Bug 1225010 (CVE-2021-47311)

Summary:	VUL-0: CVE-2021-47311: kernel: net: qcom/emac: fix UAF in emac_remove
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Major
Priority:	P2 - High	CC:	camila.matos, jlee, meissner, mhocko
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/406946/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-47311:7.0:(AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Bug Depends on:
Bug Blocks:	1227752

Description SMASH SMASH 2024-05-22 13:33:04 UTC

In the Linux kernel, the following vulnerability has been resolved:

net: qcom/emac: fix UAF in emac_remove

adpt is netdev private data and it cannot be
used after free_netdev() call. Using adpt after free_netdev()
can cause UAF bug. Fix it by moving free_netdev() at the end of the
function.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47311
https://www.cve.org/CVERecord?id=CVE-2021-47311
https://git.kernel.org/stable/c/11e9d163d631198bb3eb41a677a61b499516c0f7
https://git.kernel.org/stable/c/2b70ca92847c619d6264c7372ef74fcbfd1e048c
https://git.kernel.org/stable/c/4d04a42b926e682140776e54188f4a44f1f01a81
https://git.kernel.org/stable/c/8a225a6e07a57a1538d53637cb3d82bd3e477839
https://git.kernel.org/stable/c/ad297cd2db8953e2202970e9504cab247b6c7cb4
https://git.kernel.org/stable/c/b1e091331920f8fbfc747dcbd16263fcd71abb2d
https://git.kernel.org/stable/c/b560521eca03d0a2db6093a5a632cbdd0a0cf833
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47311.mbox

Comment 1 Joey Lee 2024-05-23 04:58:14 UTC

joeyli@linux-691t:/mnt/working/source_code-git/kernel-source> ./scripts/check-kernel-fix CVE-2021-47311
ad297cd2db89 ("net: qcom/emac: fix UAF in emac_remove") merged v5.14-rc2~28^2~21
Fixes: 54e19bc74f33 ("net: qcom/emac: do not use devm on internal phy pdev") merged v4.9-rc1~127^2~37^2~2
Security fix for CVE-2021-47311 bsc#1225010 with CVSS 7
Experts candidates: tbogendoerfer@suse.de denis.kirjanov@suse.com 
..............................
ACTION NEEDED!
SLE12-SP3-LTSS: MANUAL: backport ad297cd2db8953e2202970e9504cab247b6c7cb4 (Fixes 54e19bc74f33)
SLE12-SP3-TD: MANUAL: backport ad297cd2db8953e2202970e9504cab247b6c7cb4 (Fixes 54e19bc74f33)
cve/linux-5.3-LTSS: MANUAL: backport ad297cd2db8953e2202970e9504cab247b6c7cb4 (Fixes 54e19bc74f33)

Comment 2 Joey Lee 2024-05-23 05:00:11 UTC

Hi Denis,

Because this is a issue for net. Could you please help to handle it?

If this is not in your area, just reset bug assigner to kernel-bugs@suse.de. Kernel Security Sentinel will find other expert.

Thanks a lot!

