Bug 1226883 (CVE-2024-38659)

Summary: VUL-0: CVE-2024-38659: kernel: enic: validate length of nl attributes in enic_set_vf_port
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: camila.matos, mhocko
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/411775/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-38659:6.3:(AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-06-24 11:18:59 UTC 
In the Linux kernel, the following vulnerability has been resolved:

enic: Validate length of nl attributes in enic_set_vf_port

enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE
is of length PORT_PROFILE_MAX and that the nl attributes
IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX.
These attributes are validated (in the function do_setlink in rtnetlink.c)
using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE
as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and
IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation
using the policy is for the max size of the attributes and not on exact
size so the length of these attributes might be less than the sizes that
enic_set_vf_port expects. This might cause an out of bands
read access in the memcpys of the data of these
attributes in enic_set_vf_port.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-38659
https://www.cve.org/CVERecord?id=CVE-2024-38659
https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7
https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600
https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227
https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5
https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31
https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d
https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449
https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-38659.mbox
https://bugzilla.redhat.com/show_bug.cgi?id=2293655
Comment 13 Thomas Bogendoerfer 2024-07-09 10:39:15 UTC 
Backported fix to SLE12-SP3-TD, SLE12-SP5, SLE15-SP5 and SLE15-SP6
Comment 14 Maintenance Automation 2024-07-09 16:31:17 UTC 
SUSE-SU-2024:2372-1: An update that solves 249 vulnerabilities, contains three features and has 45 security fixes can now be installed.

Category: security (important)
Bug References: 1156395, 1190336, 1191958, 1193883, 1194826, 1195065, 1195254, 1195341, 1195349, 1195775, 1196746, 1197915, 1198014, 1199295, 1202767, 1202780, 1205205, 1207361, 1217912, 1218148, 1218570, 1218820, 1219224, 1219633, 1219847, 1220368, 1220812, 1220958, 1221086, 1221282, 1221958, 1222015, 1222072, 1222080, 1222241, 1222254, 1222364, 1222893, 1223013, 1223018, 1223265, 1223384, 1223641, 1224020, 1224331, 1224488, 1224497, 1224498, 1224504, 1224520, 1224539, 1224540, 1224552, 1224583, 1224588, 1224602, 1224603, 1224605, 1224612, 1224614, 1224619, 1224661, 1224662, 1224670, 1224671, 1224674, 1224677, 1224679, 1224696, 1224703, 1224712, 1224716, 1224719, 1224735, 1224749, 1224764, 1224765, 1224766, 1224935, 1224946, 1224951, 1225050, 1225098, 1225105, 1225300, 1225389, 1225391, 1225419, 1225426, 1225448, 1225452, 1225467, 1225475, 1225484, 1225487, 1225514, 1225518, 1225535, 1225585, 1225602, 1225611, 1225681, 1225692, 1225698, 1225699, 1225704, 1225714, 1225726, 1225732, 1225737, 1225749, 1225758, 1225759, 1225760, 1225767, 1225770, 1225823, 1225834, 1225840, 1225866, 1225872, 1225894, 1225945, 1226022, 1226131, 1226145, 1226149, 1226155, 1226211, 1226212, 1226226, 1226514, 1226520, 1226537, 1226538, 1226539, 1226550, 1226552, 1226553, 1226554, 1226556, 1226557, 1226558, 1226559, 