Bug 1226644 (CVE-2021-47618)

Summary: VUL-0: CVE-2021-47618: kernel: ARM: 9170/1: fix panic when kasan and kprobe are enabled
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: andrea.mattiazzo, gabriel.bertazi, ivan.ivanov, mbenes
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/411541/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-47618:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-06-20 15:17:21 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ARM: 9170/1: fix panic when kasan and kprobe are enabled

arm32 uses software to simulate the instruction replaced
by kprobe. some instructions may be simulated by constructing
assembly functions. therefore, before executing instruction
simulation, it is necessary to construct assembly function
execution environment in C language through binding registers.
after kasan is enabled, the register binding relationship will
be destroyed, resulting in instruction simulation errors and
causing kernel panic.

the kprobe emulate instruction function is distributed in three
files: actions-common.c actions-arm.c actions-thumb.c, so disable
KASAN when compiling these files.

for example, use kprobe insert on cap_capable+20 after kasan
enabled, the cap_capable assembly code is as follows:
<cap_capable>:
e92d47f0	push	{r4, r5, r6, r7, r8, r9, sl, lr}
e1a05000	mov	r5, r0
e280006c	add	r0, r0, #108    ; 0x6c
e1a04001	mov	r4, r1
e1a06002	mov	r6, r2
e59fa090	ldr	sl, [pc, #144]  ;
ebfc7bf8	bl	c03aa4b4 <__asan_load4>
e595706c	ldr	r7, [r5, #108]  ; 0x6c
e2859014	add	r9, r5, #20
......
The emulate_ldr assembly code after enabling kasan is as follows:
c06f1384 <emulate_ldr>:
e92d47f0	push	{r4, r5, r6, r7, r8, r9, sl, lr}
e282803c	add	r8, r2, #60     ; 0x3c
e1a05000	mov	r5, r0
e7e37855	ubfx	r7, r5, #16, #4
e1a00008	mov	r0, r8
e1a09001	mov	r9, r1
e1a04002	mov	r4, r2
ebf35462	bl	c03c6530 <__asan_load4>
e357000f	cmp	r7, #15
e7e36655	ubfx	r6, r5, #12, #4
e205a00f	and	sl, r5, #15
0a000001	beq	c06f13bc <emulate_ldr+0x38>
e0840107	add	r0, r4, r7, lsl #2
ebf3545c	bl	c03c6530 <__asan_load4>
e084010a	add	r0, r4, sl, lsl #2
ebf3545a	bl	c03c6530 <__asan_load4>
e2890010	add	r0, r9, #16
ebf35458	bl	c03c6530 <__asan_load4>
e5990010	ldr	r0, [r9, #16]
e12fff30	blx	r0
e356000f	cm	r6, #15
1a000014	bne	c06f1430 <emulate_ldr+0xac>
e1a06000	mov	r6, r0
e2840040	add	r0, r4, #64     ; 0x40
......