Comment 8 Maintenance Automation 2024-06-11 08:30:35 UTC

SUSE-SU-2024:1979-1: An update that solves 180 vulnerabilities and has 18 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1101816, 1181674, 1185902, 1187716, 1188616, 1190317, 1190795, 1191452, 1194591, 1197760, 1206213, 1206646, 1207186, 1209657, 1210335, 1215702, 1216702, 1217169, 1217519, 1220487, 1220854, 1220928, 1221044, 1221081, 1221086, 1221977, 1221994, 1222619, 1222627, 1222667, 1222671, 1222893, 1222894, 1223023, 1223046, 1223048, 1223084, 1223138, 1223207, 1223360, 1223384, 1223633, 1223653, 1223666, 1223671, 1223738, 1223752, 1223834, 1223922, 1223932, 1223948, 1224096, 1224174, 1224181, 1224347, 1224482, 1224511, 1224525, 1224566, 1224580, 1224592, 1224601, 1224607, 1224621, 1224644, 1224645, 1224648, 1224650, 1224663, 1224671, 1224676, 1224680, 1224682, 1224725, 1224728, 1224733, 1224738, 1224747, 1224749, 1224759, 1224803, 1224827, 1224830, 1224831, 1224834, 1224838, 1224841, 1224844, 1224846, 1224847, 1224849, 1224854, 1224859, 1224867, 1224880, 1224882, 1224888, 1224889, 1224892, 1224893, 1224899, 1224904, 1224907, 1224916, 1224917, 1224922, 1224926, 1224930, 1224931, 1224942, 1224954, 1224957, 1224959, 1224960, 1224961, 1224963, 1224966, 1224968, 1224981, 1224982, 1224983, 1224987, 1224990, 1224996, 1225008, 1225009, 1225010, 1225022, 1225026, 1225030, 1225054, 1225058, 1225059, 1225060, 1225062, 1225082, 1225084, 1225086, 1225092, 1225096, 1225112, 1225124, 1225128, 1225132, 1225141, 1225143, 1225144, 1225151, 1225153, 1225155, 1225157, 1225164, 1225177, 1225189, 1225192, 1225193, 1225198, 1225201, 1225207, 1225208, 1225222, 1225230, 1225242, 1225244, 1225247, 1225251, 1225252, 1225256, 1225303, 1225318, 1225322, 1225329, 1225330, 1225336, 1225347, 1225351, 1225354, 1225355, 1225360, 1225366, 1225367, 1225384, 1225390, 1225404, 1225409, 1225411, 1225438, 1225453, 1225479, 1225482, 1225506, 1225549, 1225560, 1225572, 1225640, 1225708, 1225764
CVE References: CVE-2021-46933, CVE-2021-47074, CVE-2021-47162, CVE-2021-47171, CVE-2021-47188, CVE-2021-47206, CVE-2021-47220, CVE-2021-47229, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47238, CVE-2021-47239, CVE-2021-47245, CVE-2021-47246, CVE-2021-47248, CVE-2021-47249, CVE-2021-47250, CVE-2021-47252, CVE-2021-47254, CVE-2021-47258, CVE-2021-47260, CVE-2021-47261, CVE-2021-47265, CVE-2021-47269, CVE-2021-47274, CVE-2021-47276, CVE-2021-47277, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47310, CVE-2021-47311, CVE-2021-47314, CVE-2021-47315, CVE-2021-47319, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47330, CVE-2021-47334, CVE-2021-47337, CVE-2021-47343, CVE-2021-47344, CVE-2021-47345, CVE-2021-47347, CVE-2021-47352, CVE-2021-47353, CVE-2021-47355, CVE-2021-47356, CVE-2021-47357, CVE-2021-47361, CVE-2021-47362, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47382, CVE-2021-47383, CVE-2021-47391, CVE-2021-47397, CVE-2021-47400, CVE-2021-47401, CVE-2021-47404, CVE-2021-47409, CVE-2021-47416, CVE-2021-47423, CVE-2021-47424, CVE-2021-47431, CVE-2021-47435, CVE-2021-47436, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47469, CVE-2021-47472, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47483, CVE-2021-47485, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47500, CVE-2021-47506, CVE-2021-47509, CVE-2021-47511, CVE-2021-47523, CVE-2021-47541, CVE-2021-47548, CVE-2021-47565, CVE-2022-48686, CVE-2022-48697, CVE-2022-48704, CVE-2022-48708, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-42755, CVE-2023-47233, CVE-2023-52527, CVE-2023-52586, CVE-2023-52591, CVE-2023-52655, CVE-2023-52664, CVE-2023-52685, CVE-2023-52686, CVE-2023-52691, CVE-2023-52696, CVE-2023-52698, CVE-2023-52703, CVE-2023-52730, CVE-2023-52732, CVE-2023-52741, CVE-2023-52742, CVE-2023-52747, CVE-2023-52759, CVE-2023-52774, CVE-2023-52781, CVE-2023-52796, CVE-2023-52803, CVE-2023-52821, CVE-2023-52864, CVE-2023-52865, CVE-2023-52867, CVE-2023-52875, CVE-2023-52880, CVE-2024-26625, CVE-2024-26752, CVE-2024-26775, CVE-2024-26828, CVE-2024-26846, CVE-2024-26874, CVE-2024-26900, CVE-2024-26915, CVE-2024-26920, CVE-2024-26921, CVE-2024-26934, CVE-2024-26957, CVE-2024-26958, CVE-2024-26984, CVE-2024-26996, CVE-2024-27059, CVE-2024-27062, CVE-2024-27396, CVE-2024-27398, CVE-2024-27401, CVE-2024-27419, CVE-2024-27436, CVE-2024-35789, CVE-2024-35791, CVE-2024-35809, CVE-2024-35811, CVE-2024-35830, CVE-2024-35849, CVE-2024-35877, CVE-2024-35878, CVE-2024-35887, CVE-2024-35895, CVE-2024-35914, CVE-2024-35932, CVE-2024-35935, CVE-2024-35936, CVE-2024-35944, CVE-2024-35955, CVE-2024-35969, CVE-2024-35982, CVE-2024-35984, CVE-2024-36015, CVE-2024-36029, CVE-2024-36954
Maintenance Incident: [SUSE:Maintenance:34205](https://smelt.suse.de/incident/34205/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.188.1, kernel-source-azure-4.12.14-16.188.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.188.1, kernel-source-azure-4.12.14-16.188.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.188.1, kernel-source-azure-4.12.14-16.188.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Maintenance Automation 2024-06-11 12:30:47 UTC