1226561, 1226562, 1226563, 1226564, 1226566, 1226567, 1226569, 1226572, 1226575, 1226576, 1226577, 1226579, 1226580, 1226581, 1226582, 1226583, 1226585, 1226587, 1226588, 1226593, 1226595, 1226597, 1226601, 1226602, 1226603, 1226607, 1226610, 1226614, 1226616, 1226617, 1226618, 1226619, 1226621, 1226622, 1226624, 1226626, 1226628, 1226629, 1226632, 1226633, 1226634, 1226637, 1226643, 1226644, 1226645, 1226647, 1226650, 1226653, 1226657, 1226658, 1226669, 1226670, 1226672, 1226673, 1226674, 1226675, 1226678, 1226679, 1226683, 1226685, 1226686, 1226690, 1226691, 1226692, 1226693, 1226696, 1226697, 1226698, 1226699, 1226701, 1226702, 1226703, 1226704, 1226705, 1226706, 1226708, 1226709, 1226710, 1226711, 1226712, 1226713, 1226715, 1226716, 1226718, 1226719, 1226720, 1226721, 1226730, 1226732, 1226734, 1226735, 1226737, 1226738, 1226739, 1226740, 1226744, 1226746, 1226747, 1226749, 1226754, 1226762, 1226764, 1226767, 1226768, 1226769, 1226771, 1226774, 1226777, 1226780, 1226781, 1226785, 1226786, 1226789, 1226791, 1226839, 1226840, 1226841, 1226842, 1226848, 1226852, 1226857, 1226861, 1226863, 1226864, 1226867, 1226868, 1226876, 1226878, 1226883, 1226886, 1226890, 1226891, 1226895, 1226908, 1226915, 1226928, 1226948, 1226949, 1226950, 1226953, 1226962, 1226976, 1226992, 1226994, 1226996, 1227066, 1227096, 1227101, 1227103, 1227274
CVE References: CVE-2021-4439, CVE-2021-47089, CVE-2021-47432, CVE-2021-47515, CVE-2021-47534, CVE-2021-47538, CVE-2021-47539, CVE-2021-47555, CVE-2021-47566, CVE-2021-47571, CVE-2021-47572, CVE-2021-47576, CVE-2021-47577, CVE-2021-47578, CVE-2021-47580, CVE-2021-47582, CVE-2021-47583, CVE-2021-47584, CVE-2021-47585, CVE-2021-47586, CVE-2021-47587, CVE-2021-47589, CVE-2021-47592, CVE-2021-47595, CVE-2021-47596, CVE-2021-47597, CVE-2021-47600, CVE-2021-47601, CVE-2021-47602, CVE-2021-47603, CVE-2021-47604, CVE-2021-47605, CVE-2021-47607, CVE-2021-47608, CVE-2021-47609, CVE-2021-47610, CVE-2021-47611, CVE-2021-47612, CVE-2021-47614, CVE-2021-47615, CVE-2021-47616, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2022-48711, CVE-2022-48712, CVE-2022-48713, CVE-2022-48714, CVE-2022-48715, CVE-2022-48716, CVE-2022-48717, CVE-2022-48718, CVE-2022-48720, CVE-2022-48721, CVE-2022-48722, CVE-2022-48723, CVE-2022-48724, CVE-2022-48725, CVE-2022-48726, CVE-2022-48727, CVE-2022-48728, CVE-2022-48729, CVE-2022-48730, CVE-2022-48732, CVE-2022-48733, CVE-2022-48734, CVE-2022-48735, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48739, CVE-2022-48740, CVE-2022-48743, CVE-2022-48744, CVE-2022-48745, CVE-2022-48746, CVE-2022-48747, CVE-2022-48748, CVE-2022-48749, CVE-2022-48751, CVE-2022-48752, CVE-2022-48753, CVE-2022-48754, CVE-2022-48755, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48763, CVE-2022-48765, CVE-2022-48766, CVE-2022-48767, CVE-2022-48768, CVE-2022-48769, CVE-2022-48770, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-52622, CVE-2023-52658, CVE-2023-52667, CVE-2023-52670, CVE-2023-52672, CVE-2023-52675, CVE-2023-52735, CVE-2023-52737, CVE-2023-52752, CVE-2023-52766, CVE-2023-52784, CVE-2023-52787, CVE-2023-52800, CVE-2023-52835, CVE-2023-52837, CVE-2023-52843, CVE-2023-52845, CVE-2023-52846, CVE-2023-52869, CVE-2023-52881, CVE-2023-52882, CVE-2023-52884, CVE-2024-26625, CVE-2024-26644, CVE-2024-26720, CVE-2024-26842, CVE-2024-26845, CVE-2024-26923, CVE-2024-26973, CVE-2024-27432, CVE-2024-33619, CVE-2024-35247, CVE-2024-35789, CVE-2024-35790, CVE-2024-35807, CVE-2024-35814, CVE-2024-35835, CVE-2024-35848, CVE-2024-35857, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