when running in emulate_ldr to simulate the ldr instruction, panic
occurred, and the log is as follows:
Unable to handle kernel NULL pointer dereference at virtual address
00000090
pgd = ecb46400
[00000090] *pgd=2e0fa003, *pmd=00000000
Internal error: Oops: 206 [#1] SMP ARM
PC is at cap_capable+0x14/0xb0
LR is at emulate_ldr+0x50/0xc0
psr: 600d0293 sp : ecd63af8  ip : 00000004  fp : c0a7c30c
r10: 00000000  r9 : c30897f4  r8 : ecd63cd4
r7 : 0000000f  r6 : 0000000a  r5 : e59fa090  r4 : ecd63c98
r3 : c06ae294  r2 : 00000000  r1 : b7611300  r0 : bf4ec008
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 32c5387d  Table: 2d546400  DAC: 55555555
Process bash (pid: 1643, stack limit = 0xecd60190)
(cap_capable) from (kprobe_handler+0x218/0x340)
(kprobe_handler) from (kprobe_trap_handler+0x24/0x48)
(kprobe_trap_handler) from (do_undefinstr+0x13c/0x364)
(do_undefinstr) from (__und_svc_finish+0x0/0x30)
(__und_svc_finish) from (cap_capable+0x18/0xb0)
(cap_capable) from (cap_vm_enough_memory+0x38/0x48)
(cap_vm_enough_memory) from
(security_vm_enough_memory_mm+0x48/0x6c)
(security_vm_enough_memory_mm) from
(copy_process.constprop.5+0x16b4/0x25c8)
(copy_process.constprop.5) from (_do_fork+0xe8/0x55c)
(_do_fork) from (SyS_clone+0x1c/0x24)
(SyS_clone) from (__sys_trace_return+0x0/0x10)
Code: 0050a0e1 6c0080e2 0140a0e1 0260a0e1 (f801f0e7)

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47618
https://www.cve.org/CVERecord?id=CVE-2021-47618
https://git.kernel.org/stable/c/1515e72aae803fc6b466adf918e71c4e4c9d5b3d
https://git.kernel.org/stable/c/8b59b0a53c840921b625378f137e88adfa87647e
https://git.kernel.org/stable/c/ba1863be105b06e10d0e2f6b1b8a0570801cfc71
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47618.mbox
Comment 3 Ivan Ivanov 2024-06-21 04:37:38 UTC 
KASAN is not enabled on our kernels.
Comment 4 Andrea Mattiazzo 2024-06-24 09:08:50 UTC 
Closing as INVALID since we are not affected, arm 32bit is not a supported arch.
Comment 5 Miroslav Beneš 2024-06-24 11:23:45 UTC 
Invalid because of comment 3, but please take into account that we build and provide armv7hl images for Leap which shares kernel sources with SLES so such CVEs should not be automatically closed.
Comment 14 Maintenance Automation 2024-07-09 16:31:02 UTC 
SUSE-SU-2024:2372-1: An update that solves 249 vulnerabilities, contains three features and has 45 security fixes can now be installed.

Category: security (important)
Bug References: 1156395, 1190336, 1191958, 1193883, 1194826, 1195065, 1195254, 1195341, 1195349, 1195775, 1196746, 1197915, 1198014, 1199295, 1202767, 1202780, 1205205, 1207361, 1217912, 1218148, 1218570, 1218820, 1219224, 1219633, 1219847, 1220368, 1220812, 1220958, 1221086, 1221282, 1221958, 1222015, 1222072, 1222080, 1222241, 1222254, 1222364, 1222893, 1223013, 1223018, 1223265, 1223384, 1223641, 1224020, 1224331, 1224488, 1224497, 1224498, 1224504, 1224520, 1224539, 1224540, 1224552, 1224583, 1224588, 1224602, 1224603, 1224605, 1224612, 1224614, 1224619, 1224661, 1224662, 1224670, 1224671, 1224674, 1224677, 1224679, 1224696, 1224703, 1224712, 1224716, 1224719, 1224735, 1224749, 1224764, 1224765, 1224766, 1224935, 