SUSE-SU-2024:1983-1: An update that solves 199 vulnerabilities and has 26 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1101816, 1141539, 1181674, 1185902, 1187716, 1188616, 1190317, 1190795, 1191452, 1194591, 1197760, 1197894, 1203935, 1206213, 1206646, 1207186, 1209657, 1210335, 1215702, 1216702, 1217169, 1217519, 1218917, 1220487, 1220513, 1220854, 1220928, 1221044, 1221081, 1221086, 1221543, 1221545, 1221816, 1221977, 1221994, 1222559, 1222619, 1222627, 1222667, 1222671, 1222793, 1222893, 1222894, 1223023, 1223046, 1223048, 1223084, 1223119, 1223138, 1223207, 1223360, 1223384, 1223432, 1223509, 1223512, 1223539, 1223540, 1223626, 1223627, 1223633, 1223653, 1223666, 1223671, 1223712, 1223715, 1223738, 1223744, 1223752, 1223802, 1223819, 1223834, 1223922, 1223923, 1223931, 1223932, 1223948, 1223969, 1224096, 1224174, 1224181, 1224347, 1224482, 1224511, 1224525, 1224566, 1224580, 1224592, 1224601, 1224607, 1224621, 1224644, 1224645, 1224648, 1224650, 1224663, 1224671, 1224676, 1224680, 1224682, 1224725, 1224728, 1224733, 1224738, 1224747, 1224749, 1224759, 1224803, 1224827, 1224830, 1224831, 1224834, 1224838, 1224841, 1224844, 1224846, 1224847, 1224849, 1224854, 1224859, 1224867, 1224880, 1224882, 1224888, 1224889, 1224892, 1224893, 1224899, 1224904, 1224907, 1224916, 1224917, 1224922, 1224926, 1224930, 1224931, 1224942, 1224954, 1224956, 1224957, 1224959, 1224960, 1224961, 1224963, 1224966, 1224968, 1224981, 1224982, 1224983, 1224987, 1224990, 1224996, 1225008, 1225009, 1225010, 1225022, 1225026, 1225030, 1225054, 1225058, 1225059, 1225060, 1225062, 1225082, 1225084, 1225086, 1225092, 1225096, 1225112, 1225124, 1225128, 1225132, 1225141, 1225143, 1225144, 1225151, 1225153, 1225155, 1225157, 1225164, 1225177, 1225189, 1225192, 1225193, 1225198, 1225201, 1225207, 1225208, 1225222, 1225230, 1225242, 1225244, 1225247, 1225251, 1225252, 1225256, 1225303, 1225318, 1225322, 1225329, 1225330, 1225336, 1225347, 1225351, 1225354, 1225355, 1225360, 1225366, 1225367, 1225384, 1225390, 1225404, 1225409, 1225411, 1225438, 1225453, 1225479, 1225482, 1225506, 1225549, 1225560, 1225572, 1225640, 1225708, 1225764
CVE References: CVE-2021-46933, CVE-2021-46955, CVE-2021-47074, CVE-2021-47113, CVE-2021-47131, CVE-2021-47162, CVE-2021-47171, CVE-2021-47188, CVE-2021-47206, CVE-2021-47220, CVE-2021-47229, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47238, CVE-2021-47239, CVE-2021-47245, CVE-2021-47246, CVE-2021-47248, CVE-2021-47249, CVE-2021-47250, CVE-2021-47252, CVE-2021-47254, CVE-2021-47258, CVE-2021-47260, CVE-2021-47261, CVE-2021-47265, CVE-2021-47269, CVE-2021-47274, CVE-2021-47276, CVE-2021-47277, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47310, CVE-2021-47311, CVE-2021-47314, CVE-2021-47315, CVE-2021-47319, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47330, CVE-2021-47334, CVE-2021-47337, CVE-2021-47343, CVE-2021-47344, CVE-2021-47345, CVE-2021-47347, CVE-2021-47352, CVE-2021-47353, CVE-2021-47355, CVE-2021-47356, CVE-2021-47357, CVE-2021-47361, CVE-2021-47362, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47382, CVE-2021-47383, CVE-2021-47391, CVE-2021-47397, CVE-2021-47400, CVE-2021-47401, CVE-2021-47404, CVE-2021-47409, CVE-2021-47416, CVE-2021-47423, CVE-2021-47424, CVE-2021-47431, CVE-2021-47435, CVE-2021-47436, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47469, CVE-2021-47472, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47483, CVE-2021-47485, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47500, CVE-2021-47506, CVE-2021-47509, CVE-2021-47511, CVE-2021-47523, CVE-2021-47541, CVE-2021-47548, CVE-2021-47565, CVE-2022-48636, CVE-2022-48650, CVE-2022-48672, CVE-2022-48686, CVE-2022-48697, CVE-2022-48702, CVE-2022-48704, CVE-2022-48708, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-42755, CVE-2023-47233, CVE-2023-52527, CVE-2023-52586, CVE-2023-52591, CVE-2023-52646, CVE-2023-52653, CVE-2023-52655, CVE-2023-52664, CVE-2023-52685, CVE-2023-52686, CVE-2023-52691, CVE-2023-52696, CVE-2023-52698, CVE-2023-52703, CVE-2023-52730, CVE-2023-52732, CVE-2023-52741, CVE-2023-52742, CVE-2023-52747, CVE-2023-52759, CVE-2023-52774, CVE-2023-52781, CVE-2023-52796, CVE-2023-52803, CVE-2023-52821, CVE-2023-52864, CVE-2023-52865, CVE-2023-52867, CVE-2023-52875, CVE-2023-52880, CVE-2024-0639, CVE-2024-26625, CVE-2024-26739, CVE-2024-26752, CVE-2024-26775, CVE-2024-26791, CVE-2024-26828, CVE-2024-26846, CVE-2024-26874, CVE-2024-26876, CVE-2024-26900, CVE-2024-26915, CVE-2024-26920, CVE-2024-26921, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26934, CVE-2024-26957, CVE-2024-26958, CVE-2024-26984, CVE-2024-26996, CVE-2024-27008, CVE-2024-27054, CVE-2024-27059, CVE-2024-27062, CVE-2024-27388, CVE-2024-27396, CVE-2024-27398, CVE-2024-27401, CVE-2024-27419, CVE-2024-27436, CVE-2024-35789, CVE-2024-35791, CVE-2024-35809, CVE-2024-35811, CVE-2024-35830, CVE-2024-35849, CVE-2024-35877, CVE-2024-35878, CVE-2024-35887, CVE-2024-35895, CVE-2024-35914, CVE-2024-35932, CVE-2024-35935, CVE-2024-35936, CVE-2024-35944, CVE-2024-35955, CVE-2024-35969, CVE-2024-35982, CVE-2024-35984, CVE-2024-36015, CVE-2024-36029, CVE-2024-36954
Maintenance Incident: [SUSE:Maintenance:34218](https://smelt.suse.de/incident/34218/)
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src):
 kernel-syms-rt-4.12.14-10.188.1, kernel-source-rt-4.12.14-10.188.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Maintenance Automation 2024-06-24 20:31:00 UTC