35869, CVE-2024-35878, CVE-2024-35884, CVE-2024-35886, CVE-2024-35896, CVE-2024-35898, CVE-2024-35900, CVE-2024-35905, CVE-2024-35925, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35997, CVE-2024-36005, CVE-2024-36008, CVE-2024-36017, CVE-2024-36020, CVE-2024-36021, CVE-2024-36025, CVE-2024-36477, CVE-2024-36478, CVE-2024-36479, CVE-2024-36890, CVE-2024-36894, CVE-2024-36899, CVE-2024-36900, CVE-2024-36904, CVE-2024-36915, CVE-2024-36916, CVE-2024-36917, CVE-2024-36919, CVE-2024-36934, CVE-2024-36937, CVE-2024-36940, CVE-2024-36945, CVE-2024-36949, CVE-2024-36960, CVE-2024-36964, CVE-2024-36965, CVE-2024-36967, CVE-2024-36969, CVE-2024-36971, CVE-2024-36975, CVE-2024-36978, CVE-2024-37021, CVE-2024-37078, CVE-2024-37354, CVE-2024-38381, CVE-2024-38388, CVE-2024-38390, CVE-2024-38540, CVE-2024-38541, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548, CVE-2024-38549, CVE-2024-38550, CVE-2024-38552, CVE-2024-38553, CVE-2024-38555, CVE-2024-38556, CVE-2024-38557, CVE-2024-38559, CVE-2024-38560, CVE-2024-38564, CVE-2024-38565, CVE-2024-38567, CVE-2024-38568, CVE-2024-38571, CVE-2024-38573, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38581, CVE-2024-38582, CVE-2024-38583, CVE-2024-38587, CVE-2024-38590, CVE-2024-38591, CVE-2024-38594, CVE-2024-38597, CVE-2024-38599, CVE-2024-38600, CVE-2024-38601, CVE-2024-38603, CVE-2024-38605, CVE-2024-38608, CVE-2024-38616, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38630, CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39468, CVE-2024-39469, CVE-2024-39471
Jira References: PED-8491, PED-8570, PED-8690
Maintenance Incident: [SUSE:Maintenance:34676](https://smelt.suse.de/incident/34676/)
Sources used:
Public Cloud Module 15-SP5 (src):
 kernel-source-azure-5.14.21-150500.33.60.1, kernel-syms-azure-5.14.21-150500.33.60.1
openSUSE Leap 15.5 (src):
 kernel-source-azure-5.14.21-150500.33.60.1, kernel-syms-azure-5.14.21-150500.33.60.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Maintenance Automation 2024-07-09 16:32:59 UTC 
SUSE-SU-2024:2360-1: An update that solves 148 vulnerabilities and has 15 security fixes can now be installed.

Category: security (important)
Bug References: 1119113, 1171988, 1191958, 1195065, 1195254, 1195775, 1204514, 1216062, 1217912, 1218148, 1219224, 1221010, 1221647, 1221654, 1221791, 1221958, 1222015, 1222080, 1222364, 1222385, 1222435, 1222809, 1222866, 1222879, 1222893, 1223013, 1223018, 1223021, 1223043, 1223384, 1223532, 1223641, 1224177, 1224432, 1224504, 1224549, 1224552, 1224572, 1224575, 1224583, 1224588, 1224605, 1224651, 1224660, 1224661, 1224662, 1224664, 1224668, 1224670, 1224672, 1224674, 1224677, 1224678, 1224703, 1224735, 1224739, 1224763, 1224764, 1224765, 1224946, 1224951, 1224967, 1224976, 1224977, 1224978, 1224993, 1224997, 1225047, 1225140, 1225184, 1225203, 1225232, 1225261, 1225306, 1225337, 1225372, 1225463, 1225484, 1225487, 1225490, 1225514, 1225518, 1225548, 1225555, 1225556, 1225559, 1225571, 1225573, 1225577, 1225583, 1225585, 1225599, 1225602, 1225611, 1225642, 1225681, 1225704, 1225722, 1225749, 1225758, 1225760, 1225761, 1225767, 1225770, 1225815, 1225840, 1225848, 1225866, 1225872, 1225894, 1225895, 1225898, 1226211, 1226212, 1226537, 1226554, 1226557, 1226562, 1226567, 1226575, 1226577, 1226593, 1226595, 1226597, 1226610, 1226614, 1226619, 1226621, 1226634, 1226637, 1226670, 1226672, 1226692, 1226698, 1226699, 1226701, 1226705, 1226708, 1226711, 1226712, 1226716, 1226718, 1226732, 1226735, 1226744, 1226746, 1226747, 1226749, 1226754, 1226767, 1226769, 1226857, 1226876, 1226883, 1226886, 1226895, 1226948, 1226949, 1226950, 1226962, 1226976, 1226996, 1227101
