Bug 1215420 (CVE-2023-4244)

Summary: VUL-0: CVE-2023-4244: kernel-source-rt,kernel-source-azure,kernel-source: netfilter: nf_tables UAF
Product: [Novell Products] SUSE Security Incidents Reporter: Carlos López <carlos.lopez>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: IN_PROGRESS --- QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P1 - Urgent CC: ali.abdallah, denis.kirjanov, firo.yang, hare, hvdheuvel, jkosina, lidong.zhong, meissner, mhocko, mkoutny, mkubecek, mpdesouza, rfrohl, security-team, tabraham
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/377517/
See Also: https://bugzilla.suse.com/show_bug.cgi?id=1214727
Whiteboard: CVSSv3.1:SUSE:CVE-2023-4244:7.0:(AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1215424    
Attachments: 0001-netfilter-implement-reference-counting-for-nft_sets.patch
0002-netfilter-take-a-reference-when-looking-up-nft_sets.patch
nft set test

Description Carlos López 2023-09-18 07:51:40 UTC 
CVE-2023-4244

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables
component can be exploited to achieve local privilege escalation.

Due to a race condition between nf_tables netlink control plane transaction and
nft_set element garbage collection, it is possible to underflow the reference
counter causing a use-after-free vulnerability.

We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4244
https://bugzilla.redhat.com/show_bug.cgi?id=2235306
https://bugzilla.redhat.com/show_bug.cgi?id=2237755
https://www.cve.org/CVERecord?id=CVE-2023-4244
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8
https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8
Comment 1 Marcus Meissner 2023-09-18 12:10:11 UTC 
dup of bug 1214727 likely.

can you add this CVE to all the references please as this is now the primary CVE.
Comment 9 Michal Kubeček 2023-12-04 21:03:10 UTC 
bsc#1214727 bsc#1215420 CVE-2023-4563 CVE-2023-4244

introduced      cfed7e1b1f8e    4.1-rc1
fixed           5f68718b34a5    6.5-rc6

SLE15-SP6       6.4.11
SLE15-SP4       7ff6f04055b9    (merged)
cve/linux-5.3   *
cve/linux-4.12  *
cve/linux-4.4   *

The backports into 5.3, 4.12 and 4.4 based branches will be more tricky
because of significant rewrites of the nftables code (not to mention that
even the 5.14 backport required 5 follow-up patches and a kabi hack).
Comment 18 Maintenance Automation 2023-12-12 16:30:03 UTC 
SUSE-SU-2023:4732-1: An update that solves 15 vulnerabilities, contains three features and has 39 security fixes can now be installed.

Category: security (important)
Bug References: 1207948, 1210447, 1212649, 1214286, 1214700, 1214840, 1214976, 1215095, 1215123, 1215124, 1215292, 1215420, 1215458, 1215710, 1215802, 1215931, 1216058, 1216105, 1216259, 1216527, 1216584, 1216621, 1216687, 1216693, 1216759, 1216761, 1216788, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217095, 1217124, 1217140, 1217147, 1217195, 1217196, 1217200, 1217205, 1217332, 1217366, 1217511, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780
CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-3777, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46813, CVE-2023-46862, CVE-2023-5158, CVE-2023-5633, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
Jira References: PED-3184, PED-5021, PED-7237
Sources used:
openSUSE Leap 15.5 (src): kernel-source-rt-5.14.21-150500.13.27.2, kernel-syms-rt-5.14.21-150500.13.27.1, kernel-livepatch-SLE15-SP5-RT_Update_8-1-150500.11.3.2
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_8-1-150500.11.3.2
SUSE Real Time Module 15-SP5 (src): kernel-source-rt-5.14.21-150500.13.27.2, kernel-syms-rt-5.14.21-150500.13.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Maintenance Automation 2023-12-12 16:30:14 UTC 
SUSE-SU-2023:4731-1: An update that solves 12 vulnerabilities, contains three features and has 28 security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1189998, 1210447, 1214286, 1214976, 1215124, 1215292, 1215420, 1215458, 1215710, 1216058, 1216105, 1216259, 1216584, 1216693, 1216759, 1216761, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217124, 1217140, 1217195, 1217200, 1217205, 1217332, 1217366, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780
CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
Jira References: PED-3184, PED-5021, PED-7237
Sources used:
openSUSE Leap 15.4 (src): kernel-source-rt-5.14.21-150400.15.62.1, kernel-syms-rt-5.14.21-150400.15.62.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_16-1-150400.1.3.1
SUSE Real Time Module 15-SP4 (src): kernel-source-rt-5.14.21-150400.15.62.1, kernel-syms-rt-5.14.21-150400.15.62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Maintenance Automation 2023-12-12 16:30:32 UTC 
SUSE-SU-2023:4734-1: An update that solves 13 vulnerabilities, contains three features and has 38 security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1207948, 1210447, 1214286, 1214700, 1214840, 1214976, 1215123, 1215124, 1215292, 1215420, 1215458, 1215710, 1215802, 1215931, 1216058, 1216105, 1216259, 1216527, 1216584, 1216687, 1216693, 1216759, 1216788, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217095, 1217124, 1217140, 1217147, 1217195, 1217196, 1217200, 1217205, 1217332, 1217366, 1217511, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780
CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5633, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
Jira References: PED-3184, PED-5021, PED-7237
Sources used:
openSUSE Leap 15.5 (src): kernel-syms-azure-5.14.21-150500.33.26.1, kernel-source-azure-5.14.21-150500.33.26.1
Public Cloud Module 15-SP5 (src): kernel-syms-azure-5.14.21-150500.33.26.1, kernel-source-azure-5.14.21-150500.33.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Maintenance Automation 2023-12-12 16:30:48 UTC 
SUSE-SU-2023:4730-1: An update that solves 13 vulnerabilities, contains three features and has 38 security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1207948, 1210447, 1214286, 1214700, 1214840, 1214976, 1215123, 1215124, 1215292, 1215420, 1215458, 1215710, 1215802, 1215931, 1216058, 1216105, 1216259, 1216527, 1216584, 1216687, 1216693, 1216759, 1216788, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217095, 1217124, 1217140, 1217147, 1217195, 1217196, 1217200, 1217205, 1217332, 1217366, 1217511, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780
CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5633, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
Jira References: PED-3184, PED-5021, PED-7237
Sources used:
openSUSE Leap 15.5 (src): kernel-syms-5.14.21-150500.55.39.1, kernel-source-5.14.21-150500.55.39.1, kernel-livepatch-SLE15-SP5_Update_8-1-150500.11.3.1, kernel-obs-build-5.14.21-150500.55.39.1, kernel-obs-qa-5.14.21-150500.55.39.1, kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1
SUSE Linux Enterprise Micro 5.5 (src): kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1
Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.39.1, kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1
Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.39.1, kernel-syms-5.14.21-150500.55.39.1, kernel-obs-build-5.14.21-150500.55.39.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_8-1-150500.11.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Maintenance Automation 2023-12-13 16:30:48 UTC 
SUSE-SU-2023:4782-1: An update that solves 12 vulnerabilities, contains three features and has 25 security fixes can now be installed.