SUSE-SU-2024:2184-1: An update that solves 198 vulnerabilities and has 28 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1101816, 1141539, 1181674, 1185902, 1187716, 1188616, 1190317, 1190795, 1191452, 1194591, 1197760, 1197894, 1203935, 1206213, 1206646, 1207186, 1209657, 1210335, 1215702, 1216702, 1217169, 1217519, 1218917, 1220487, 1220513, 1220854, 1220928, 1221044, 1221081, 1221086, 1221543, 1221545, 1221816, 1221977, 1221994, 1222559, 1222619, 1222627, 1222667, 1222671, 1222793, 1222893, 1222894, 1223023, 1223046, 1223048, 1223062, 1223084, 1223119, 1223138, 1223207, 1223360, 1223384, 1223432, 1223509, 1223512, 1223539, 1223540, 1223626, 1223627, 1223633, 1223653, 1223666, 1223671, 1223712, 1223715, 1223738, 1223744, 1223752, 1223802, 1223819, 1223834, 1223922, 1223923, 1223931, 1223932, 1223948, 1223969, 1224096, 1224174, 1224181, 1224347, 1224482, 1224511, 1224525, 1224566, 1224580, 1224592, 1224601, 1224607, 1224621, 1224644, 1224645, 1224648, 1224650, 1224663, 1224671, 1224676, 1224680, 1224682, 1224725, 1224728, 1224733, 1224738, 1224747, 1224749, 1224759, 1224803, 1224827, 1224830, 1224831, 1224834, 1224838, 1224841, 1224844, 1224846, 1224847, 1224849, 1224854, 1224859, 1224867, 1224880, 1224882, 1224888, 1224889, 1224892, 1224893, 1224899, 1224904, 1224907, 1224916, 1224917, 1224922, 1224926, 1224930, 1224931, 1224942, 1224954, 1224956, 1224957, 1224959, 1224960, 1224961, 1224963, 1224966, 1224968, 1224981, 1224982, 1224983, 1224987, 1224990, 1224996, 1225008, 1225009, 1225010, 1225022, 1225026, 1225030, 1225054, 1225058, 1225059, 1225060, 1225062, 1225082, 1225084, 1225086, 1225092, 1225096, 1225112, 1225124, 1225128, 1225132, 1225141, 1225143, 1225144, 1225151, 1225153, 1225155, 1225157, 1225164, 1225177, 1225189, 1225192, 1225193, 1225198, 1225201, 1225207, 1225208, 1225222, 1225230, 1225242, 1225244, 1225247, 1225251, 1225252, 1225256, 1225303, 1225318, 1225322, 1225329, 1225330, 1225336, 1225347, 1225351, 1225354, 1225355, 1225360, 1225366, 1225367, 1225384, 1225390, 1225404, 1225409, 1225411, 1225438, 1225453, 1225479, 1225482, 1225506, 1225549, 1225560, 1225572, 1225640, 1225708, 1225764
CVE References: CVE-2021-46933, CVE-2021-46955, CVE-2021-47074, CVE-2021-47113, CVE-2021-47131, CVE-2021-47162, CVE-2021-47171, CVE-2021-47188, CVE-2021-47206, CVE-2021-47220, CVE-2021-47229, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47238, CVE-2021-47239, CVE-2021-47245, CVE-2021-47246, CVE-2021-47248, CVE-2021-47249, CVE-2021-47250, CVE-2021-47252, CVE-2021-47254, CVE-2021-47258, CVE-2021-47260, CVE-2021-47261, CVE-2021-47265, CVE-2021-47269, CVE-2021-47274, CVE-2021-47276, CVE-2021-47277, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47310, CVE-2021-47311, CVE-2021-47314, CVE-2021-47315, CVE-2021-47319, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47330, CVE-2021-47334, CVE-2021-47337, CVE-2021-47343