Bug 1178372 (CVE-2020-28374) - VUL-0: CVE-2020-28374: kernel-source: LIO security issue
Summary: VUL-0: CVE-2020-28374: kernel-source: LIO security issue
Status: RESOLVED FIXED
Alias: CVE-2020-28374
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/270735/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-28374:8.1:(AV:...
Keywords:
Depends on:
Blocks: 1178684 CVE-2021-3139
  Show dependency treegraph
 
Reported: 2020-11-03 01:58 UTC by David Disseldorp
Modified: 2025-02-27 04:27 UTC (History)
15 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
0001-EMBARGOED-WIP-target-fix-XCOPY-NAA-identifier-lookup.patch (4.36 KB, patch)
2020-11-09 09:34 UTC, David Disseldorp
Details | Diff
research.txt - vuln analysis, mostly matching initial report (6.67 KB, text/plain)
2020-11-09 10:04 UTC, David Disseldorp
Details
tcmu-runner: 0001-EMBARGOED-tcmur-fail-cross-device-XCOPY-requests.patch (1.58 KB, patch)
2020-11-16 20:16 UTC, David Disseldorp
Details | Diff
0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch (5.35 KB, patch)
2020-12-01 10:00 UTC, David Disseldorp
Details | Diff
EMBARGOED_tcmur_follow_up_xcopy_fixes.patchset (3.92 KB, text/plain)
2020-12-03 12:30 UTC, David Disseldorp
Details
0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch (5.57 KB, patch)
2021-01-04 12:11 UTC, David Disseldorp
Details | Diff
0002-EMBARGOED-SQUASH-target-rework-device-pinning-to-use.patch (5.18 KB, patch)
2021-01-04 12:13 UTC, David Disseldorp
Details | Diff
0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch (6.67 KB, patch)
2021-01-05 12:31 UTC, David Disseldorp
Details | Diff
EMBARGOED_backport_suse_linux_4.4_target-fix-XCOPY-NAA-identifier-lookup.patch (6.52 KB, patch)
2021-01-05 17:11 UTC, David Disseldorp
Details | Diff
research.txt - vuln analysis, mostly matching initial report (7.80 KB, text/plain)
2021-01-08 12:20 UTC, David Disseldorp
Details

Note You need to log in before you can comment on or make changes to this bug.
Comment 11 David Disseldorp 2020-11-09 09:34:58 UTC
Created attachment 843402 [details]
0001-EMBARGOED-WIP-target-fix-XCOPY-NAA-identifier-lookup.patch

Minor clean-ups since previous patch. This version was sent to Mike Christie for review.
Comment 12 David Disseldorp 2020-11-09 10:04:26 UTC
Created attachment 843410 [details]
research.txt - vuln analysis, mostly matching initial report
Comment 17 Marcus Meissner 2020-11-10 14:37:11 UTC
Mitre assigned CVE-2020-28374
Comment 19 David Disseldorp 2020-11-11 11:27:46 UTC
@Hannes: does somebody on your team have time to review the proposed fix:
https://bugzilla.suse.com/attachment.cgi?id=843402

It works fine, but I'm a little worried about races WRT pinning the configfs node.
Comment 20 Hannes Reinecke 2020-11-13 07:43:38 UTC
Lee, can you check?
Comment 24 Lee Duncan 2020-11-13 20:46:52 UTC
(In reply to Hannes Reinecke from comment #20)
> Lee, can you check?

The changes all look good to me. Good catch David.
Comment 25 David Disseldorp 2020-11-16 20:16:15 UTC
Created attachment 843655 [details]
tcmu-runner: 0001-EMBARGOED-tcmur-fail-cross-device-XCOPY-requests.patch

> I'm working on a tcmu-runner fix which fails any XCOPY request with CSCDs that don't match the backstore receiving the XCOPY request. I.e. cross-device copy offload can't be performed. IMO this keeps the fix simple and should still cater to the most common XCOPY use-case.

See attached. @Lee: please take a look at this one too if you have time. It's based atop current tcmu-runner master (9d7d245f27fe2e31a6223636e58d195d13e5cb06). I came across a few more bugs in the tcmu-runner XCOPY implementation, but they should probably be tracked separately.
Comment 26 David Disseldorp 2020-11-16 22:28:52 UTC
Created attachment 843658 [details]
research.txt - vuln analysis, mostly matching initial report

research.txt updated to include tcmu-runner vulnerability and fix details
Comment 27 Lee Duncan 2020-11-17 01:27:52 UTC
(In reply to David Disseldorp from comment #25)
> ...
> See attached. @Lee: please take a look at this one too if you have time.
> ...