1224946, 1224951, 1225050, 1225098, 1225105, 1225300, 1225389, 1225391, 1225419, 1225426, 1225448, 1225452, 1225467, 1225475, 1225484, 1225487, 1225514, 1225518, 1225535, 1225585, 1225602, 1225611, 1225681, 1225692, 1225698, 1225699, 1225704, 1225714, 1225726, 1225732, 1225737, 1225749, 1225758, 1225759, 1225760, 1225767, 1225770, 1225823, 1225834, 1225840, 1225866, 1225872, 1225894, 1225945, 1226022, 1226131, 1226145, 1226149, 1226155, 1226211, 1226212, 1226226, 1226514, 1226520, 1226537, 1226538, 1226539, 1226550, 1226552, 1226553, 1226554, 1226556, 1226557, 1226558, 1226559, 1226561, 1226562, 1226563, 1226564, 1226566, 1226567, 1226569, 1226572, 1226575, 1226576, 1226577, 1226579, 1226580, 1226581, 1226582, 1226583, 1226585, 1226587, 1226588, 1226593, 1226595, 1226597, 1226601, 1226602, 1226603, 1226607, 1226610, 1226614, 1226616, 1226617, 1226618, 1226619, 1226621, 1226622, 1226624, 1226626, 1226628, 1226629, 1226632, 1226633, 1226634, 1226637, 1226643, 1226644, 1226645, 1226647, 1226650, 1226653, 1226657, 1226658, 1226669, 1226670, 1226672, 1226673, 1226674, 1226675, 1226678, 1226679, 1226683, 1226685, 1226686, 1226690, 1226691, 1226692, 1226693, 1226696, 1226697, 1226698, 1226699, 1226701, 1226702, 1226703, 1226704, 1226705, 1226706, 1226708, 1226709, 1226710, 1226711, 1226712, 1226713, 1226715, 1226716, 1226718, 1226719, 1226720, 1226721, 1226730, 1226732, 1226734, 1226735, 1226737, 1226738, 1226739, 1226740, 1226744, 1226746, 1226747, 1226749, 1226754, 1226762, 1226764, 1226767, 1226768, 1226769, 1226771, 1226774, 1226777, 1226780, 1226781, 1226785, 1226786, 1226789, 1226791, 1226839, 1226840, 1226841, 1226842, 1226848, 1226852, 1226857, 1226861, 1226863, 1226864, 1226867, 1226868, 1226876, 1226878, 1226883, 1226886, 1226890, 1226891, 1226895, 1226908, 1226915, 1226928, 1226948, 1226949, 1226950, 1226953, 1226962, 1226976, 1226992, 1226994, 1226996, 1227066, 1227096, 1227101, 1227103, 1227274
CVE References: CVE-2021-4439, CVE-2021-47089, CVE-2021-47432, CVE-2021-47515, CVE-2021-47534, CVE-2021-47538, CVE-2021-47539, CVE-2021-47555, CVE-2021-47566, CVE-2021-47571, CVE-2021-47572, CVE-2021-47576, CVE-2021-47577, CVE-2021-47578, CVE-2021-47580, CVE-2021-47582, CVE-2021-47583, CVE-2021-47584, CVE-2021-47585, CVE-2021-47586, CVE-2021-47587, CVE-2021-47589, CVE-2021-47592, CVE-2021-47595, CVE-2021-47596, CVE-2021-47597, CVE-2021-47600, CVE-2021-47601, CVE-2021-47602, CVE-2021-47603, CVE-2021-47604, CVE-2021-47605, CVE-2021-47607, CVE-2021-47608, CVE-2021-47609, CVE-2021-47610, CVE-2021-47611, CVE-2021-47612, CVE-2021-47614, CVE-2021-47615, CVE-2021-47616, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2022-48711, CVE-2022-48712, CVE-2022-48713, CVE-2022-48714, CVE-2022-48715, CVE-2022-48716, CVE-2022-48717, CVE-2022-48718, CVE-2022-48720, CVE-2022-48721, CVE-2022-48722, CVE-2022-48723, CVE-2022-48724, CVE-2022-48725, CVE-2022-48726, CVE-2022-48727, CVE-2022-48728, CVE-2022-48729, CVE-2022-48730, CVE-2022-48732, CVE-2022-48733, CVE-2022-48734, CVE-2022-48735, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48739, CVE-2022-48740, CVE-2022-48743, CVE-2022-48744, CVE-2022-48745, CVE