, CVE-2021-47344, CVE-2021-47345, CVE-2021-47347, CVE-2021-47352, CVE-2021-47353, CVE-2021-47355, CVE-2021-47356, CVE-2021-47357, CVE-2021-47361, CVE-2021-47362, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47382, CVE-2021-47383, CVE-2021-47391, CVE-2021-47397, CVE-2021-47400, CVE-2021-47401, CVE-2021-47404, CVE-2021-47409, CVE-2021-47416, CVE-2021-47423, CVE-2021-47424, CVE-2021-47431, CVE-2021-47435, CVE-2021-47436, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47469, CVE-2021-47472, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47483, CVE-2021-47485, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47500, CVE-2021-47506, CVE-2021-47509, CVE-2021-47511, CVE-2021-47523, CVE-2021-47541, CVE-2021-47548, CVE-2021-47565, CVE-2022-48636, CVE-2022-48650, CVE-2022-48672, CVE-2022-48686, CVE-2022-48697, CVE-2022-48702, CVE-2022-48704, CVE-2022-48708, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-42755, CVE-2023-47233, CVE-2023-52527, CVE-2023-52586, CVE-2023-52591, CVE-2023-52646, CVE-2023-52653, CVE-2023-52655, CVE-2023-52664, CVE-2023-52685, CVE-2023-52686, CVE-2023-52691, CVE-2023-52696, CVE-2023-52698, CVE-2023-52703, CVE-2023-52730, CVE-2023-52732, CVE-2023-52741, CVE-2023-52742, CVE-2023-52747, CVE-2023-52759, CVE-2023-52774, CVE-2023-52781, CVE-2023-52796, CVE-2023-52803, CVE-2023-52821, CVE-2023-52864, CVE-2023-52865, CVE-2023-52867, CVE-2023-52875, CVE-2023-52880, CVE-2024-0639, CVE-2024-26625, CVE-2024-26739, CVE-2024-26752, CVE-2024-26775, CVE-2024-26791, CVE-2024-26828, CVE-2024-26846, CVE-2024-26874, CVE-2024-26876, CVE-2024-26900, CVE-2024-26915, CVE-2024-26920, CVE-2024-26921, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26934, CVE-2024-26957, CVE-2024-26958, CVE-2024-26984, CVE-2024-26996, CVE-2024-27008, CVE-2024-27054, CVE-2024-27059, CVE-2024-27062, CVE-2024-27388, CVE-2024-27396, CVE-2024-27398, CVE-2024-27401, CVE-2024-27419, CVE-2024-27436, CVE-2024-35789, CVE-2024-35791, CVE-2024-35809, CVE-2024-35811, CVE-2024-35830, CVE-2024-35849, CVE-2024-35877, CVE-2024-35878, CVE-2024-35887, CVE-2024-35895, CVE-2024-35914, CVE-2024-35932, CVE-2024-35935, CVE-2024-35936, CVE-2024-35944, CVE-2024-35955, CVE-2024-35969, CVE-2024-35982, CVE-2024-36015, CVE-2024-36029, CVE-2024-36954
Maintenance Incident: [SUSE:Maintenance:34269](https://smelt.suse.de/incident/34269/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_57-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.219.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-source-4.12.14-122.219.1, kernel-syms-4.12.14-122.219.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-source-4.12.14-122.219.1, kernel-syms-4.12.14-122.219.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-source-4.12.14-122.219.1, kernel-syms-4.12.14-122.219.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Maintenance Automation 2024-07-09 16:30:15 UTC