Category: security (important)
Bug References: 1210447, 1214286, 1214976, 1215124, 1215292, 1215420, 1215458, 1215710, 1216058, 1216105, 1216259, 1216584, 1216693, 1216759, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217124, 1217140, 1217195, 1217200, 1217205, 1217332, 1217366, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780
CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
Jira References: PED-3184, PED-5021, PED-7237
Sources used:
openSUSE Leap 15.4 (src): kernel-source-azure-5.14.21-150400.14.75.1, kernel-syms-azure-5.14.21-150400.14.75.1
Public Cloud Module 15-SP4 (src): kernel-source-azure-5.14.21-150400.14.75.1, kernel-syms-azure-5.14.21-150400.14.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Maintenance Automation 2023-12-13 20:30:33 UTC 
SUSE-SU-2023:4810-1: An update that solves 12 vulnerabilities, contains three features and has 26 security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1210447, 1214286, 1214976, 1215124, 1215292, 1215420, 1215458, 1215710, 1216058, 1216105, 1216259, 1216584, 1216693, 1216759, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217124, 1217140, 1217195, 1217200, 1217205, 1217332, 1217366, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780
CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
Jira References: PED-3184, PED-5021, PED-7237
Sources used:
openSUSE Leap 15.4 (src): kernel-obs-qa-5.14.21-150400.24.100.1, kernel-obs-build-5.14.21-150400.24.100.2, kernel-syms-5.14.21-150400.24.100.1, kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2, kernel-source-5.14.21-150400.24.100.2, kernel-livepatch-SLE15-SP4_Update_21-1-150400.9.3.2
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
openSUSE Leap Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
Basesystem Module 15-SP4 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2, kernel-source-5.14.21-150400.24.100.2
Development Tools Module 15-SP4 (src): kernel-source-5.14.21-150400.24.100.2, kernel-obs-build-5.14.21-150400.24.100.2, kernel-syms-5.14.21-150400.24.100.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_21-1-150400.9.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Denis Kirjanov 2024-04-05 08:25:29 UTC 
Should be done next week. It taken time since we have CVEs flood
Comment 64 Hannes Reinecke 2024-06-04 14:14:23 UTC 
So, here's the plan:
a) Detail out what the real issue is (ie how the vuln comes about).
  The commit details are ever so sketchy, so it would be good to have something
  with the actual function names etc.
b) Check if this scenario still applies for a 4.4 based kernel.
c) See if we can come up with a simpler solution for a 4.4 based kernel, seeing
   that most of the infrastructure for the upstream fix is not available.

Michal, can you give us a hand with a) ?
Comment 69 Hannes Reinecke 2024-06-07 14:32:05 UTC 
Created attachment 875370 [details]
0001-netfilter-implement-reference-counting-for-nft_sets.patch

netfilter: implement reference counting for nft_sets
Comment 70 Hannes Reinecke 2024-06-07 14:33:06 UTC 
Created attachment 875371 [details]
0002-netfilter-take-a-reference-when-looking-up-nft_sets.patch

netfilter: take a reference when looking up nft_sets.
Comment 71 Hannes Reinecke 2024-06-07 14:34:25 UTC 
A slightly different approach: There actually is a hole in the nft_set structure due to cacheline alignment, so we can shove in a reference counter there.
And if we now take a reference everytime we're looking up a nft_set (and releasing it afterwards) we should be insulated against UAFs.

