Bug 1218757 (CVE-2023-51782)

Summary:	VUL-0: CVE-2023-51782: kernel-source,kernel-source-azure,kernel-source-rt: use-after-free because of a rose_accept race condition
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	mkoutny, thomas.leroy
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/390911/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-51782:6.7:(AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2024-01-12 08:43:47 UTC

An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51782
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8
https://www.cve.org/CVERecord?id=CVE-2023-51782
https://github.com/torvalds/linux/commit/810c38a369a0a0ce625b5c12169abce1dd9ccd53
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html

Comment 1 Thomas Leroy 2024-01-12 09:04:12 UTC

Kernel seems affected since 2.6, but afaics we build the module only in the following:
- stable
- cve/linux-3.0
- SLE15-SP4
- SLE15-SP6

However, stable, SLE15-SP4 and SLE15-SP6 already have the fix. So I think only cve/linux-3.0 remains affected.

Comment 2 Michal Koutný 2024-01-12 09:29:14 UTC

Reassigning to a concrete person to ensure progress [1] (feel free to pass to next one), see also the process at [2].

(In reply to Thomas Leroy from comment #1)
> Kernel seems affected since 2.6, but afaics we build the module only in the
> following:
> - stable
> - cve/linux-3.0
> - SLE15-SP4
> - SLE15-SP6

Curiously, I see that SLE15-SP3-LTSS also enables the module.

> However, stable, SLE15-SP4 and SLE15-SP6 already have the fix. So I think
> only cve/linux-3.0 remains affected.

On top of the config, there is also supported.conf that lists rose module as unsupported both in SLE11-SP4-LTSS and SLE15-SP3-LTSS.

This reminds me bug 1202660 (wontfix). Takashi, could you please review the same reasoning applies also here?

 
[1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel
[2] https://wiki.suse.net/index.php/SUSE-Labs/Kernel/Security

Comment 3 Thomas Leroy 2024-01-12 09:40:13 UTC

(In reply to Michal Koutný from comment #2)
> Curiously, I see that SLE15-SP3-LTSS also enables the module.

Since cve/linux-5.3 doesn't enable CONFIG_ROSE, checking the bases branches config is actually not enough here?


> On top of the config, there is also supported.conf that lists rose module as
> unsupported both in SLE11-SP4-LTSS and SLE15-SP3-LTSS.

I ignored that, thanks! That would mean wontfix for the only affected codestream

Comment 4 Takashi Iwai 2024-01-12 09:44:46 UTC

This one should be fine to apply to all branches including cve/linux-4.4 and cve/linux-4.12 and cve/linux-5.3, as the fix has been already merged in the upstream and it's trivial.  Even if the config is disabled in cve/*, they can be enabled in the inherited branches (e.g. SLE15-SP3-LTSS).

Other two unfixed (one was reverted) in the past were due to the lack of interests in both the reporter and the upstream maintainers.

BTW, SLE15-SP4 is gone now.  The security fix is tracked in the new cve/linux-5.14 branch from now on for SLE15-SP4-LTSS and SLE15-SP5.

Comment 5 Takashi Iwai 2024-01-12 10:09:52 UTC

The reference updated on SLE15-SP6 and cve/linux-5.14 branches.
The fix backported to cve/linux-5.3, cve/linux-4.12, cve/linux-4.4 and cve/linux-3.0 branches.

Reassigned back to security team.