SUSE-SU-2024:2365-1: An update that solves 38 vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1171988, 1191958, 1195065, 1195254, 1202623, 1218148, 1219224, 1222015, 1223138, 1223384, 1224671, 1224703, 1224749, 1224764, 1224765, 1224766, 1224865, 1225010, 1225047, 1225109, 1225161, 1225184, 1225203, 1225487, 1225518, 1225611, 1225732, 1225749, 1225840, 1225866, 1226563, 1226587, 1226595, 1226670, 1226672, 1226712, 1226732, 1226758, 1226786, 1226962
CVE References: CVE-2020-10135, CVE-2021-3896, CVE-2021-43389, CVE-2021-4439, CVE-2021-47247, CVE-2021-47311, CVE-2021-47328, CVE-2021-47368, CVE-2021-47372, CVE-2021-47379, CVE-2021-47571, CVE-2021-47583, CVE-2022-0435, CVE-2022-22942, CVE-2022-2938, CVE-2022-48711, CVE-2022-48760, CVE-2022-48771, CVE-2023-24023, CVE-2023-52707, CVE-2023-52752, CVE-2023-52881, CVE-2024-26921, CVE-2024-26923, CVE-2024-35789, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35878, CVE-2024-35950, CVE-2024-36894, CVE-2024-36904, CVE-2024-36940, CVE-2024-36964, CVE-2024-38541, CVE-2024-38545, CVE-2024-38559, CVE-2024-38560
Maintenance Incident: [SUSE:Maintenance:34559](https://smelt.suse.de/incident/34559/)
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src):
 kernel-livepatch-SLE15-SP2_Update_50-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 kernel-source-5.3.18-150200.24.197.1, kernel-default-base-5.3.18-150200.24.197.1.150200.9.101.1, kernel-syms-5.3.18-150200.24.197.1, kernel-obs-build-5.3.18-150200.24.197.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 kernel-source-5.3.18-150200.24.197.1, kernel-default-base-5.3.18-150200.24.197.1.150200.9.101.1, kernel-syms-5.3.18-150200.24.197.1, kernel-obs-build-5.3.18-150200.24.197.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 kernel-source-5.3.18-150200.24.197.1, kernel-default-base-5.3.18-150200.24.197.1.150200.9.101.1, kernel-syms-5.3.18-150200.24.197.1, kernel-obs-build-5.3.18-150200.24.197.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Maintenance Automation 2024-07-09 16:32:12 UTC