Michal, what do you think?
Comment 73 Maintenance Automation 2024-06-12 20:31:33 UTC 
SUSE-SU-2024:2010-1: An update that solves 186 vulnerabilities and has 27 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1151927, 1152472, 1154353, 1156395, 1174585, 1176447, 1176774, 1176869, 1178134, 1181147, 1184631, 1185589, 1185902, 1186885, 1188616, 1188772, 1189883, 1190795, 1191452, 1192107, 1194288, 1194591, 1196956, 1197760, 1198029, 1199304, 1200619, 1203389, 1206646, 1209657, 1210335, 1210629, 1213476, 1215420, 1216702, 1217169, 1220137, 1220144, 1220754, 1220877, 1220960, 1221044, 1221113, 1221829, 1222251, 1222619, 1222838, 1222867, 1223084, 1223138, 1223384, 1223390, 1223512, 1223626, 1223715, 1223932, 1223934, 1224099, 1224174, 1224438, 1224482, 1224511, 1224592, 1224816, 1224826, 1224830, 1224831, 1224832, 1224834, 1224841, 1224842, 1224843, 1224844, 1224846, 1224849, 1224852, 1224853, 1224854, 1224859, 1224882, 1224886, 1224888, 1224889, 1224891, 1224892, 1224893, 1224899, 1224904, 1224907, 1224909, 1224916, 1224917, 1224922, 1224923, 1224924, 1224926, 1224928, 1224953, 1224954, 1224955, 1224957, 1224961, 1224963, 1224965, 1224966, 1224968, 1224981, 1224982, 1224983, 1224984, 1224987, 1224990, 1224993, 1224996, 1224997, 1225026, 1225030, 1225058, 1225060, 1225083, 1225084, 1225091, 1225112, 1225113, 1225128, 1225140, 1225143, 1225148, 1225155, 1225164, 1225177, 1225178, 1225181, 1225192, 1225193, 1225198, 1225201, 1225206, 1225207, 1225208, 1225214, 1225223, 1225224, 1225230, 1225232, 1225233, 1225237, 1225238, 1225243, 1225244, 1225247, 1225251, 1225252, 1225256, 1225261, 1225262, 1225263, 1225301, 1225303, 1225316, 1225318, 1225320, 1225321, 1225322, 1225326, 1225327, 1225328, 1225330, 1225333, 1225336, 1225341, 1225346, 1225351, 1225354, 1225355, 1225357, 1225358, 1225360, 1225361, 1225366, 1225367, 1225369, 1225370, 1225372, 1225374, 1225384, 1225386, 1225387, 1225390, 1225393, 1225400, 1225404, 1225405, 1225409, 1225411, 1225424, 1225427, 1225435, 1225437, 1225438, 1225439, 1225446, 1225447, 1225448, 1225450, 1225453, 1225455, 1225468, 1225499, 1225500, 1225508, 1225534
CVE References: CVE-2020-36788, CVE-2021-3743, CVE-2021-39698, CVE-2021-43056, CVE-2021-47104, CVE-2021-47192, CVE-2021-47200, CVE-2021-47220, CVE-2021-47227, CVE-2021-47228, CVE-2021-47229, CVE-2021-47230, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47239, CVE-2021-47240, CVE-2021-47241, CVE-2021-47246, CVE-2021-47252, CVE-2021-47253, CVE-2021-47254, CVE-2021-47255, CVE-2021-47258, CVE-2021-47259, CVE-2021-47260, CVE-2021-47261, CVE-2021-47263, CVE-2021-47265, CVE-2021-47267, CVE-2021-47269, CVE-2021-47270, CVE-2021-47274, CVE-2021-47275, CVE-2021-47276, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47289, CVE-2021-47296, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47314, CVE-2021-47315, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47329, CVE-2021-47330, CVE-2021-47332, CVE-2021-47333, CVE-2021-47334, CVE-2021-47337, CVE-2021-47338, CVE-2021-47340, CVE-2021-47341, CVE-2021-47343, CVE-2021-47344, CVE-2021-47347, CVE-2021-47348, CVE-2021-47350, CVE-2021-47353, CVE-2021-47354, CVE-2021-47356, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47381, CVE-2021-47382, CVE-2021-47383, CVE-2021-47387, CVE-2021-47388, CVE-2021-47391, CVE-2021-47392, CVE-2021-47393, CVE-2021-47395, CVE-2021-47396, CVE-2021-47399, CVE-2021-47402, CVE-2021-47404, CVE-2021-47405, CVE-2021-47409, CVE-2021-47413, CVE-2021-47416, CVE-2021-47422, CVE-2021-47423, CVE-2021-47424, CVE-2021-47425, CVE-2021-47426, CVE-2021-47428, CVE-2021-47431, CVE-2021-47434, CVE-2021-47435, CVE-2021-47436, CVE-2021-47441, CVE-2021-47442, CVE-2021-47443, CVE-2021-47444, CVE-2021-47445, CVE-2021-47451, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47464, CVE-2021-47465, CVE-2021-47468, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47482, CVE-2021-47483, CVE-2021-47485, CVE-2021-47493, CVE-2021-47494, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47498, CVE-2021-47499, CVE-2021-47500, CVE-2021-47501, CVE-2021-47502, CVE-2021-47503, CVE-2021-47505, CVE-2021-47506, CVE-2021-47507, CVE-2021-47509, CVE-2021-47511, CVE-2021-47512, CVE-2021-47516, CVE-2021-47518, CVE-2021-47521, CVE-2021-47522, CVE-2021-47523, CVE-2021-47527, CVE-2021-47535, CVE-2021-47536, CVE-2021-47538, CVE-2021-47540, CVE-2021-47541, CVE-2021-47542, CVE-2021-47549, CVE-2021-47557, CVE-2021-47562, CVE-2021-47563, CVE-2021-47565, CVE-2022-1195, CVE-2022-20132, CVE-2022-48636, CVE-2022-48673, CVE-2022-48704, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-2176, CVE-2023-4244, CVE-2023-47233, CVE-2023-52433, CVE-2023-52581, CVE-2023-52591, CVE-2023-52654, CVE-2023-52655, CVE-2023-52686, CVE-2023-52840, CVE-2023-52871, CVE-2023-52880, CVE-2023-6531, CVE-2024-26581, CVE-2024-26643, CVE-2024-26828, CVE-2024-26921, CVE-2024-26925, CVE-2024-26929, CVE-2024-26930, CVE-2024-27398, CVE-2024-27413, CVE-2024-35811, CVE-2024-35895, CVE-2024-35914
Maintenance Incident: [SUSE:Maintenance:34219](https://smelt.suse.de/incident/34219/)
Sources used:
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-source-rt-5.3.18-150300.172.1
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-source-rt-5.3.18-150300.172.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-source-rt-5.3.18-150300.172.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 75 Jiri Kosina 2024-06-14 13:36:39 UTC 
(In reply to Hannes Reinecke from comment #70)
> Created attachment 875371 [details]
> 0002-netfilter-take-a-reference-when-looking-up-nft_sets.patch
> 
> netfilter: take a reference when looking up nft_sets.