-2022-48746, CVE-2022-48747, CVE-2022-48748, CVE-2022-48749, CVE-2022-48751, CVE-2022-48752, CVE-2022-48753, CVE-2022-48754, CVE-2022-48755, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48763, CVE-2022-48765, CVE-2022-48766, CVE-2022-48767, CVE-2022-48768, CVE-2022-48769, CVE-2022-48770, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-52622, CVE-2023-52658, CVE-2023-52667, CVE-2023-52670, CVE-2023-52672, CVE-2023-52675, CVE-2023-52735, CVE-2023-52737, CVE-2023-52752, CVE-2023-52766, CVE-2023-52784, CVE-2023-52787, CVE-2023-52800, CVE-2023-52835, CVE-2023-52837, CVE-2023-52843, CVE-2023-52845, CVE-2023-52846, CVE-2023-52869, CVE-2023-52881, CVE-2023-52882, CVE-2023-52884, CVE-2024-26625, CVE-2024-26644, CVE-2024-26720, CVE-2024-26842, CVE-2024-26845, CVE-2024-26923, CVE-2024-26973, CVE-2024-27432, CVE-2024-33619, CVE-2024-35247, CVE-2024-35789, CVE-2024-35790, CVE-2024-35807, CVE-2024-35814, CVE-2024-35835, CVE-2024-35848, CVE-2024-35857, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35869, CVE-2024-35878, CVE-2024-35884, CVE-2024-35886, CVE-2024-35896, CVE-2024-35898, CVE-2024-35900, CVE-2024-35905, CVE-2024-35925, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35997, CVE-2024-36005, CVE-2024-36008, CVE-2024-36017, CVE-2024-36020, CVE-2024-36021, CVE-2024-36025, CVE-2024-36477, CVE-2024-36478, CVE-2024-36479, CVE-2024-36890, CVE-2024-36894, CVE-2024-36899, CVE-2024-36900, CVE-2024-36904, CVE-2024-36915, CVE-2024-36916, CVE-2024-36917, CVE-2024-36919, CVE-2024-36934, CVE-2024-36937, CVE-2024-36940, CVE-2024-36945, CVE-2024-36949, CVE-2024-36960, CVE-2024-36964, CVE-2024-36965, CVE-2024-36967, CVE-2024-36969, CVE-2024-36971, CVE-2024-36975, CVE-2024-36978, CVE-2024-37021, CVE-2024-37078, CVE-2024-37354, CVE-2024-38381, CVE-2024-38388, CVE-2024-38390, CVE-2024-38540, CVE-2024-38541, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548, CVE-2024-38549, CVE-2024-38550, CVE-2024-38552, CVE-2024-38553, CVE-2024-38555, CVE-2024-38556, CVE-2024-38557, CVE-2024-38559, CVE-2024-38560, CVE-2024-38564, CVE-2024-38565, CVE-2024-38567, CVE-2024-38568, CVE-2024-38571, CVE-2024-38573, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38581, CVE-2024-38582, CVE-2024-38583, CVE-2024-38587, CVE-2024-38590, CVE-2024-38591, CVE-2024-38594, CVE-2024-38597, CVE-2024-38599, CVE-2024-38600, CVE-2024-38601, CVE-2024-38603, CVE-2024-38605, CVE-2024-38608, CVE-2024-38616, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38630, CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39468, CVE-2024-39469, CVE-2024-39471
Jira References: PED-8491, PED-8570, PED-8690
Maintenance Incident: [SUSE:Maintenance:34676](https://smelt.suse.de/incident/34676/)
Sources used:
Public Cloud Module 15-SP5 (src):
 kernel-source-azure-5.14.21-150500.33.60.1, kernel-syms-azure-5.14.21-150500.33.60.1
openSUSE Leap 15.5 (src):
 kernel-source-azure-5.14.21-150500.33.60.1, kernel-syms-azure-5.14.21-150500.33.60.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Maintenance Automation 2024-07-09 16:32:17 UTC 
SUSE-SU-2024:2362-1: An update that solves 72 vulnerabilities and has 10 security fixes can now be installed.