Comment 35 Maintenance Automation 2024-02-14 16:30:09 UTC

SUSE-SU-2024:0469-1: An update that solves 19 vulnerabilities, contains eight features and has 41 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1141539, 1174649, 1181674, 1193285, 1194869, 1209834, 1210443, 1211515, 1212091, 1214377, 1215275, 1215885, 1216441, 1216559, 1216702, 1217895, 1217987, 1217988, 1217989, 1218005, 1218447, 1218527, 1218659, 1218713, 1218723, 1218730, 1218738, 1218752, 1218757, 1218768, 1218778, 1218779, 1218804, 1218832, 1218836, 1218916, 1218948, 1218958, 1218968, 1218997, 1219006, 1219012, 1219013, 1219014, 1219053, 1219067, 1219120, 1219128, 1219136, 1219285, 1219349, 1219412, 1219429, 1219434, 1219490, 1219512, 1219568, 1219582
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086
Jira References: PED-4729, PED-6694, PED-7322, PED-7615, PED-7616, PED-7620, PED-7622, PED-7623
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5-RT_Update_10-1-150500.11.5.1, kernel-source-rt-5.14.21-150500.13.35.1, kernel-syms-rt-5.14.21-150500.13.35.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_10-1-150500.11.5.1
SUSE Real Time Module 15-SP5 (src): kernel-source-rt-5.14.21-150500.13.35.1, kernel-syms-rt-5.14.21-150500.13.35.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 36 Maintenance Automation 2024-02-14 16:36:33 UTC

SUSE-SU-2024:0468-1: An update that solves nine vulnerabilities and has 15 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1123986, 1141539, 1181674, 1206889, 1212152, 1216702, 1216989, 1217525, 1218713, 1218730, 1218752, 1218757, 1218768, 1218836, 1218968, 1219022, 1219053, 1219120, 1219412, 1219434, 1219445, 1219446
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2024-0775, CVE-2024-1086
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-source-rt-4.12.14-10.162.1, kernel-syms-rt-4.12.14-10.162.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 37 Maintenance Automation 2024-02-14 16:36:43 UTC

SUSE-SU-2024:0463-1: An update that solves 14 vulnerabilities and has four security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1193285, 1216702, 1217987, 1217988, 1217989, 1218713, 1218730, 1218752, 1218757, 1218768, 1218804, 1218832, 1218836, 1219053, 1219120, 1219412, 1219434
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0565, CVE-2024-0775, CVE-2024-1086
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 38 Maintenance Automation 2024-02-14 20:30:04 UTC

SUSE-SU-2024:0476-1: An update that solves 19 vulnerabilities and has 16 security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1177529, 1209834, 1212091, 1215885, 1216016, 1216702, 1217217, 1217670, 1217895, 1217987, 1217988, 1217989, 1218689, 1218713, 1218730, 1218752, 1218757, 1218768, 1218804, 1218832, 1218836, 1218916, 1218929, 1218930, 1218968, 1219053, 1219120, 1219128, 1219349, 1219412, 1219429, 1219434, 1219490, 1219608
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0340, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086, CVE-2024-24860
Sources used:
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_18-1-150400.1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 39 Maintenance Automation 2024-02-14 20:30:18 UTC

SUSE-SU-2024:0474-1: An update that solves 15 vulnerabilities and has four security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1193285, 1215275, 1216702, 1217987, 1217988, 1217989, 1218713, 1218730, 1218752, 1218757, 1218768, 1218804, 1218832, 1218836, 1219053, 1219120, 1219412, 1219434
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0565, CVE-2024-0775, CVE-2024-1086
Sources used:
SUSE Enterprise Storage 7.1 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1, kernel-syms-5.3.18-150300.59.150.1, kernel-source-5.3.18-150300.59.150.1, kernel-obs-build-5.3.18-150300.59.150.1
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1
openSUSE Leap 15.3 (src): kernel-obs-qa-5.3.18-150300.59.150.1, kernel-source-5.3.18-150300.59.150.1, kernel-syms-5.3.18-150300.59.150.1, kernel-livepatch-SLE15-SP3_Update_41-1-150300.7.3.1, kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1, kernel-obs-build-5.3.18-150300.59.150.1
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_41-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1, kernel-syms-5.3.18-150300.59.150.1, kernel-source-5.3.18-150300.59.150.1, kernel-obs-build-5.3.18-150300.59.150.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1, kernel-syms-5.3.18-150300.59.150.1, kernel-source-5.3.18-150300.59.150.1, kernel-obs-build-5.3.18-150300.59.150.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1, kernel-syms-5.3.18-150300.59.150.1, kernel-source-5.3.18-150300.59.150.1, kernel-obs-build-5.3.18-150300.59.150.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 40 Maintenance Automation 2024-02-15 12:30:04 UTC