What is the result of this patch? Was it at least functionality-tested against regression?
Comment 77 Hannes Reinecke 2024-06-19 15:02:45 UTC 
Denis, can you setup a simple testbed for netfilters to check the patch?
Comment 78 Denis Kirjanov 2024-06-20 07:45:44 UTC 
(In reply to Hannes Reinecke from comment #77)
> Denis, can you setup a simple testbed for netfilters to check the patch?

Sure, going to test it shortly
Comment 79 Maintenance Automation 2024-06-24 20:31:25 UTC 
SUSE-SU-2024:2183-1: An update that solves 131 vulnerabilities and has 13 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1151927, 1154353, 1156395, 1174585, 1176869, 1184631, 1185589, 1185902, 1188616, 1188772, 1189883, 1190795, 1191452, 1192107, 1194288, 1196956, 1200619, 1208813, 1209657, 1210335, 1210629, 1215356, 1215420, 1216702, 1217169, 1220137, 1220144, 1220754, 1220877, 1220960, 1221044, 1221829, 1222251, 1222619, 1223084, 1223384, 1223390, 1223934, 1224099, 1224174, 1224438, 1224482, 1224511, 1224592, 1224831, 1224832, 1224834, 1224841, 1224843, 1224846, 1224849, 1224854, 1224859, 1224882, 1224888, 1224889, 1224891, 1224892, 1224893, 1224904, 1224907, 1224909, 1224916, 1224917, 1224922, 1224923, 1224924, 1224928, 1224953, 1224954, 1224961, 1224963, 1224965, 1224966, 1224968, 1224981, 1224982, 1224984, 1224987, 1224990, 1224993, 1224996, 1224997, 1225026, 1225030, 1225058, 1225060, 1225084, 1225091, 1225112, 1225113, 1225140, 1225143, 1225164, 1225177, 1225181, 1225192, 1225193, 1225201, 1225206, 1225207, 1225208, 1225214, 1225223, 1225224, 1225232, 1225238, 1225244, 1225251, 1225256, 1225261, 1225262, 1225263, 1225301, 1225303, 1225318, 1225321, 1225326, 1225327, 1225328, 1225336, 1225341, 1225346, 1225351, 1225354, 1225355, 1225360, 1225366, 1225367, 1225384, 1225390, 1225393, 1225400, 1225404, 1225411, 1225427, 1225437, 1225448, 1225453, 1225455, 1225499, 1225500, 1225534
CVE References: CVE-2021-3743, CVE-2021-39698, CVE-2021-43056, CVE-2021-47104, CVE-2021-47220, CVE-2021-47229, CVE-2021-47231, CVE-2021-47236, CVE-2021-47239, CVE-2021-47240, CVE-2021-47246, CVE-2021-47252, CVE-2021-47254, CVE-2021-47255, CVE-2021-47259, CVE-2021-47260, CVE-2021-47261, CVE-2021-47267, CVE-2021-47269, CVE-2021-47270, CVE-2021-47274, CVE-2021-47275, CVE-2021-47276, CVE-2021-47280, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47289, CVE-2021-47296, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47314, CVE-2021-47315, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47330, CVE-2021-47332, CVE-2021-47333, CVE-2021-47334, CVE-2021-47338, CVE-2021-47341, CVE-2021-47344, CVE-2021-47347, CVE-2021-47350, CVE-2021-47354, CVE-2021-47356, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47381, CVE-2021-47382, CVE-2021-47383, CVE-2021-47388, CVE-2021-47391, CVE-2021-47393, CVE-2021-47395, CVE-2021-47396, CVE-2021-47399, CVE-2021-47402, CVE-2021-47404, CVE-2021-47405, CVE-2021-47416, CVE-2021-47423, CVE-2021-47424, CVE-2021-47425, CVE-2021-47431, CVE-2021-47434, CVE-2021-47436, CVE-2021-47441, CVE-2021-47442, CVE-2021-47443, CVE-2021-47445, CVE-2021-47456, CVE-2021-47460, CVE-2021-47464, CVE-2021-47465, CVE-2021-47468, CVE-2021-47473, CVE-2021-47482, CVE-2021-47483, CVE-2021-47485, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47500, CVE-2021-47505, CVE-2021-47506, CVE-2021-47511, CVE-2021-47516, CVE-2021-47522, CVE-2021-47527, CVE-2021-47538, CVE-2021-47541, CVE-2021-47542, CVE-2021-47562, CVE-2021-47563, CVE-2021-47565, CVE-2022-20132, CVE-2022-48673, CVE-2023-0160, CVE-2023-1829, CVE-2023-2176, CVE-2023-424, CVE-2023-4244, CVE-2023-47233, CVE-2023-52433, CVE-2023-52581, CVE-2023-52591, CVE-2023-52654, CVE-2023-52655, CVE-2023-52686, CVE-2023-52840, CVE-2023-52871, CVE-2023-52880, CVE-2023-6531, CVE-2024-26581, CVE-2024-26643, CVE-2024-26828, CVE-2024-26925, CVE-2024-26929, CVE-2024-26930, CVE-2024-27398, CVE-2024-27413, CVE-2024-35811, CVE-2024-35895, CVE-2024-35914
Maintenance Incident: [SUSE:Maintenance:34159](https://smelt.suse.de/incident/34159/)
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src):
 kernel-livepatch-SLE15-SP2_Update_49-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 kernel-obs-build-5.3.18-150200.24.194.1, kernel-default-base-5.3.18-150200.24.194.1.150200.9.99.1, kernel-source-5.3.18-150200.24.194.1, kernel-syms-5.3.18-150200.24.194.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 kernel-obs-build-5.3.18-150200.24.194.1, kernel-default-base-5.3.18-150200.24.194.1.150200.9.99.1, kernel-source-5.3.18-150200.24.194.1, kernel-syms-5.3.18-150200.24.194.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 kernel-obs-build-5.3.18-150200.24.194.1, kernel-default-base-5.3.18-150200.24.194.1.150200.9.99.1, kernel-source-5.3.18-150200.24.194.1, kernel-syms-5.3.18-150200.24.194.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 80 Maintenance Automation 2024-06-24 20:32:01 UTC 