CVE References: CVE-2020-10135, CVE-2021-43389, CVE-2021-4439, CVE-2021-47103, CVE-2021-47191, CVE-2021-47193, CVE-2021-47267, CVE-2021-47270, CVE-2021-47293, CVE-2021-47294, CVE-2021-47297, CVE-2021-47309, CVE-2021-47328, CVE-2021-47354, CVE-2021-47372, CVE-2021-47379, CVE-2021-47407, CVE-2021-47418, CVE-2021-47434, CVE-2021-47445, CVE-2021-47518, CVE-2021-47544, CVE-2021-47566, CVE-2021-47571, CVE-2021-47576, CVE-2021-47587, CVE-2021-47589, CVE-2021-47600, CVE-2021-47602, CVE-2021-47603, CVE-2021-47609, CVE-2021-47617, CVE-2022-0435, CVE-2022-22942, CVE-2022-48711, CVE-2022-48715, CVE-2022-48722, CVE-2022-48732, CVE-2022-48733, CVE-2022-48740, CVE-2022-48743, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-52622, CVE-2023-52675, CVE-2023-52737, CVE-2023-52752, CVE-2023-52754, CVE-2023-52757, CVE-2023-52762, CVE-2023-52764, CVE-2023-52784, CVE-2023-52808, CVE-2023-52809, CVE-2023-5281, CVE-2023-52832, CVE-2023-52834, CVE-2023-52835, CVE-2023-52843, CVE-2023-52845, CVE-2023-52855, CVE-2023-52881, CVE-2024-26633, CVE-2024-26641, CVE-2024-26679, CVE-2024-26687, CVE-2024-26720, CVE-2024-26813, CVE-2024-26845, CVE-2024-26863, CVE-2024-26894, CVE-2024-26923, CVE-2024-26928, CVE-2024-26973, CVE-2024-27399, CVE-2024-27410, CVE-2024-35247, CVE-2024-35807, CVE-2024-35822, CVE-2024-35835, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35867, CVE-2024-35868, CVE-2024-35870, CVE-2024-35886, CVE-2024-35896, CVE-2024-35922, CVE-2024-35925, CVE-2024-35930, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35976, CVE-2024-35979, CVE-2024-35997, CVE-2024-35998, CVE-2024-36016, CVE-2024-36017, CVE-2024-36025, CVE-2024-36479, CVE-2024-36592, CVE-2024-36880, CVE-2024-36894, CVE-2024-36915, CVE-2024-36917, CVE-2024-36919, CVE-2024-36923, CVE-2024-36934, CVE-2024-36938, CVE-2024-36940, CVE-2024-36949, CVE-2024-36950, CVE-2024-36960, CVE-2024-36964, CVE-2024-37021, CVE-2024-37354, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38549, CVE-2024-38552, CVE-2024-38553, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38597, CVE-2024-38601, CVE-2024-38608, CVE-2024-38618, CVE-2024-38621, CVE-2024-38627, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780
Maintenance Incident: [SUSE:Maintenance:34677](https://smelt.suse.de/incident/34677/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.191.1, kernel-source-azure-4.12.14-16.191.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.191.1, kernel-source-azure-4.12.14-16.191.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.191.1, kernel-source-azure-4.12.14-16.191.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Maintenance Automation 2024-07-10 08:30:28 UTC 
SUSE-SU-2024:2381-1: An update that solves 143 vulnerabilities and has 18 security fixes can now be installed.

Category: security (important)
Bug References: 1119113, 1191958, 1195065, 1195254, 1195775, 1204514, 1216062, 1217912, 1218148, 1219224, 1221010, 1221647, 1221654, 1221791, 1221958, 1222015, 1222080, 1222364, 1222385, 1222435, 1222809, 1222866, 1222879, 1222893, 1223013, 1223018, 1223021, 1223043, 1223532, 1223641, 1224177, 1224432, 1224504, 1224549, 1224552, 1224572, 1224575, 1224583, 1224588, 1224605, 1224651, 1224660, 1224661, 1224662, 1224664, 1224668, 1224670, 1224672, 1224674, 1224677, 1224678, 1224703, 1224735, 1224739, 1224763, 1224764, 1224765, 1224946, 1224951, 1224967, 1224976, 1224977, 1224978, 1224993, 1224997, 1225047, 1225140, 1225184, 1225203, 