Category: security (important)
Bug References: 1156395, 1171988, 1176447, 1176774, 1181147, 1191958, 1195065, 1195254, 1195798, 1202623, 1218148, 1219224, 1219633, 1222015, 1223011, 1223384, 1224671, 1224703, 1224749, 1224764, 1224765, 1224766, 1224865, 1225010, 1225047, 1225109, 1225161, 1225184, 1225203, 1225487, 1225518, 1225611, 1225732, 1225749, 1225840, 1225866, 1226226, 1226537, 1226552, 1226554, 1226557, 1226558, 1226562, 1226563, 1226575, 1226583, 1226585, 1226587, 1226595, 1226614, 1226619, 1226621, 1226624, 1226643, 1226644, 1226645, 1226647, 1226650, 1226669, 1226670, 1226672, 1226674, 1226679, 1226686, 1226691, 1226692, 1226698, 1226703, 1226708, 1226709, 1226711, 1226712, 1226713, 1226715, 1226716, 1226720, 1226721, 1226732, 1226758, 1226762, 1226786, 1226962
CVE References: CVE-2021-3896, CVE-2021-43389, CVE-2021-4439, CVE-2021-47247, CVE-2021-47311, CVE-2021-47328, CVE-2021-47368, CVE-2021-47372, CVE-2021-47379, CVE-2021-47571, CVE-2021-47576, CVE-2021-47583, CVE-2021-47589, CVE-2021-47595, CVE-2021-47596, CVE-2021-47600, CVE-2021-47602, CVE-2021-47609, CVE-2021-47611, CVE-2021-47612, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2022-0435, CVE-2022-22942, CVE-2022-2938, CVE-2022-48711, CVE-2022-48715, CVE-2022-48717, CVE-2022-48722, CVE-2022-48724, CVE-2022-48726, CVE-2022-48728, CVE-2022-48730, CVE-2022-48732, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48746, CVE-2022-48747, CVE-2022-48748, CVE-2022-48749, CVE-2022-48752, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48767, CVE-2022-48768, CVE-2022-48771, CVE-2023-24023, CVE-2023-52707, CVE-2023-52752, CVE-2023-52881, CVE-2024-26822, CVE-2024-26923, CVE-2024-35789, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35878, CVE-2024-35950, CVE-2024-36894, CVE-2024-36904, CVE-2024-36940, CVE-2024-36964, CVE-2024-38541, CVE-2024-38545, CVE-2024-38559, CVE-2024-38560
Maintenance Incident: [SUSE:Maintenance:34562](https://smelt.suse.de/incident/34562/)
Sources used:
openSUSE Leap 15.3 (src):
 kernel-obs-build-5.3.18-150300.59.167.1, kernel-livepatch-SLE15-SP3_Update_46-1-150300.7.3.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-source-5.3.18-150300.59.167.1, kernel-obs-qa-5.3.18-150300.59.167.1, kernel-syms-5.3.18-150300.59.167.1
SUSE Linux Enterprise Live Patching 15-SP3 (src):
 kernel-livepatch-SLE15-SP3_Update_46-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 kernel-source-5.3.18-150300.59.167.1, kernel-obs-build-5.3.18-150300.59.167.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-syms-5.3.18-150300.59.167.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 kernel-source-5.3.18-150300.59.167.1, kernel-obs-build-5.3.18-150300.59.167.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-syms-5.3.18-150300.59.167.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 kernel-source-5.3.18-150300.59.167.1, kernel-obs-build-5.3.18-150300.59.167.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-syms-5.3.18-150300.59.167.1
SUSE Enterprise Storage 7.1 (src):
 kernel-source-5.3.18-150300.59.167.1, kernel-obs-build-5.3.18-150300.59.167.1, kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1, kernel-syms-5.3.18-150300.59.167.1
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-default-base-5.3.18-150300.59.167.1.150300.18.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Maintenance Automation 2024-07-10 16:30:40 UTC 
SUSE-SU-2024:2384-1: An update that solves 68 vulnerabilities and has 13 security fixes can now be installed.