SUSE-SU-2024:0478-1: An update that solves 15 vulnerabilities and has four security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1193285, 1215275, 1216702, 1217987, 1217988, 1217989, 1218713, 1218730, 1218752, 1218757, 1218768, 1218804, 1218832, 1218836, 1219053, 1219120, 1219412, 1219434
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0565, CVE-2024-0775, CVE-2024-1086
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_45-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-default-base-5.3.18-150200.24.178.1.150200.9.91.1, kernel-syms-5.3.18-150200.24.178.1, kernel-obs-build-5.3.18-150200.24.178.1, kernel-source-5.3.18-150200.24.178.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-default-base-5.3.18-150200.24.178.1.150200.9.91.1, kernel-syms-5.3.18-150200.24.178.1, kernel-obs-build-5.3.18-150200.24.178.1, kernel-source-5.3.18-150200.24.178.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-default-base-5.3.18-150200.24.178.1.150200.9.91.1, kernel-syms-5.3.18-150200.24.178.1, kernel-obs-build-5.3.18-150200.24.178.1, kernel-source-5.3.18-150200.24.178.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 41 Maintenance Automation 2024-02-15 16:30:06 UTC

SUSE-SU-2024:0484-1: An update that solves 15 vulnerabilities and has 15 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1123986, 1141539, 1181674, 1206889, 1212152, 1216702, 1216989, 1217525, 1217946, 1217987, 1217988, 1217989, 1218689, 1218713, 1218730, 1218752, 1218757, 1218768, 1218836, 1218968, 1219022, 1219053, 1219120, 1219128, 1219412, 1219434, 1219445, 1219446
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6610, CVE-2024-0340, CVE-2024-0775, CVE-2024-1086
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_53-1-8.5.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.194.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-4.12.14-122.194.1, kernel-source-4.12.14-122.194.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-4.12.14-122.194.1, kernel-source-4.12.14-122.194.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-4.12.14-122.194.1, kernel-source-4.12.14-122.194.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 42 Maintenance Automation 2024-02-15 16:30:16 UTC

SUSE-SU-2024:0516-1: An update that solves 21 vulnerabilities, contains nine features and has 40 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1141539, 1174649, 1181674, 1193285, 1194869, 1209834, 1210443, 1211515, 1212091, 1214377, 1215275, 1215885, 1216441, 1216559, 1216702, 1217895, 1217987, 1217988, 1217989, 1218005, 1218447, 1218527, 1218659, 1218689, 1218713, 1218723, 1218730, 1218752, 1218757, 1218768, 1218778, 1218779, 1218804, 1218832, 1218836, 1218916, 1218948, 1218958, 1218968, 1218997, 1219006, 1219012, 1219013, 1219014, 1219053, 1219067, 1219120, 1219128, 1219136, 1219285, 1219349, 1219412, 1219429, 1219434, 1219490, 1219512, 1219568, 1219582, 1219608
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0340, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086, CVE-2024-24860
Jira References: PED-4729, PED-6694, PED-7322, PED-7615, PED-7616, PED-7618, PED-7620, PED-7622, PED-7623
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5_Update_10-1-150500.11.5.1, kernel-source-5.14.21-150500.55.49.1, kernel-default-base-5.14.21-150500.55.49.1.150500.6.21.2, kernel-obs-build-5.14.21-150500.55.49.1, kernel-syms-5.14.21-150500.55.49.1, kernel-obs-qa-5.14.21-150500.55.49.1
SUSE Linux Enterprise Micro 5.5 (src): kernel-default-base-5.14.21-150500.55.49.1.150500.6.21.2
Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.49.1, kernel-default-base-5.14.21-150500.55.49.1.150500.6.21.2
Development Tools Module 15-SP5 (src): kernel-obs-build-5.14.21-150500.55.49.1, kernel-source-5.14.21-150500.55.49.1, kernel-syms-5.14.21-150500.55.49.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_10-1-150500.11.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 43 Maintenance Automation 2024-02-15 16:30:28 UTC