1225232, 1225261, 1225306, 1225337, 1225372, 1225463, 1225484, 1225487, 1225490, 1225514, 1225518, 1225548, 1225555, 1225556, 1225559, 1225571, 1225573, 1225577, 1225583, 1225585, 1225599, 1225602, 1225611, 1225642, 1225681, 1225704, 1225722, 1225749, 1225758, 1225760, 1225761, 1225767, 1225770, 1225815, 1225840, 1225848, 1225866, 1225872, 1225894, 1225895, 1225898, 1226211, 1226212, 1226537, 1226554, 1226557, 1226562, 1226567, 1226575, 1226577, 1226593, 1226595, 1226597, 1226610, 1226614, 1226619, 1226621, 1226634, 1226637, 1226670, 1226672, 1226692, 1226698, 1226699, 1226701, 1226705, 1226708, 1226711, 1226712, 1226716, 1226718, 1226732, 1226735, 1226744, 1226746, 1226747, 1226749, 1226754, 1226767, 1226769, 1226857, 1226876, 1226883, 1226886, 1226895, 1226948, 1226949, 1226950, 1226962, 1226976, 1226996, 1227101
CVE References: CVE-2021-4439, CVE-2021-47103, CVE-2021-47191, CVE-2021-47193, CVE-2021-47267, CVE-2021-47270, CVE-2021-47293, CVE-2021-47294, CVE-2021-47297, CVE-2021-47309, CVE-2021-47328, CVE-2021-47354, CVE-2021-47372, CVE-2021-47379, CVE-2021-47407, CVE-2021-47418, CVE-2021-47434, CVE-2021-47445, CVE-2021-47518, CVE-2021-47544, CVE-2021-47566, CVE-2021-47571, CVE-2021-47576, CVE-2021-47587, CVE-2021-47589, CVE-2021-47600, CVE-2021-47602, CVE-2021-47603, CVE-2021-47609, CVE-2021-47617, CVE-2022-48711, CVE-2022-48715, CVE-2022-48722, CVE-2022-48732, CVE-2022-48733, CVE-2022-48740, CVE-2022-48743, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-52622, CVE-2023-52675, CVE-2023-52737, CVE-2023-52752, CVE-2023-52754, CVE-2023-52757, CVE-2023-52762, CVE-2023-52764, CVE-2023-52784, CVE-2023-52808, CVE-2023-52809, CVE-2023-5281, CVE-2023-52832, CVE-2023-52834, CVE-2023-52835, CVE-2023-52843, CVE-2023-52845, CVE-2023-52855, CVE-2023-52881, CVE-2024-26633, CVE-2024-26641, CVE-2024-26679, CVE-2024-26687, CVE-2024-26720, CVE-2024-26813, CVE-2024-26845, CVE-2024-26863, CVE-2024-26894, CVE-2024-26928, CVE-2024-26973, CVE-2024-27399, CVE-2024-27410, CVE-2024-35247, CVE-2024-35807, CVE-2024-35822, CVE-2024-35835, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35867, CVE-2024-35868, CVE-2024-35870, CVE-2024-35886, CVE-2024-35896, CVE-2024-35922, CVE-2024-35925, CVE-2024-35930, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35976, CVE-2024-35979, CVE-2024-35997, CVE-2024-35998, CVE-2024-36016, CVE-2024-36017, CVE-2024-36025, CVE-2024-36479, CVE-2024-36592, CVE-2024-36880, CVE-2024-36894, CVE-2024-36915, CVE-2024-36917, CVE-2024-36919, CVE-2024-36923, CVE-2024-36934, CVE-2024-36938, CVE-2024-36940, CVE-2024-36949, CVE-2024-36950, CVE-2024-36960, CVE-2024-36964, CVE-2024-37021, CVE-2024-37354, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38549, CVE-2024-38552, CVE-2024-38553, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38597, CVE-2024-38601, CVE-2024-38608, CVE-2024-38618, CVE-2024-38621, CVE-2024-38627, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780
Maintenance Incident: [SUSE:Maintenance:34690](https://smelt.suse.de/incident/34690/)
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src):
 kernel-source-rt-4.12.14-10.191.1, kernel-syms-rt-4.12.14-10.191.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Maintenance Automation 2024-07-10 20:30:48 UTC 
SUSE-SU-2024:2394-1: An update that solves 249 vulnerabilities, contains three features and has 44 security fixes can now be installed.

Category: security (important)