SUSE-SU-2024:2362-1: An update that solves 72 vulnerabilities and has 10 security fixes can now be installed.

Category: security (important)
Bug References: 1156395, 1171988, 1176447, 1176774, 1181147, 1191958, 1195065, 1195254, 1195798, 1202623, 1218148, 1219224, 1219633, 1222015, 1223011, 1223384, 1224671, 1224703, 1224749, 1224764, 1224765, 1224766, 1224865, 1225010, 1225047, 1225109, 1225161, 1225184, 1225203, 1225487, 1225518, 1225611, 1225732, 1225749, 1225840, 1225866, 1226226, 1226537, 1226552, 1226554, 1226557, 1226558, 1226562, 1226563, 1226575, 1226583, 1226585, 1226587, 1226595, 1226614, 1226619, 1226621, 1226624, 1226643, 1226644, 1226645, 1226647, 1226650, 1226669, 1226670, 1226672, 1226674, 1226679, 1226686, 1226691, 1226692, 1226698, 1226703, 1226708, 1226709, 1226711, 1226712, 1226713, 1226715, 1226716, 1226720, 1226721, 1226732, 1226758, 1226762, 1226786, 1226962
CVE References: CVE-2021-3896, CVE-2021-43389, CVE-2021-4439, CVE-2021-47247, CVE-2021-47311, CVE-2021-47328, CVE-2021-47368, CVE-2021-47372, CVE-2021-47379, CVE-2021-47571, CVE-2021-47576, CVE-2021-47583, CVE-2021-47589, CVE-2021-47595, CVE-2021-47596, CVE-2021-47600, CVE-2021-47602, CVE-2021-47609, CVE-2021-47611, CVE-2021-47612, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2022-0435, CVE-2022-22942, CVE-2022-2938, CVE-2022-48711, CVE-2022-48715, CVE-2022-48717, CVE-2022-48722, CVE-2022-48724, CVE-2022-48726, CVE-2022-48728, CVE-2022-48730, CVE-2022-48732, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48746, CVE-2022-48747, CVE-2022-48748, CVE-2022-48749, CVE-2022-48752, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48767, CVE-2022-48768, CVE-2022-48771, CVE-2023-24023, CVE-2023-52707, CVE-2023-52752, CVE-2023-52881, CVE-2024-26822, CVE-2024-26923, CVE-2024-35789, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35878, CVE-2024-35950, CVE-2024-36894, CVE-2024-36904, CVE-2024-36940, CVE-2024-36964, CVE-2024-38541, CVE-2024-38545, CVE-2024-38559, CVE-2024-38560
Maintenance Incident: [SUSE:Maintenance:34562](https://smelt.suse.de/incident/34562/)
Sources used:
openSUSE Leap 15.3 (src):
 kernel-obs-build-5.3.18-150300.59.167.1, kernel-livepatch-SLE15-SP3_Update_46-1-150300.7.3.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-source-5.3.18-150300.59.167.1, kernel-obs-qa-5.3.18-150300.59.167.1, kernel-syms-5.3.18-150300.59.167.1
SUSE Linux Enterprise Live Patching 15-SP3 (src):
 kernel-livepatch-SLE15-SP3_Update_46-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 kernel-source-5.3.18-150300.59.167.1, kernel-obs-build-5.3.18-150300.59.167.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-syms-5.3.18-150300.59.167.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 kernel-source-5.3.18-150300.59.167.1, kernel-obs-build-5.3.18-150300.59.167.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-syms-5.3.18-150300.59.167.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 kernel-source-5.3.18-150300.59.167.1, kernel-obs-build-5.3.18-150300.59.167.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-syms-5.3.18-150300.59.167.1
SUSE Enterprise Storage 7.1 (src):
 kernel-source-5.3.18-150300.59.167.1, kernel-obs-build-5.3.18-150300.59.167.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-syms-5.3.18-150300.59.167.1
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Maintenance Automation 2024-07-10 16:30:36 UTC

