Bug 1218836 (CVE-2023-46838)

Summary: VUL-0: CVE-2023-46838: kernel-source: netback processing of zero-length transmit fragment (XSA-448)
Product: [Novell Products] SUSE Security Incidents Reporter: Gianluca Gabrielli <gianluca.gabrielli>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: IN_PROGRESS --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: cfontana, jlee, meissner
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/391284/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-46838:4.4:(AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 5 Gianluca Gabrielli 2024-01-23 08:48:24 UTC 
This is now public at https://seclists.org/oss-sec/2024/q1/38
--

ISSUE DESCRIPTION
=================

Transmit requests in Xen's virtual network protocol can consist of
multiple parts.  While not really useful, except for the initial part
any of them may be of zero length, i.e. carry no data at all.  Besides a
certain initial portion of the to be transferred data, these parts are
directly translated into what Linux calls SKB fragments.  Such converted
request parts can, when for a particular SKB they are all of length
zero, lead to a de-reference of NULL in core networking code.

IMPACT
======

An unprivileged guest can cause Denial of Service (DoS) of the host by
sending network packets to the backend, causing the backend to crash.

Data corruption or privilege escalation have not been ruled out.

VULNERABLE SYSTEMS
==================

All systems using a Linux based network backend with kernel 4.14 and
newer are vulnerable.  Earlier versions may also be vulnerable.  Systems
using other network backends are not known to be vulnerable.

MITIGATION
==========

Using a userspace PV network backend (e.g. the qemu based "qnic" backend)
will mitigate the problem.

Using a dedicated network driver domain per guest will mitigate the
problem.