Bug References: 1156395, 1190336, 1191958, 1193883, 1194826, 1195065, 1195254, 1195341, 1195349, 1195775, 1196746, 1197915, 1198014, 1199295, 1202767, 1202780, 1205205, 1207361, 1217912, 1218148, 1218570, 1218820, 1219224, 1219633, 1219847, 1220368, 1220812, 1220958, 1221086, 1221282, 1221958, 1222015, 1222072, 1222080, 1222241, 1222254, 1222364, 1222893, 1223013, 1223018, 1223265, 1223384, 1223641, 1224020, 1224331, 1224488, 1224497, 1224498, 1224504, 1224520, 1224539, 1224540, 1224552, 1224583, 1224588, 1224602, 1224603, 1224605, 1224612, 1224614, 1224619, 1224661, 1224662, 1224670, 1224671, 1224674, 1224677, 1224679, 1224696, 1224703, 1224712, 1224716, 1224719, 1224735, 1224749, 1224764, 1224765, 1224766, 1224935, 1224946, 1224951, 1225050, 1225098, 1225105, 1225300, 1225389, 1225391, 1225419, 1225426, 1225448, 1225452, 1225467, 1225475, 1225484, 1225487, 1225514, 1225518, 1225535, 1225585, 1225602, 1225611, 1225681, 1225692, 1225698, 1225699, 1225704, 1225714, 1225726, 1225732, 1225737, 1225749, 1225758, 1225759, 1225760, 1225767, 1225770, 1225823, 1225834, 1225840, 1225866, 1225872, 1225894, 1226022, 1226131, 1226145, 1226149, 1226155, 1226211, 1226212, 1226226, 1226514, 1226520, 1226537, 1226538, 1226539, 1226550, 1226552, 1226553, 1226554, 1226556, 1226557, 1226558, 1226559, 1226561, 1226562, 1226563, 1226564, 1226566, 1226567, 1226569, 1226572, 1226575, 1226576, 1226577, 1226579, 1226580, 1226581, 1226582, 1226583, 1226585, 1226587, 1226588, 1226593, 1226595, 1226597, 1226601, 1226602, 1226603, 1226607, 1226610, 1226614, 1226616, 1226617, 1226618, 1226619, 1226621, 1226622, 1226624, 1226626, 1226628, 1226629, 1226632, 1226633, 1226634, 1226637, 1226643, 1226644, 1226645, 1226647, 1226650, 1226653, 1226657, 1226658, 1226669, 1226670, 1226672, 1226673, 1226674, 1226675, 1226678, 1226679, 1226683, 1226685, 1226686, 1226690, 1226691, 1226692, 1226693, 1226696, 1226697, 1226698, 1226699, 1226701, 1226702, 1226703, 1226704, 1226705, 1226706, 1226708, 1226709, 1226710, 1226711, 1226712, 1226713, 1226715, 1226716, 1226718, 1226719, 1226720, 1226721, 1226730, 1226732, 1226734, 1226735, 1226737, 1226738, 1226739, 1226740, 1226744, 1226746, 1226747, 1226749, 1226754, 1226762, 1226764, 1226767, 1226768, 1226769, 1226771, 1226774, 1226777, 1226780, 1226781, 1226785, 1226786, 1226789, 1226791, 1226839, 1226840, 1226841, 1226842, 1226848, 1226852, 1226857, 1226861, 1226863, 1226864, 1226867, 1226868, 1226876, 1226878, 1226883, 1226886, 1226890, 1226891, 1226895, 1226908, 1226915, 1226928, 1226948, 1226949, 1226950, 1226953, 1226962, 1226976, 1226992, 1226994, 1226996, 1227066, 1227096, 1227101, 1227103, 1227274
CVE References: CVE-2021-4439, CVE-2021-47089, CVE-2021-47432, CVE-2021-47515, CVE-2021-47534, CVE-2021-47538, CVE-2021-47539, CVE-2021-47555, CVE-2021-47566, CVE-2021-47571, CVE-2021-47572, CVE-2021-47576, CVE-2021-47577, CVE-2021-47578, CVE-2021-47580, CVE-2021-47582, CVE-2021-47583, CVE-2021-47584, CVE-2021-47585, CVE-2021-47586, CVE-2021-47587, CVE-2021-47589, CVE-2021-47592, CVE-2021-47595, CVE-2021-47596, CVE-2021-47597, CVE-2021-47600, CVE-2021-47601, CVE-2021-47602, CVE-2021-47603, CVE-2021-47604, CVE-2021-47605, CVE-2021-47607, CVE-2021-47608, CVE-2021-47609, CVE-2021-47610, CVE-2021-47611, CVE-2021-47612, CVE-2021-47614, CVE-2021-47615, CVE-2021-47616, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2022-48711, CVE-2022-48712, CVE-2022-48713, CVE-2022-48714, CVE-2022-48715, CVE-2022-48716, CVE-2022-48717, CVE-2022-48718, CVE-2022-48720, CVE-2022-48721, CVE-2022-48722, CVE-2022-48723, CVE-2022-48724, CVE-2022-48725, CVE-2022-48726, CVE-2022-48727, CVE-2022-48728, CVE-2022-48729, CVE-2022-48730, CVE-2022-48732, CVE-2022