SUSE-SU-2024:2384-1: An update that solves 68 vulnerabilities and has 13 security fixes can now be installed.

Category: security (important)
Bug References: 1156395, 1171988, 1176447, 1176774, 1181147, 1191958, 1195065, 1195254, 1195798, 1202623, 1218148, 1219224, 1219633, 1222015, 1223011, 1224671, 1224703, 1224749, 1224764, 1224765, 1224766, 1224865, 1225010, 1225047, 1225109, 1225161, 1225184, 1225203, 1225487, 1225518, 1225611, 1225732, 1225749, 1225840, 1225866, 1226226, 1226537, 1226552, 1226554, 1226557, 1226558, 1226562, 1226563, 1226575, 1226583, 1226585, 1226587, 1226595, 1226614, 1226619, 1226621, 1226624, 1226643, 1226644, 1226645, 1226647, 1226650, 1226669, 1226670, 1226672, 1226674, 1226679, 1226686, 1226691, 1226692, 1226698, 1226703, 1226708, 1226709, 1226711, 1226712, 1226713, 1226715, 1226716, 1226720, 1226721, 1226732, 1226762, 1226785, 1226786, 1226962
CVE References: CVE-2021-43389, CVE-2021-4439, CVE-2021-47247, CVE-2021-47311, CVE-2021-47328, CVE-2021-47368, CVE-2021-47372, CVE-2021-47379, CVE-2021-47571, CVE-2021-47576, CVE-2021-47583, CVE-2021-47589, CVE-2021-47595, CVE-2021-47596, CVE-2021-47600, CVE-2021-47602, CVE-2021-47609, CVE-2021-47611, CVE-2021-47612, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2022-2938, CVE-2022-48711, CVE-2022-48715, CVE-2022-48717, CVE-2022-48722, CVE-2022-48724, CVE-2022-48726, CVE-2022-48728, CVE-2022-48730, CVE-2022-48732, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48746, CVE-2022-48747, CVE-2022-48748, CVE-2022-48749, CVE-2022-48752, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48767, CVE-2022-48768, CVE-2022-48771, CVE-2023-24023, CVE-2023-52707, CVE-2023-52752, CVE-2023-52881, CVE-2024-26822, CVE-2024-35789, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35878, CVE-2024-35950, CVE-2024-36894, CVE-2024-36904, CVE-2024-36940, CVE-2024-36964, CVE-2024-38541, CVE-2024-38545, CVE-2024-38559, CVE-2024-38560
Maintenance Incident: [SUSE:Maintenance:34695](https://smelt.suse.de/incident/34695/)
Sources used:
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-source-rt-5.3.18-150300.175.1
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-source-rt-5.3.18-150300.175.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-source-rt-5.3.18-150300.175.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.