SUSE-SU-2024:2185-1: An update that solves 187 vulnerabilities and has 26 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1151927, 1152472, 1154353, 1156395, 1174585, 1176447, 1176774, 1176869, 1178134, 1181147, 1184631, 1185570, 1185589, 1185902, 1186885, 1187357, 1188616, 1188772, 1189883, 1190795, 1191452, 1192107, 1194288, 1194591, 1196956, 1197760, 1198029, 1199304, 1200619, 1203389, 1206646, 1209657, 1210335, 1210629, 1213476, 1215420, 1216702, 1217169, 1220137, 1220144, 1220754, 1220877, 1220960, 1221044, 1221113, 1221829, 1222251, 1222619, 1222838, 1222867, 1223084, 1223138, 1223384, 1223390, 1223512, 1223932, 1223934, 1224099, 1224174, 1224438, 1224482, 1224511, 1224592, 1224816, 1224826, 1224830, 1224831, 1224832, 1224834, 1224841, 1224842, 1224843, 1224844, 1224846, 1224849, 1224852, 1224853, 1224854, 1224859, 1224882, 1224886, 1224888, 1224889, 1224891, 1224892, 1224893, 1224899, 1224904, 1224907, 1224909, 1224916, 1224917, 1224922, 1224923, 1224924, 1224926, 1224928, 1224953, 1224954, 1224955, 1224957, 1224961, 1224963, 1224965, 1224966, 1224968, 1224981, 1224982, 1224983, 1224984, 1224987, 1224990, 1224993, 1224996, 1224997, 1225026, 1225030, 1225058, 1225060, 1225083, 1225084, 1225091, 1225112, 1225113, 1225128, 1225140, 1225143, 1225148, 1225155, 1225164, 1225177, 1225178, 1225181, 1225192, 1225193, 1225198, 1225201, 1225206, 1225207, 1225208, 1225214, 1225223, 1225224, 1225230, 1225232, 1225233, 1225237, 1225238, 1225243, 1225244, 1225247, 1225251, 1225252, 1225256, 1225261, 1225262, 1225263, 1225301, 1225303, 1225316, 1225318, 1225320, 1225321, 1225322, 1225326, 1225327, 1225328, 1225330, 1225333, 1225336, 1225341, 1225346, 1225351, 1225354, 1225355, 1225357, 1225358, 1225360, 1225361, 1225366, 1225367, 1225369, 1225370, 1225372, 1225374, 1225384, 1225386, 1225387, 1225390, 1225393, 1225400, 1225404, 1225405, 1225409, 1225411, 1225424, 1225427, 1225435, 1225437, 1225438, 1225439, 1225446, 1225447, 1225448, 1225450, 1225453, 1225455, 1225468, 1225499, 1225500, 1225508, 1225534
CVE References: CVE-2020-36788, CVE-2021-3743, CVE-2021-39698, CVE-2021-43056, CVE-2021-47104, CVE-2021-47192, CVE-2021-47200, CVE-2021-47220, CVE-2021-47227, CVE-2021-47228, CVE-2021-47229, CVE-2021-47230, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47239, CVE-2021-47240, CVE-2021-47241, CVE-2021-47246, CVE-2021-47252, CVE-2021-47253, CVE-2021-47254, CVE-2021-47255, CVE-2021-47258, CVE-2021-47259, CVE-2021-47260, CVE-2021-47261, CVE-2021-47263, CVE-2021-47265, CVE-2021-47267, CVE-2021-47269, CVE-2021-47270, CVE-2021-47274, CVE-2021-47275, CVE-2021-47276, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47289, CVE-2021-47296, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47314, CVE-2021-47315, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47329, CVE-2021-47330, CVE-2021-47332, CVE-2021-47333, CVE-2021-47334, CVE-2021-47337, CVE-2021-47338, CVE-2021-47340, CVE-2021-47341, CVE-2021-47343, CVE-2021-47344, CVE-2021-47347, CVE-2021-47348, CVE-2021-47350, CVE-2021-47353, CVE-2021-47354, CVE-2021-47356, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47381, CVE-2021-47382, CVE-2021-47383, CVE-2021-47387, CVE-2021-47388, CVE-2021-47391, CVE-2021-47392, CVE-2021-47393, CVE-2021-47395, CVE-2021-47396, CVE-2021-47399, CVE-2021-47402, CVE-2021-47404, CVE-2021-47405, CVE-2021-47409, CVE-2021-47413, CVE-2021-47416, CVE-2021-47422, CVE-2021-47423, CVE-2021-47424, CVE-2021-47425, CVE-2021-47426, CVE-2021-47428, CVE-2021-47431, CVE-2021-47434, CVE-2021-47435, CVE-2021-47436, CVE-2021-47441, CVE-2021-47442, CVE-2021-47443, CVE-2021-47444, CVE-2021-47445, CVE-2021-47451, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47464, CVE-2021-47465, CVE-2021-47468, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47482, CVE-2021-47483, CVE-2021-47485, CVE-2021-47493, CVE-2021-47494, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47498, CVE-2021-47499, CVE-2021-47500, CVE-2021-47501, CVE-2021-47502, CVE-2021-47503, CVE-2021-47505, CVE-2021-47506, CVE-2021-47507, CVE-2021-47509, CVE-2021-47511, CVE-2021-47512, CVE-2021-47516, CVE-2021-47518, CVE-2021-47521, CVE-2021-47522, CVE-2021-47523, CVE-2021-47527, CVE-2021-47535, CVE-2021-47536, CVE-2021-47538, CVE-2021-47540, CVE-2021-47541, CVE-2021-47542, CVE-2021-47549, CVE-2021-47557, CVE-2021-47562, CVE-2021-47563, CVE-2021-47565, CVE-2022-1195, CVE-2022-20132, CVE-2022-48636, CVE-2022-48673, CVE-2022-48704, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-2176, CVE-2023-424, CVE-2023-4244, CVE-2023-47233, CVE-2023-52433, CVE-2023-52581, CVE-2023-52591, CVE-2023-52654, CVE-2023-52655, CVE-2023-52686, CVE-2023-52840, CVE-2023-52871, CVE-2023-52880, CVE-2023-6531, CVE-2024-26581, CVE-2024-26643, CVE-2024-26828, CVE-2024-26921, CVE-2024-26925, CVE-2024-26929, CVE-2024-26930, CVE-2024-27398, CVE-2024-27413, CVE-2024-35811, CVE-2024-35895, CVE-2024-35914
Maintenance Incident: [SUSE:Maintenance:34168](https://smelt.suse.de/incident/34168/)
Sources used:
openSUSE Leap 15.3 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-syms-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-livepatch-SLE15-SP3_Update_45-1-150300.7.3.1, kernel-source-5.3.18-150300.59.164.1, kernel-obs-qa-5.3.18-150300.59.164.1
SUSE Linux Enterprise Live Patching 15-SP3 (src):
 kernel-livepatch-SLE15-SP3_Update_45-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-source-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-syms-5.3.18-150300.59.164.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-source-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-syms-5.3.18-150300.59.164.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-source-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-syms-5.3.18-150300.59.164.1
SUSE Enterprise Storage 7.1 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-source-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-syms-5.3.18-150300.59.164.1
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 87 Denis Kirjanov 2024-07-02 09:11:53 UTC 
Created attachment 875824 [details]
nft set test
Comment 88 Denis Kirjanov 2024-07-03 11:27:58 UTC 
(In reply to Denis Kirjanov from comment #87)
> Created attachment 875824 [details]
> nft set test