-48733, CVE-2022-48734, CVE-2022-48735, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48739, CVE-2022-48740, CVE-2022-48743, CVE-2022-48744, CVE-2022-48745, CVE-2022-48746, CVE-2022-48747, CVE-2022-48748, CVE-2022-48749, CVE-2022-48751, CVE-2022-48752, CVE-2022-48753, CVE-2022-48754, CVE-2022-48755, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48763, CVE-2022-48765, CVE-2022-48766, CVE-2022-48767, CVE-2022-48768, CVE-2022-48769, CVE-2022-48770, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-52622, CVE-2023-52658, CVE-2023-52667, CVE-2023-52670, CVE-2023-52672, CVE-2023-52675, CVE-2023-52735, CVE-2023-52737, CVE-2023-52752, CVE-2023-52766, CVE-2023-52784, CVE-2023-52787, CVE-2023-52800, CVE-2023-52835, CVE-2023-52837, CVE-2023-52843, CVE-2023-52845, CVE-2023-52846, CVE-2023-52869, CVE-2023-52881, CVE-2023-52882, CVE-2023-52884, CVE-2024-26625, CVE-2024-26644, CVE-2024-26720, CVE-2024-26842, CVE-2024-26845, CVE-2024-26923, CVE-2024-26973, CVE-2024-27432, CVE-2024-33619, CVE-2024-35247, CVE-2024-35789, CVE-2024-35790, CVE-2024-35807, CVE-2024-35814, CVE-2024-35835, CVE-2024-35848, CVE-2024-35857, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35869, CVE-2024-35878, CVE-2024-35884, CVE-2024-35886, CVE-2024-35896, CVE-2024-35898, CVE-2024-35900, CVE-2024-35905, CVE-2024-35925, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35997, CVE-2024-36005, CVE-2024-36008, CVE-2024-36017, CVE-2024-36020, CVE-2024-36021, CVE-2024-36025, CVE-2024-36477, CVE-2024-36478, CVE-2024-36479, CVE-2024-36890, CVE-2024-36894, CVE-2024-36899, CVE-2024-36900, CVE-2024-36904, CVE-2024-36915, CVE-2024-36916, CVE-2024-36917, CVE-2024-36919, CVE-2024-36934, CVE-2024-36937, CVE-2024-36940, CVE-2024-36945, CVE-2024-36949, CVE-2024-36960, CVE-2024-36964, CVE-2024-36965, CVE-2024-36967, CVE-2024-36969, CVE-2024-36971, CVE-2024-36975, CVE-2024-36978, CVE-2024-37021, CVE-2024-37078, CVE-2024-37354, CVE-2024-38381, CVE-2024-38388, CVE-2024-38390, CVE-2024-38540, CVE-2024-38541, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548, CVE-2024-38549, CVE-2024-38550, CVE-2024-38552, CVE-2024-38553, CVE-2024-38555, CVE-2024-38556, CVE-2024-38557, CVE-2024-38559, CVE-2024-38560, CVE-2024-38564, CVE-2024-38565, CVE-2024-38567, CVE-2024-38568, CVE-2024-38571, CVE-2024-38573, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38581, CVE-2024-38582, CVE-2024-38583, CVE-2024-38587, CVE-2024-38590, CVE-2024-38591, CVE-2024-38594, CVE-2024-38597, CVE-2024-38599, CVE-2024-38600, CVE-2024-38601, CVE-2024-38603, CVE-2024-38605, CVE-2024-38608, CVE-2024-38616, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38630, CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39468, CVE-2024-39469, CVE-2024-39471
Jira References: PED-8491, PED-8570, PED-8690
Maintenance Incident: [SUSE:Maintenance:34699](https://smelt.suse.de/incident/34699/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-livepatch-SLE15-SP5-RT_Update_17-1-150500.11.3.1, kernel-syms-rt-5.14.21-150500.13.61.1, kernel-source-rt-5.14.21-150500.13.61.1
SUSE Linux Enterprise Micro 5.5 (src):
 kernel-source-rt-5.14.21-150500.13.61.1
SUSE Linux Enterprise Live Patching 15-SP5 (src):
 kernel-livepatch-SLE15-SP5-RT_Update_17-1-150500.11.3.1
SUSE Real Time Module 15-SP5 (src):
 kernel-syms-rt-5.14.21-150500.13.61.1, kernel-source-rt-5.14.21-150500.13.61.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Maintenance Automation 2024-07-18 16:36:46 UTC 
SUSE-SU-2024:2561-1: An update that solves 176 vulnerabilities and has 17 security fixes can now be installed.