Category: security (important)
Bug References: 1156395, 1171988, 1176447, 1176774, 1181147, 1191958, 1195065, 1195254, 1195798, 1202623, 1218148, 1219224, 1219633, 1222015, 1223011, 1224671, 1224703, 1224749, 1224764, 1224765, 1224766, 1224865, 1225010, 1225047, 1225109, 1225161, 1225184, 1225203, 1225487, 1225518, 1225611, 1225732, 1225749, 1225840, 1225866, 1226226, 1226537, 1226552, 1226554, 1226557, 1226558, 1226562, 1226563, 1226575, 1226583, 1226585, 1226587, 1226595, 1226614, 1226619, 1226621, 1226624, 1226643, 1226644, 1226645, 1226647, 1226650, 1226669, 1226670, 1226672, 1226674, 1226679, 1226686, 1226691, 1226692, 1226698, 1226703, 1226708, 1226709, 1226711, 1226712, 1226713, 1226715, 1226716, 1226720, 1226721, 1226732, 1226762, 1226785, 1226786, 1226962
CVE References: CVE-2021-43389, CVE-2021-4439, CVE-2021-47247, CVE-2021-47311, CVE-2021-47328, CVE-2021-47368, CVE-2021-47372, CVE-2021-47379, CVE-2021-47571, CVE-2021-47576, CVE-2021-47583, CVE-2021-47589, CVE-2021-47595, CVE-2021-47596, CVE-2021-47600, CVE-2021-47602, CVE-2021-47609, CVE-2021-47611, CVE-2021-47612, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2022-2938, CVE-2022-48711, CVE-2022-48715, CVE-2022-48717, CVE-2022-48722, CVE-2022-48724, CVE-2022-48726, CVE-2022-48728, CVE-2022-48730, CVE-2022-48732, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48746, CVE-2022-48747, CVE-2022-48748, CVE-2022-48749, CVE-2022-48752, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48767, CVE-2022-48768, CVE-2022-48771, CVE-2023-24023, CVE-2023-52707, CVE-2023-52752, CVE-2023-52881, CVE-2024-26822, CVE-2024-35789, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35878, CVE-2024-35950, CVE-2024-36894, CVE-2024-36904, CVE-2024-36940, CVE-2024-36964, CVE-2024-38541, CVE-2024-38545, CVE-2024-38559, CVE-2024-38560
Maintenance Incident: [SUSE:Maintenance:34695](https://smelt.suse.de/incident/34695/)
Sources used:
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-source-rt-5.3.18-150300.175.1
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-source-rt-5.3.18-150300.175.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-source-rt-5.3.18-150300.175.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Maintenance Automation 2024-07-10 20:30:35 UTC 
SUSE-SU-2024:2394-1: An update that solves 249 vulnerabilities, contains three features and has 44 security fixes can now be installed.

Category: security (important)
Bug References: 1156395, 1190336, 1191958, 1193883, 1194826, 1195065, 1195254, 1195341, 1195349, 1195775, 1196746, 1197915, 1198014, 1199295, 1202767, 1202780, 1205205, 1207361, 1217912, 1218148, 1218570, 1218820, 1219224, 1219633, 1219847, 1220368, 1220812, 1220958, 1221086, 1221282, 1221958, 1222015, 1222072, 1222080, 1222241, 1222254, 1222364, 1222893, 1223013, 1223018, 1223265, 1223384, 1223641, 1224020, 1224331, 1224488, 1224497, 1224498, 1224504, 1224520, 1224539, 1224540, 1224552, 1224583, 1224588, 1224602, 1224603, 1224605, 1224612, 1224614, 1224619, 1224661, 1224662, 1224670, 1224671, 1224674, 1224677, 1224679, 1224696, 1224703, 1224712, 1224716, 1224719, 1224735, 1224749, 1224764, 1224765, 1224766, 1224935, 1224946, 1224951, 