Pushed to cve/4.4
Comment 99 Maintenance Automation 2024-07-16 08:30:21 UTC 
SUSE-SU-2024:2493-1: An update that solves 28 vulnerabilities and has three security fixes can now be installed.

Category: security (important)
Bug References: 1215420, 1220833, 1221656, 1221659, 1222005, 1222792, 1223021, 1223188, 1224622, 1224627, 1224647, 1224683, 1224686, 1224743, 1224965, 1225229, 1225357, 1225431, 1225478, 1225505, 1225530, 1225532, 1225569, 1225593, 1225835, 1226757, 1226861, 1226994, 1227407, 1227435, 1227487
CVE References: CVE-2021-47145, CVE-2021-47201, CVE-2021-47275, CVE-2021-47438, CVE-2021-47498, CVE-2021-47520, CVE-2021-47547, CVE-2023-4244, CVE-2023-52507, CVE-2023-52683, CVE-2023-52693, CVE-2023-52753, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2024-26635, CVE-2024-26636, CVE-2024-26880, CVE-2024-35805, CVE-2024-35819, CVE-2024-35828, CVE-2024-35947, CVE-2024-36014, CVE-2024-36941, CVE-2024-38598, CVE-2024-38619, CVE-2024-39301, CVE-2024-39475
Maintenance Incident: [SUSE:Maintenance:34763](https://smelt.suse.de/incident/34763/)
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src):
 kernel-syms-rt-4.12.14-10.194.1, kernel-source-rt-4.12.14-10.194.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 100 Maintenance Automation 2024-07-18 16:30:10 UTC 
SUSE-SU-2024:2561-1: An update that solves 176 vulnerabilities and has 17 security fixes can now be installed.