Category: security (important)
Bug References: 1119113, 1171988, 1191958, 1195065, 1195254, 1195775, 1204514, 1215420, 1216062, 1217912, 1218148, 1219224, 1220833, 1221010, 1221647, 1221654, 1221656, 1221659, 1221791, 1221958, 1222005, 1222015, 1222080, 1222364, 1222385, 1222435, 1222792, 1222809, 1222866, 1222879, 1222893, 1223013, 1223018, 1223021, 1223043, 1223188, 1223384, 1223532, 1223641, 1224177, 1224432, 1224504, 1224549, 1224552, 1224572, 1224575, 1224583, 1224588, 1224605, 1224622, 1224627, 1224647, 1224651, 1224660, 1224661, 1224662, 1224664, 1224668, 1224670, 1224672, 1224674, 1224677, 1224678, 1224683, 1224686, 1224703, 1224735, 1224739, 1224743, 1224763, 1224764, 1224765, 1224946, 1224951, 1224965, 1224967, 1224976, 1224977, 1224978, 1224993, 1224997, 1225047, 1225140, 1225184, 1225203, 1225229, 1225232, 1225261, 1225306, 1225337, 1225357, 1225372, 1225431, 1225463, 1225478, 1225484, 1225487, 1225490, 1225505, 1225514, 1225518, 1225530, 1225532, 1225548, 1225555, 1225556, 1225559, 1225569, 1225571, 1225573, 1225577, 1225583, 1225585, 1225593, 1225599, 1225602, 1225611, 1225642, 1225681, 1225704, 1225722, 1225749, 1225758, 1225760, 1225761, 1225767, 1225770, 1225815, 1225835, 1225840, 1225848, 1225866, 1225872, 1225894, 1225895, 1225898, 1226211, 1226212, 1226537, 1226554, 1226557, 1226562, 1226567, 1226575, 1226577, 1226593, 1226595, 1226597, 1226610, 1226614, 1226619, 1226621, 1226634, 1226637, 1226670, 1226672, 1226692, 1226698, 1226699, 1226701, 1226705, 1226708, 1226711, 1226712, 1226716, 1226718, 1226732, 1226735, 1226744, 1226746, 1226747, 1226749, 1226754, 1226757, 1226767, 1226769, 1226857, 1226861, 1226876, 1226883, 1226886, 1226895, 1226948, 1226949, 1226950, 1226962, 1226976, 1226994, 1226996, 1227101, 1227407, 1227435, 1227487
CVE References: CVE-2020-10135, CVE-2021-43389, CVE-2021-4439, CVE-2021-47103, CVE-2021-47145, CVE-2021-47191, CVE-2021-47193, CVE-2021-47201, CVE-2021-47267, CVE-2021-47270, CVE-2021-47275, CVE-2021-47293, CVE-2021-47294, CVE-2021-47297, CVE-2021-47309, CVE-2021-47328, CVE-2021-47354, CVE-2021-47372, CVE-2021-47379, CVE-2021-47407, CVE-2021-47418, CVE-2021-47434, CVE-2021-47438, CVE-2021-47445, CVE-2021-47498, CVE-2021-47518, CVE-2021-47520, CVE-2021-47544, CVE-2021-47547, CVE-2021-47566, CVE-2021-47571, CVE-2021-47576, CVE-2021-47587, CVE-2021-47589, CVE-2021-47600, CVE-2021-47602, CVE-2021-47603, CVE-2021-47609, CVE-2021-47617, CVE-2022-0435, CVE-2022-22942, CVE-2022-48711, CVE-2022-48715, CVE-2022-48722, CVE-2022-48732, CVE-2022-48733, CVE-2022-48740, CVE-2022-48743, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-4244, CVE-2023-52507, CVE-2023-52622, CVE-2023-52675, CVE-2023-52683, CVE-2023-52693, CVE-2023-52737, CVE-2023-52752, CVE-2023-52753, CVE-2023-52754, CVE-2023-52757, CVE-2023-52762, CVE-2023-52764, CVE-2023-52784, CVE-2023-52808, CVE-2023-52809, CVE-2023-5281, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2023-52832, CVE-2023-52834, CVE-2023-52835, CVE-2023-52843, CVE-2023-52845, CVE-2023-52855, CVE-2023-52881, CVE-2024-26633, CVE-2024-26635, CVE-2024-26636, CVE-2024-26641, CVE-2024-26679, CVE-2024-26687, CVE-2024-26720, CVE-2024-26813, CVE-2024-26845, CVE-2024-26863, CVE-2024-26880, CVE-2024-26894, CVE-2024-26923, CVE-2024-26928, CVE-2024-26973, CVE-2024-27399, CVE-2024-27410, CVE-2024-35247, CVE-2024-35805, CVE-2024-35807, CVE-2024-35819, CVE-2024-35822, CVE-2024-35828, CVE-2024-35835, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35867, CVE-2024-35868, CVE-2024-35870, CVE-2024-35886, CVE-2024-35896, CVE-2024-35922, CVE-2024-35925, CVE-2024-35930, CVE-2024-35947, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35976, CVE-2024-35979, CVE-2024-35997, CVE-2024-35998, CVE-2024-36014, CVE-2024-36016, CVE-2024-36017, CVE-2024-36025, CVE-2024-36479, CVE-2024-36880, CVE-2024-36894, CVE-2024-36915, CVE-2024-36917, CVE-2024-36919, CVE-2024-36923, CVE-2024-36934, CVE-2024-36938, CVE-2024-36940, CVE-2024-36941, CVE-2024-36949, CVE-2024-36950, CVE-2024-36952, CVE-2024-36960, CVE-2024-36964, CVE-2024-37021, CVE-2024-37354, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38549, CVE-2024-38552, CVE-2024-38553, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38597, CVE-2024-38598, CVE-2024-38601, CVE-2024-38608, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39475
Maintenance Incident: [SUSE:Maintenance:34719](https://smelt.suse.de/incident/34719/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_58-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.222.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.