SUSE-SU-2024:0515-1: An update that solves 20 vulnerabilities and has 16 security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1177529, 1209834, 1212091, 1215275, 1215885, 1216016, 1216702, 1217217, 1217670, 1217895, 1217987, 1217988, 1217989, 1218689, 1218713, 1218730, 1218752, 1218757, 1218768, 1218804, 1218832, 1218836, 1218916, 1218929, 1218930, 1218968, 1219053, 1219120, 1219128, 1219349, 1219412, 1219429, 1219434, 1219490, 1219608
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0340, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086, CVE-2024-24860
Sources used:
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1, kernel-obs-build-5.14.21-150400.24.108.1, kernel-syms-5.14.21-150400.24.108.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1, kernel-obs-build-5.14.21-150400.24.108.1, kernel-syms-5.14.21-150400.24.108.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1, kernel-obs-build-5.14.21-150400.24.108.1, kernel-syms-5.14.21-150400.24.108.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1, kernel-obs-build-5.14.21-150400.24.108.1, kernel-syms-5.14.21-150400.24.108.1
SUSE Manager Proxy 4.3 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1
SUSE Manager Retail Branch Server 4.3 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1
SUSE Manager Server 4.3 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1
openSUSE Leap 15.4 (src): kernel-source-5.14.21-150400.24.108.1, kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-syms-5.14.21-150400.24.108.1, kernel-obs-qa-5.14.21-150400.24.108.1, kernel-obs-build-5.14.21-150400.24.108.1, kernel-livepatch-SLE15-SP4_Update_23-1-150400.9.5.1
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
openSUSE Leap Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_23-1-150400.9.5.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1, kernel-obs-build-5.14.21-150400.24.108.1, kernel-syms-5.14.21-150400.24.108.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 44 Maintenance Automation 2024-02-15 16:30:40 UTC

SUSE-SU-2024:0514-1: An update that solves 21 vulnerabilities, contains nine features and has 41 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1141539, 1174649, 1181674, 1193285, 1194869, 1209834, 1210443, 1211515, 1212091, 1214377, 1215275, 1215885, 1216441, 1216559, 1216702, 1217895, 1217987, 1217988, 1217989, 1218005, 1218447, 1218527, 1218659, 1218689, 1218713, 1218723, 1218730, 1218738, 1218752, 1218757, 1218768, 1218778, 1218779, 1218804, 1218832, 1218836, 1218916, 1218948, 1218958, 1218968, 1218997, 1219006, 1219012, 1219013, 1219014, 1219053, 1219067, 1219120, 1219128, 1219136, 1219285, 1219349, 1219412, 1219429, 1219434, 1219490, 1219512, 1219568, 1219582, 1219608
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0340, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086, CVE-2024-24860
Jira References: PED-4729, PED-6694, PED-7322, PED-7615, PED-7616, PED-7618, PED-7620, PED-7622, PED-7623
Sources used:
openSUSE Leap 15.5 (src): kernel-source-azure-5.14.21-150500.33.34.1, kernel-syms-azure-5.14.21-150500.33.34.1
Public Cloud Module 15-SP5 (src): kernel-source-azure-5.14.21-150500.33.34.1, kernel-syms-azure-5.14.21-150500.33.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 45 Maintenance Automation 2024-02-15 16:32:23 UTC

SUSE-SU-2024:0483-1: An update that solves 11 vulnerabilities and has 15 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1123986, 1141539, 1181674, 1206889, 1212152, 1216702, 1216989, 1217525, 1218689, 1218713, 1218730, 1218752, 1218757, 1218768, 1218836, 1218968, 1219022, 1219053, 1219120, 1219128, 1219412, 1219434, 1219445, 1219446
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2024-0340, CVE-2024-0775, CVE-2024-1086
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-azure-4.12.14-16.168.1, kernel-syms-azure-4.12.14-16.168.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-azure-4.12.14-16.168.1, kernel-syms-azure-4.12.14-16.168.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-azure-4.12.14-16.168.1, kernel-syms-azure-4.12.14-16.168.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.