Category: security (important)
Bug References: 1119113, 1171988, 1191958, 1195065, 1195254, 1195775, 1204514, 1215420, 1216062, 1217912, 1218148, 1219224, 1220833, 1221010, 1221647, 1221654, 1221656, 1221659, 1221791, 1221958, 1222005, 1222015, 1222080, 1222364, 1222385, 1222435, 1222792, 1222809, 1222866, 1222879, 1222893, 1223013, 1223018, 1223021, 1223043, 1223188, 1223384, 1223532, 1223641, 1224177, 1224432, 1224504, 1224549, 1224552, 1224572, 1224575, 1224583, 1224588, 1224605, 1224622, 1224627, 1224647, 1224651, 1224660, 1224661, 1224662, 1224664, 1224668, 1224670, 1224672, 1224674, 1224677, 1224678, 1224683, 1224686, 1224703, 1224735, 1224739, 1224743, 1224763, 1224764, 1224765, 1224946, 1224951, 1224965, 1224967, 1224976, 1224977, 1224978, 1224993, 1224997, 1225047, 1225140, 1225184, 1225203, 1225229, 1225232, 1225261, 1225306, 1225337, 1225357, 1225372, 1225431, 1225463, 1225478, 1225484, 1225487, 1225490, 1225505, 1225514, 1225518, 1225530, 1225532, 1225548, 1225555, 1225556, 1225559, 1225569, 1225571, 1225573, 1225577, 1225583, 1225585, 1225593, 1225599, 1225602, 1225611, 1225642, 1225681, 1225704, 1225722, 1225749, 1225758, 1225760, 1225761, 1225767, 1225770, 1225815, 1225835, 1225840, 1225848, 1225866, 1225872, 1225894, 1225895, 1225898, 1226211, 1226212, 1226537, 1226554, 1226557, 1226562, 1226567, 1226575, 1226577, 1226593, 1226595, 1226597, 1226610, 1226614, 1226619, 1226621, 1226634, 1226637, 1226670, 1226672, 1226692, 1226698, 1226699, 1226701, 1226705, 1226708, 1226711, 1226712, 1226716, 1226718, 1226732, 1226735, 1226744, 1226746, 1226747, 1226749, 1226754, 1226757, 1226767, 1226769, 1226857, 1226861, 1226876, 1226883, 1226886, 1226895, 1226948, 1226949, 1226950, 1226962, 1226976, 1226994, 1226996, 1227101, 1227407, 1227435, 1227487
CVE References: CVE-2020-10135, CVE-2021-43389, CVE-2021-4439, CVE-2021-47103, CVE-2021-47145, CVE-2021-47191, CVE-2021-47193, CVE-2021-47201, CVE-2021-47267, CVE-2021-47270, CVE-2021-47275, CVE-2021-47293, CVE-2021-47294, CVE-2021-47297, CVE-2021-47309, CVE-2021-47328, CVE-2021-47354, CVE-2021-47372, CVE-2021-47379, CVE-2021-47407, CVE-2021-47418, CVE-2021-47434, CVE-2021-47438, CVE-2021-47445, CVE-2021-47498, CVE-2021-47518, CVE-2021-47520, CVE-2021-47544, CVE-2021-47547, CVE-2021-47566, CVE-2021-47571, CVE-2021-47576, CVE-2021-47587, CVE-2021-47589, CVE-2021-47600, CVE-2021-47602, CVE-2021-47603, CVE-2021-47609, CVE-2021-47617, CVE-2022-0435, CVE-2022-22942, CVE-2022-48711, CVE-2022-48715, CVE-2022-48722, CVE-2022-48732, CVE-2022-48733, CVE-2022-48740, CVE-2022-48743, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-4244, CVE-2023-52507, CVE-2023-52622, CVE-2023-52675, CVE-2023-52683, CVE-2023-52693, CVE-2023-52737, CVE-2023-52752, CVE-2023-52753, CVE-2023-52754, CVE-2023-52757, CVE-2023-52762, CVE-2023-52764, CVE-2023-52784, CVE-2023-52808, CVE-2023-52809, CVE-2023-5281, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2023-52832, CVE-2023-52834, CVE-2023-52835, CVE-2023-52843, CVE-2023-52845, CVE-2023-52855, CVE-2023-52881, CVE-2024-26633, CVE-2024-26635, CVE-2024-26636, CVE-2024-26641, CVE-2024-26679, CVE-2024-26687, CVE-2024-26720, CVE-2024-26813, CVE-2024-26845, CVE-2024-26863, CVE-2024-26880, CVE-2024-26894, CVE-2024-26923, CVE-2024-26928, CVE-2024-26973, CVE-2024-27399, CVE-2024-27410, CVE-2024-35247, CVE-2024-35805, CVE-2024-35807, CVE-2024-35819, CVE-2024-35822, CVE-2024-35828, CVE-2024-35835, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35867, CVE-2024-35868, CVE-2024-35870, CVE-2024-35886, CVE-2024-35896, CVE-2024-35922, CVE-2024-35925, CVE-2024-35930, CVE-2024-35947, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35976, CVE-2024-35979, CVE-2024-35997, CVE-2024-35998, CVE-2024-36014, CVE-2024-36016, CVE-2024-36017, CVE-2024-36025, CVE-2024-36479, CVE-2024-36880, CVE-2024-36894, CVE-2024-36915, CVE-2024-36917, CVE-2024-36919, CVE-2024-36923, CVE-2024-36934, CVE-2024-36938, CVE-2024-36940, CVE-2024-36941, CVE-2024-36949, CVE-2024-36950, CVE-2024-36952, CVE-2024-36960, CVE-2024-36964, CVE-2024-37021, CVE-2024-37354, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38549, CVE-2024-38552, CVE-2024-38553, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38597, CVE-2024-38598, CVE-2024-38601, CVE-2024-38608, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39475
Maintenance Incident: [SUSE:Maintenance:34719](https://smelt.suse.de/incident/34719/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_58-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.222.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 101 Maintenance Automation 2024-07-18 16:34:57 UTC 
SUSE-SU-2024:2561-1: An update that solves 176 vulnerabilities and has 17 security fixes can now be installed.