1225050, 1225098, 1225105, 1225300, 1225389, 1225391, 1225419, 1225426, 1225448, 1225452, 1225467, 1225475, 1225484, 1225487, 1225514, 1225518, 1225535, 1225585, 1225602, 1225611, 1225681, 1225692, 1225698, 1225699, 1225704, 1225714, 1225726, 1225732, 1225737, 1225749, 1225758, 1225759, 1225760, 1225767, 1225770, 1225823, 1225834, 1225840, 1225866, 1225872, 1225894, 1226022, 1226131, 1226145, 1226149, 1226155, 1226211, 1226212, 1226226, 1226514, 1226520, 1226537, 1226538, 1226539, 1226550, 1226552, 1226553, 1226554, 1226556, 1226557, 1226558, 1226559, 1226561, 1226562, 1226563, 1226564, 1226566, 1226567, 1226569, 1226572, 1226575, 1226576, 1226577, 1226579, 1226580, 1226581, 1226582, 1226583, 1226585, 1226587, 1226588, 1226593, 1226595, 1226597, 1226601, 1226602, 1226603, 1226607, 1226610, 1226614, 1226616, 1226617, 1226618, 1226619, 1226621, 1226622, 1226624, 1226626, 1226628, 1226629, 1226632, 1226633, 1226634, 1226637, 1226643, 1226644, 1226645, 1226647, 1226650, 1226653, 1226657, 1226658, 1226669, 1226670, 1226672, 1226673, 1226674, 1226675, 1226678, 1226679, 1226683, 1226685, 1226686, 1226690, 1226691, 1226692, 1226693, 1226696, 1226697, 1226698, 1226699, 1226701, 1226702, 1226703, 1226704, 1226705, 1226706, 1226708, 1226709, 1226710, 1226711, 1226712, 1226713, 1226715, 1226716, 1226718, 1226719, 1226720, 1226721, 1226730, 1226732, 1226734, 1226735, 1226737, 1226738, 1226739, 1226740, 1226744, 1226746, 1226747, 1226749, 1226754, 1226762, 1226764, 1226767, 1226768, 1226769, 1226771, 1226774, 1226777, 1226780, 1226781, 1226785, 1226786, 1226789, 1226791, 1226839, 1226840, 1226841, 1226842, 1226848, 1226852, 1226857, 1226861, 1226863, 1226864, 1226867, 1226868, 1226876, 1226878, 1226883, 1226886, 1226890, 1226891, 1226895, 1226908, 1226915, 1226928, 1226948, 1226949, 1226950, 1226953, 1226962, 1226976, 1226992, 1226994, 1226996, 1227066, 1227096, 1227101, 1227103, 1227274
CVE References: CVE-2021-4439, CVE-2021-47089, CVE-2021-47432, CVE-2021-47515, CVE-2021-47534, CVE-2021-47538, CVE-2021-47539, CVE-2021-47555, CVE-2021-47566, CVE-2021-47571, CVE-2021-47572, CVE-2021-47576, CVE-2021-47577, CVE-2021-47578, CVE-2021-47580, CVE-2021-47582, CVE-2021-47583, CVE-2021-47584, CVE-2021-47585, CVE-2021-47586, CVE-2021-47587, CVE-2021-47589, CVE-2021-47592, CVE-2021-47595, CVE-2021-47596, CVE-2021-47597, CVE-2021-47600, CVE-2021-47601, CVE-2021-47602, CVE-2021-47603, CVE-2021-47604, CVE-2021-47605, CVE-2021-47607, CVE-2021-47608, CVE-2021-47609, CVE-2021-47610, CVE-2021-47611, CVE-2021-47612, CVE-2021-47614, CVE-2021-47615, CVE-2021-47616, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2022-48711, CVE-2022-48712, CVE-2022-48713, CVE-2022-48714, CVE-2022-48715, CVE-2022-48716, CVE-2022-48717, CVE-2022-48718, CVE-2022-48720, CVE-2022-48721, CVE-2022-48722, CVE-2022-48723, CVE-2022-48724, CVE-2022-48725, CVE-2022-48726, CVE-2022-48727, CVE-2022-48728, CVE-2022-48729, CVE-2022-48730, CVE-2022-48732, CVE-2022-48733, CVE-2022-48734, CVE-2022-48735, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48739, CVE-2022-48740, CVE-2022-48743, CVE-2022-48744, CVE-2022-48745, CVE-2022-48746, CVE-2022-48747, CVE-2022-48748, CVE-2022-48749