CREDITS
=======

This issue was discovered by Pratyush Yadav of Amazon.
Comment 7 Jürgen Groß 2024-02-05 11:55:30 UTC 
Patch has been submitted to all relevant kernel branches.
Comment 33 Maintenance Automation 2024-02-14 16:30:09 UTC 
SUSE-SU-2024:0469-1: An update that solves 19 vulnerabilities, contains eight features and has 41 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1141539, 1174649, 1181674, 1193285, 1194869, 1209834, 1210443, 1211515, 1212091, 1214377, 1215275, 1215885, 1216441, 1216559, 1216702, 1217895, 1217987, 1217988, 1217989, 1218005, 1218447, 1218527, 1218659, 1218713, 1218723, 1218730, 1218738, 1218752, 1218757, 1218768, 1218778, 1218779, 1218804, 1218832, 1218836, 1218916, 1218948, 1218958, 1218968, 1218997, 1219006, 1219012, 1219013, 1219014, 1219053, 1219067, 1219120, 1219128, 1219136, 1219285, 1219349, 1219412, 1219429, 1219434, 1219490, 1219512, 1219568, 1219582
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086
Jira References: PED-4729, PED-6694, PED-7322, PED-7615, PED-7616, PED-7620, PED-7622, PED-7623
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5-RT_Update_10-1-150500.11.5.1, kernel-source-rt-5.14.21-150500.13.35.1, kernel-syms-rt-5.14.21-150500.13.35.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_10-1-150500.11.5.1
SUSE Real Time Module 15-SP5 (src): kernel-source-rt-5.14.21-150500.13.35.1, kernel-syms-rt-5.14.21-150500.13.35.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Maintenance Automation 2024-02-14 16:36:33 UTC 
SUSE-SU-2024:0468-1: An update that solves nine vulnerabilities and has 15 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1123986, 1141539, 1181674, 1206889, 1212152, 1216702, 1216989, 1217525, 1218713, 1218730, 1218752, 1218757, 1218768, 1218836, 1218968, 1219022, 1219053, 1219120, 1219412, 1219434, 1219445, 1219446
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2024-0775, CVE-2024-1086
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-source-rt-4.12.14-10.162.1, kernel-syms-rt-4.12.14-10.162.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Maintenance Automation 2024-02-14 16:36:44 UTC 
SUSE-SU-2024:0463-1: An update that solves 14 vulnerabilities and has four security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1193285, 1216702, 1217987, 1217988, 1217989, 1218713, 1218730, 1218752, 1218757, 1218768, 1218804, 1218832, 1218836, 1219053, 1219120, 1219412, 1219434
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0565, CVE-2024-0775, CVE-2024-1086
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Maintenance Automation 2024-02-14 20:30:06 UTC 
SUSE-SU-2024:0476-1: An update that solves 19 vulnerabilities and has 16 security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1177529, 1209834, 1212091, 1215885, 1216016, 1216702, 1217217, 1217670, 1217895, 1217987, 1217988, 1217989, 1218689, 1218713, 1218730, 1218752, 1218757, 1218768, 1218804, 1218832, 1218836, 1218916, 1218929, 1218930, 1218968, 1219053, 1219120, 1219128, 1219349, 1219412, 1219429, 1219434, 1219490, 1219608
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0340, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086, CVE-2024-24860
Sources used:
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_18-1-150400.1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Maintenance Automation 2024-02-14 20:30:18 UTC 
SUSE-SU-2024:0474-1: An update that solves 15 vulnerabilities and has four security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1193285, 1215275, 1216702, 1217987, 1217988, 1217989, 1218713, 1218730, 1218752, 1218757, 1218768, 1218804, 1218832, 1218836, 1219053, 1219120, 1219412, 1219434
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0565, CVE-2024-0775, CVE-2024-1086
Sources used:
SUSE Enterprise Storage 7.1 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1, kernel-syms-5.3.18-150300.59.150.1, kernel-source-5.3.18-150300.59.150.1, kernel-obs-build-5.3.18-150300.59.150.1
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1
openSUSE Leap 15.3 (src): kernel-obs-qa-5.3.18-150300.59.150.1, kernel-source-5.3.18-150300.59.150.1, kernel-syms-5.3.18-150300.59.150.1, kernel-livepatch-SLE15-SP3_Update_41-1-150300.7.3.1, kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1, kernel-obs-build-5.3.18-150300.59.150.1
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_41-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1, kernel-syms-5.3.18-150300.59.150.1, kernel-source-5.3.18-150300.59.150.1, kernel-obs-build-5.3.18-150300.59.150.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1, kernel-syms-5.3.18-150300.59.150.1, kernel-source-5.3.18-150300.59.150.1, kernel-obs-build-5.3.18-150300.59.150.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-default-base-5.3.18-150300.59.150.1.150300.18.88.1, kernel-syms-5.3.18-150300.59.150.1, kernel-source-5.3.18-150300.59.150.1, kernel-obs-build-5.3.18-150300.59.150.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Maintenance Automation 2024-02-15 12:30:04 UTC 
SUSE-SU-2024:0478-1: An update that solves 15 vulnerabilities and has four security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1193285, 1215275, 1216702, 1217987, 1217988, 1217989, 1218713, 1218730, 1218752, 1218757, 1218768, 1218804, 1218832, 1218836, 1219053, 1219120, 1219412, 1219434
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0565, CVE-2024-0775, CVE-2024-1086
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_45-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-default-base-5.3.18-150200.24.178.1.150200.9.91.1, kernel-syms-5.3.18-150200.24.178.1, kernel-obs-build-5.3.18-150200.24.178.1, kernel-source-5.3.18-150200.24.178.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-default-base-5.3.18-150200.24.178.1.150200.9.91.1, kernel-syms-5.3.18-150200.24.178.1, kernel-obs-build-5.3.18-150200.24.178.1, kernel-source-5.3.18-150200.24.178.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-default-base-5.3.18-150200.24.178.1.150200.9.91.1, kernel-syms-5.3.18-150200.24.178.1, kernel-obs-build-5.3.18-150200.24.178.1, kernel-source-5.3.18-150200.24.178.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Maintenance Automation 2024-02-15 16:30:07 UTC 
SUSE-SU-2024:0484-1: An update that solves 15 vulnerabilities and has 15 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1123986, 1141539, 1181674, 1206889, 1212152, 1216702, 1216989, 1217525, 1217946, 1217987, 1217988, 1217989, 1218689, 1218713, 1218730, 1218752, 1218757, 1218768, 1218836, 1218968, 1219022, 1219053, 1219120, 1219128, 1219412, 1219434, 1219445, 1219446