Category: security (important)
Bug References: 1119113, 1171988, 1191958, 1195065, 1195254, 1195775, 1204514, 1215420, 1216062, 1217912, 1218148, 1219224, 1220833, 1221010, 1221647, 1221654, 1221656, 1221659, 1221791, 1221958, 1222005, 1222015, 1222080, 1222364, 1222385, 1222435, 1222792, 1222809, 1222866, 1222879, 1222893, 1223013, 1223018, 1223021, 1223043, 1223188, 1223384, 1223532, 1223641, 1224177, 1224432, 1224504, 1224549, 1224552, 1224572, 1224575, 1224583, 1224588, 1224605, 1224622, 1224627, 1224647, 1224651, 1224660, 1224661, 1224662, 1224664, 1224668, 1224670, 1224672, 1224674, 1224677, 1224678, 1224683, 1224686, 1224703, 1224735, 1224739, 1224743, 1224763, 1224764, 1224765, 1224946, 1224951, 1224965, 1224967, 1224976, 1224977, 1224978, 1224993, 1224997, 1225047, 1225140, 1225184, 1225203, 1225229, 1225232, 1225261, 1225306, 1225337, 1225357, 1225372, 1225431, 1225463, 1225478, 1225484, 1225487, 1225490, 1225505, 1225514, 1225518, 1225530, 1225532, 1225548, 1225555, 1225556, 1225559, 1225569, 1225571, 1225573, 1225577, 1225583, 1225585, 1225593, 1225599, 1225602, 1225611, 1225642, 1225681, 1225704, 1225722, 1225749, 1225758, 1225760, 1225761, 1225767, 1225770, 1225815, 1225835, 1225840, 1225848, 1225866, 1225872, 1225894, 1225895, 1225898, 1226211, 1226212, 1226537, 1226554, 1226557, 1226562, 1226567, 1226575, 1226577, 1226593, 1226595, 1226597, 1226610, 1226614, 1226619, 1226621, 1226634, 1226637, 1226670, 1226672, 1226692, 1226698, 1226699, 1226701, 1226705, 1226708, 1226711, 1226712, 1226716, 1226718, 1226732, 1226735, 1226744, 1226746, 1226747, 1226749, 1226754, 1226757, 1226767, 1226769, 1226857, 1226861, 1226876, 1226883, 1226886, 1226895, 1226948, 1226949, 1226950, 1226962, 1226976, 1226994, 1226996, 1227101, 1227407, 1227435, 1227487
CVE References: CVE-2020-10135, CVE-2021-43389, CVE-2021-4439, CVE-2021-47103, CVE-2021-47145, CVE-2021-47191, CVE-2021-47193, CVE-2021-47201, CVE-2021-47267, CVE-2021-47270, CVE-2021-47275, CVE-2021-47293, CVE-2021-47294, CVE-2021-47297, CVE-2021-47309, CVE-2021-47328, CVE-2021-47354, CVE-2021-47372, CVE-2021-47379, CVE-2021-47407, CVE-2021-47418, CVE-2021-47434, CVE-2021-47438, CVE-2021-47445, CVE-2021-47498, CVE-2021-47518, CVE-2021-47520, CVE-2021-47544, CVE-2021-47547, CVE-2021-47566, CVE-2021-47571, CVE-2021-47576, CVE-2021-47587, CVE-2021-47589, CVE-2021-47600, CVE-2021-47602, CVE-2021-47603, CVE-2021-47609, CVE-2021-47617, CVE-2022-0435, CVE-2022-22942, CVE-2022-48711, CVE-2022-48715, CVE-2022-48722, CVE-2022-48732, CVE-2022-48733, CVE-2022-48740, CVE-2022-48743, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-4244, CVE-2023-52507, CVE-2023-52622, CVE-2023-52675, CVE-2023-52683, CVE-2023-52693, CVE-2023-52737, CVE-2023-52752, CVE-2023-52753, CVE-2023-52754, CVE-2023-52757, CVE-2023-52762, CVE-2023-52764, CVE-2023-52784, CVE-2023-52808, CVE-2023-52809, CVE-2023-5281, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2023-52832, CVE-2023-52834, CVE-2023-52835, CVE-2023-52843, CVE-2023-52845, CVE-2023-52855, CVE-2023-52881, CVE-2024-26633, CVE-2024-26635, CVE-2024-26636, CVE-2024-26641, CVE-2024-26679, CVE-2024-26687, CVE-2024-26720, CVE-2024-26813, CVE-2024-26845, CVE-2024-26863, CVE-2024-26880, CVE-2024-26894, CVE-2024-26923, CVE-2024-26928, CVE-2024-26973, CVE-2024-27399, CVE-2024-27410, CVE-2024-35247, CVE-2024-35805, CVE-2024-35807, CVE-2024-35819, CVE-2024-35822, CVE-2024-35828, CVE-2024-35835, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35867, CVE-2024-35868, CVE-2024-35870, CVE-2024-35886, CVE-2024-35896, CVE-2024-35922, CVE-2024-35925, CVE-2024-35930, CVE-2024-35947, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35976, CVE-2024-35979, CVE-2024-35997, CVE-2024-35998, CVE-2024-36014, CVE-2024-36016, CVE-2024-36017, CVE-2024-36025, CVE-2024-36479, CVE-2024-36880, CVE-2024-36894, CVE-2024-36915, CVE-2024-36917, CVE-2024-36919, CVE-2024-36923, CVE-2024-36934, CVE-2024-36938, CVE-2024-36940, CVE-2024-36941, CVE-2024-36949, CVE-2024-36950, CVE-2024-36952, CVE-2024-36960, CVE-2024-36964, CVE-2024-37021, CVE-2024-37354, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38549, CVE-2024-38552, CVE-2024-38553, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38597, CVE-2024-38598, CVE-2024-38601, CVE-2024-38608, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39475
Maintenance Incident: [SUSE:Maintenance:34719](https://smelt.suse.de/incident/34719/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_58-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.222.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.