, CVE-2022-48751, CVE-2022-48752, CVE-2022-48753, CVE-2022-48754, CVE-2022-48755, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48763, CVE-2022-48765, CVE-2022-48766, CVE-2022-48767, CVE-2022-48768, CVE-2022-48769, CVE-2022-48770, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-52622, CVE-2023-52658, CVE-2023-52667, CVE-2023-52670, CVE-2023-52672, CVE-2023-52675, CVE-2023-52735, CVE-2023-52737, CVE-2023-52752, CVE-2023-52766, CVE-2023-52784, CVE-2023-52787, CVE-2023-52800, CVE-2023-52835, CVE-2023-52837, CVE-2023-52843, CVE-2023-52845, CVE-2023-52846, CVE-2023-52869, CVE-2023-52881, CVE-2023-52882, CVE-2023-52884, CVE-2024-26625, CVE-2024-26644, CVE-2024-26720, CVE-2024-26842, CVE-2024-26845, CVE-2024-26923, CVE-2024-26973, CVE-2024-27432, CVE-2024-33619, CVE-2024-35247, CVE-2024-35789, CVE-2024-35790, CVE-2024-35807, CVE-2024-35814, CVE-2024-35835, CVE-2024-35848, CVE-2024-35857, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35869, CVE-2024-35878, CVE-2024-35884, CVE-2024-35886, CVE-2024-35896, CVE-2024-35898, CVE-2024-35900, CVE-2024-35905, CVE-2024-35925, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35997, CVE-2024-36005, CVE-2024-36008, CVE-2024-36017, CVE-2024-36020, CVE-2024-36021, CVE-2024-36025, CVE-2024-36477, CVE-2024-36478, CVE-2024-36479, CVE-2024-36890, CVE-2024-36894, CVE-2024-36899, CVE-2024-36900, CVE-2024-36904, CVE-2024-36915, CVE-2024-36916, CVE-2024-36917, CVE-2024-36919, CVE-2024-36934, CVE-2024-36937, CVE-2024-36940, CVE-2024-36945, CVE-2024-36949, CVE-2024-36960, CVE-2024-36964, CVE-2024-36965, CVE-2024-36967, CVE-2024-36969, CVE-2024-36971, CVE-2024-36975, CVE-2024-36978, CVE-2024-37021, CVE-2024-37078, CVE-2024-37354, CVE-2024-38381, CVE-2024-38388, CVE-2024-38390, CVE-2024-38540, CVE-2024-38541, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548, CVE-2024-38549, CVE-2024-38550, CVE-2024-38552, CVE-2024-38553, CVE-2024-38555, CVE-2024-38556, CVE-2024-38557, CVE-2024-38559, CVE-2024-38560, CVE-2024-38564, CVE-2024-38565, CVE-2024-38567, CVE-2024-38568, CVE-2024-38571, CVE-2024-38573, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38581, CVE-2024-38582, CVE-2024-38583, CVE-2024-38587, CVE-2024-38590, CVE-2024-38591, CVE-2024-38594, CVE-2024-38597, CVE-2024-38599, CVE-2024-38600, CVE-2024-38601, CVE-2024-38603, CVE-2024-38605, CVE-2024-38608, CVE-2024-38616, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38630, CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39468, CVE-2024-39469, CVE-2024-39471
Jira References: PED-8491, PED-8570, PED-8690
Maintenance Incident: [SUSE:Maintenance:34699](https://smelt.suse.de/incident/34699/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-livepatch-SLE15-SP5-RT_Update_17-1-150500.11.3.1, kernel-syms-rt-5.14.21-150500.13.61.1, kernel-source-rt-5.14.21-150500.13.61.1
SUSE Linux Enterprise Micro 5.5 (src):
 kernel-source-rt-5.14.21-150500.13.61.1
SUSE Linux Enterprise Live Patching 15-SP5 (src):
 kernel-livepatch-SLE15-SP5-RT_Update_17-1-150500.11.3.1
SUSE Real Time Module 15-SP5 (src):
 kernel-syms-rt-5.14.21-150500.13.61.1, kernel-source-rt-5.14.21-150500.13.61.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.