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6610, CVE-2024-0340, CVE-2024-0775, CVE-2024-1086
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_53-1-8.5.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.194.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-4.12.14-122.194.1, kernel-source-4.12.14-122.194.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-4.12.14-122.194.1, kernel-source-4.12.14-122.194.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-4.12.14-122.194.1, kernel-source-4.12.14-122.194.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Maintenance Automation 2024-02-15 16:30:17 UTC 
SUSE-SU-2024:0516-1: An update that solves 21 vulnerabilities, contains nine features and has 40 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1141539, 1174649, 1181674, 1193285, 1194869, 1209834, 1210443, 1211515, 1212091, 1214377, 1215275, 1215885, 1216441, 1216559, 1216702, 1217895, 1217987, 1217988, 1217989, 1218005, 1218447, 1218527, 1218659, 1218689, 1218713, 1218723, 1218730, 1218752, 1218757, 1218768, 1218778, 1218779, 1218804, 1218832, 1218836, 1218916, 1218948, 1218958, 1218968, 1218997, 1219006, 1219012, 1219013, 1219014, 1219053, 1219067, 1219120, 1219128, 1219136, 1219285, 1219349, 1219412, 1219429, 1219434, 1219490, 1219512, 1219568, 1219582, 1219608
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0340, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086, CVE-2024-24860
Jira References: PED-4729, PED-6694, PED-7322, PED-7615, PED-7616, PED-7618, PED-7620, PED-7622, PED-7623
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5_Update_10-1-150500.11.5.1, kernel-source-5.14.21-150500.55.49.1, kernel-default-base-5.14.21-150500.55.49.1.150500.6.21.2, kernel-obs-build-5.14.21-150500.55.49.1, kernel-syms-5.14.21-150500.55.49.1, kernel-obs-qa-5.14.21-150500.55.49.1
SUSE Linux Enterprise Micro 5.5 (src): kernel-default-base-5.14.21-150500.55.49.1.150500.6.21.2
Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.49.1, kernel-default-base-5.14.21-150500.55.49.1.150500.6.21.2
Development Tools Module 15-SP5 (src): kernel-obs-build-5.14.21-150500.55.49.1, kernel-source-5.14.21-150500.55.49.1, kernel-syms-5.14.21-150500.55.49.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_10-1-150500.11.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Maintenance Automation 2024-02-15 16:30:29 UTC 
SUSE-SU-2024:0515-1: An update that solves 20 vulnerabilities and has 16 security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1177529, 1209834, 1212091, 1215275, 1215885, 1216016, 1216702, 1217217, 1217670, 1217895, 1217987, 1217988, 1217989, 1218689, 1218713, 1218730, 1218752, 1218757, 1218768, 1218804, 1218832, 1218836, 1218916, 1218929, 1218930, 1218968, 1219053, 1219120, 1219128, 1219349, 1219412, 1219429, 1219434, 1219490, 1219608
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0340, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086, CVE-2024-24860
Sources used:
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1, kernel-obs-build-5.14.21-150400.24.108.1, kernel-syms-5.14.21-150400.24.108.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1, kernel-obs-build-5.14.21-150400.24.108.1, kernel-syms-5.14.21-150400.24.108.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1, kernel-obs-build-5.14.21-150400.24.108.1, kernel-syms-5.14.21-150400.24.108.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1, kernel-obs-build-5.14.21-150400.24.108.1, kernel-syms-5.14.21-150400.24.108.1
SUSE Manager Proxy 4.3 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1
SUSE Manager Retail Branch Server 4.3 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1
SUSE Manager Server 4.3 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1
openSUSE Leap 15.4 (src): kernel-source-5.14.21-150400.24.108.1, kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-syms-5.14.21-150400.24.108.1, kernel-obs-qa-5.14.21-150400.24.108.1, kernel-obs-build-5.14.21-150400.24.108.1, kernel-livepatch-SLE15-SP4_Update_23-1-150400.9.5.1
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
openSUSE Leap Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_23-1-150400.9.5.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2, kernel-source-5.14.21-150400.24.108.1, kernel-obs-build-5.14.21-150400.24.108.1, kernel-syms-5.14.21-150400.24.108.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Maintenance Automation 2024-02-15 16:30:40 UTC 
SUSE-SU-2024:0514-1: An update that solves 21 vulnerabilities, contains nine features and has 41 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1141539, 1174649, 1181674, 1193285, 1194869, 1209834, 1210443, 1211515, 1212091, 1214377, 1215275, 1215885, 1216441, 1216559, 1216702, 1217895, 1217987, 1217988, 1217989, 1218005, 1218447, 1218527, 1218659, 1218689, 1218713, 1218723, 1218730, 1218738, 1218752, 1218757, 1218768, 1218778, 1218779, 1218804, 1218832, 1218836, 1218916, 1218948, 1218958, 1218968, 1218997, 1219006, 1219012, 1219013, 1219014, 1219053, 1219067, 1219120, 1219128, 1219136, 1219285, 1219349, 1219412, 1219429, 1219434, 1219490, 1219512, 1219568, 1219582, 1219608
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0340, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086, CVE-2024-24860
Jira References: PED-4729, PED-6694, PED-7322, PED-7615, PED-7616, PED-7618, PED-7620, PED-7622, PED-7623
Sources used:
openSUSE Leap 15.5 (src): kernel-source-azure-5.14.21-150500.33.34.1, kernel-syms-azure-5.14.21-150500.33.34.1
Public Cloud Module 15-SP5 (src): kernel-source-azure-5.14.21-150500.33.34.1, kernel-syms-azure-5.14.21-150500.33.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Maintenance Automation 2024-02-15 16:32:23 UTC 
SUSE-SU-2024:0483-1: An update that solves 11 vulnerabilities and has 15 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1123986, 1141539, 1181674, 1206889, 1212152, 1216702, 1216989, 1217525, 1218689, 1218713, 1218730, 1218752, 1218757, 1218768, 1218836, 1218968, 1219022, 1219053, 1219120, 1219128, 1219412, 1219434, 1219445, 1219446
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2024-0340, CVE-2024-0775, CVE-2024-1086
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-azure-4.12.14-16.168.1, kernel-syms-azure-4.12.14-16.168.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-azure-4.12.14-16.168.1, kernel-syms-azure-4.12.14-16.168.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-azure-4.12.14-16.168.1, kernel-syms-azure-4.12.14-16.168.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.