 1211867, 1212301, 1212741, 1212835, 1212846, 1213059, 1213167, 1213245, 1213286, 1213287, 1213354, 1213543, 1213546, 1213585, 1213586, 1213588, 1213868, 1213970, 1214019
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-20593, CVE-2023-2985, CVE-2023-3117, CVE-2023-3390, CVE-2023-34319, CVE-2023-35001, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-3812, CVE-2023-4133, CVE-2023-4194
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_39-1-150200.5.3.2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.160.2, kernel-syms-5.3.18-150200.24.160.1, kernel-default-base-5.3.18-150200.24.160.2.150200.9.79.2, kernel-source-5.3.18-150200.24.160.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.160.2, kernel-syms-5.3.18-150200.24.160.1, kernel-default-base-5.3.18-150200.24.160.2.150200.9.79.2, kernel-source-5.3.18-150200.24.160.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.160.2, kernel-syms-5.3.18-150200.24.160.1, kernel-default-base-5.3.18-150200.24.160.2.150200.9.79.2, kernel-source-5.3.18-150200.24.160.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 95 Maintenance Automation 2023-08-23 16:30:27 UTC 
SUSE-SU-2023:3391-1: An update that solves 15 vulnerabilities, contains one feature and has nine fixes can now be installed.

Category: security (important)
Bug References: 1199304, 1206418, 1207270, 1210584, 1211131, 1211738, 1211867, 1212301, 1212741, 1212835, 1212846, 1213059, 1213061, 1213167, 1213245, 1213286, 1213287, 1213354, 1213543, 1213585, 1213586, 1213588, 1213653, 1213868
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-20593, CVE-2023-2156, CVE-2023-2985, CVE-2023-3117, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-3812
Jira References: PED-4567
Sources used:
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_35-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.130.1, kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1, kernel-source-5.3.18-150300.59.130.1, kernel-syms-5.3.18-150300.59.130.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.130.1, kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1, kernel-source-5.3.18-150300.59.130.1, kernel-syms-5.3.18-150300.59.130.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-obs-build-5.3.18-150300.59.130.1, kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1, kernel-source-5.3.18-150300.59.130.1, kernel-syms-5.3.18-150300.59.130.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.130.1, kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1, kernel-source-5.3.18-150300.59.130.1, kernel-syms-5.3.18-150300.59.130.1
SUSE Manager Proxy 4.2 (src): kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1, kernel-source-5.3.18-150300.59.130.1
SUSE Manager Retail Branch Server 4.2 (src): kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1, kernel-source-5.3.18-150300.59.130.1
SUSE Manager Server 4.2 (src): kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1, kernel-source-5.3.18-150300.59.130.1
SUSE Enterprise Storage 7.1 (src): kernel-obs-build-5.3.18-150300.59.130.1, kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1, kernel-source-5.3.18-150300.59.130.1, kernel-syms-5.3.18-150300.59.130.1
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 96 Maintenance Automation 2023-08-24 12:31:11 UTC 
SUSE-SU-2023:3421-1: An update that solves 15 vulnerabilities, contains one feature and has nine fixes can now be installed.

Category: security (important)
Bug References: 1199304, 1206418, 1207270, 1210584, 1211131, 1211738, 1211867, 1212301, 1212741, 1212835, 1212846, 1213059, 1213061, 1213167, 1213245, 1213286, 1213287, 1213354, 1213543, 1213585, 1213586, 1213588, 1213653, 1213868
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-20593, CVE-2023-2156, CVE-2023-2985, CVE-2023-3117, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-3812
Jira References: PED-4567
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 101 Marcus Meissner 2024-01-24 10:15:06 UTC 
released