Also looks good David.

Feel free to add my reviewed-by line when submitted upstream.
Comment 28 David Disseldorp 2020-11-20 11:09:07 UTC
I'm going to forward Marcus' proposed unembargo date of the December 8 (SUSE patch day) to RH and Oracle today.
Comment 29 David Disseldorp 2020-11-24 00:08:41 UTC
Mike Christie rightly pointed out that the target_depend_item() se_device pinning isn't safe to do in the rcu_read_lock() critical section. I'm in the process of reworking how the pinning is done and will post an update when done with testing.
Comment 30 David Disseldorp 2020-12-01 10:00:05 UTC
Created attachment 844011 [details]
0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch

(In reply to David Disseldorp from comment #29)
> Mike Christie rightly pointed out that the target_depend_item() se_device
> pinning isn't safe to do in the rcu_read_lock() critical section. I'm in the
> process of reworking how the pinning is done and will post an update when
> done with testing.

Updated.

Oracle have expressed an interest in moving the unembargo date to December 17.
Comment 31 Marcus Meissner 2020-12-01 13:50:22 UTC
Discussion with Oracle via keybase, also considering not doing kernel updates over christmas ... pushed to:

CRD: 2021-01-12 10:00 PST  (Pacific standard time)
Comment 32 David Disseldorp 2020-12-01 14:27:44 UTC
(In reply to Marcus Meissner from comment #31)
> Discussion with Oracle via keybase, also considering not doing kernel
> updates over christmas ... pushed to:
> 
> CRD: 2021-01-12 10:00 PST  (Pacific standard time)

Okay, thanks. I'll relay this to Red Hat.
Comment 33 David Disseldorp 2020-12-02 00:53:45 UTC
(In reply to David Disseldorp from comment #30)
> Created attachment 844011 [details]
> 0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch
> 
> (In reply to David Disseldorp from comment #29)
> > Mike Christie rightly pointed out that the target_depend_item() se_device
> > pinning isn't safe to do in the rcu_read_lock() critical section. I'm in the
> > process of reworking how the pinning is done and will post an update when
> > done with testing.
> 
> Updated.

Mike has signed-off on this version:

> Hey David, the patch looks ok to me. It also tested ok for me.
> You can add my
>
> Signed-off-by: Mike Christie <michael.christie@oracle.com>

@Lee: would you mind taking a look at this version too?
Comment 34 David Disseldorp 2020-12-03 12:30:20 UTC
Created attachment 844093 [details]
EMBARGOED_tcmur_follow_up_xcopy_fixes.patchset

Forgot to add these patches earlier, they're follow-up XCOPY fixes for tcmu-runner, which are separate to the actual CVE fix. @Lee: a review on these would be helpful here too, if possible
Comment 35 Lee Duncan 2020-12-16 19:59:18 UTC
(In reply to David Disseldorp from comment #33)
> (In reply to David Disseldorp from comment #30)
> > Created attachment 844011 [details]
> > 0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch
> > 
> > (In reply to David Disseldorp from comment #29)
> > > Mike Christie rightly pointed out that the target_depend_item() se_device
> > > pinning isn't safe to do in the rcu_read_lock() critical section. I'm in the
> > > process of reworking how the pinning is done and will post an update when
> > > done with testing.
> > 
> > Updated.
> 
> Mike has signed-off on this version:
> 
> > Hey David, the patch looks ok to me. It also tested ok for me.
> > You can add my
> >
> > Signed-off-by: Mike Christie <michael.christie@oracle.com>
> 
> @Lee: would you mind taking a look at this version too?

David: My apologies for not replying sooner. I looked at the code weeks ago but forgot to comment.

The only issue I saw was a nit/style point: I'm not sure I see the value of using the goto target "err_out" in target_xcopy_locate_se_dev_e4() when only one path uses it. But it doesn't hurt anything of course.
Comment 36 David Disseldorp 2020-12-17 00:05:56 UTC
(In reply to Lee Duncan from comment #35)
...
> > > Signed-off-by: Mike Christie <michael.christie@oracle.com>
> > 
> > @Lee: would you mind taking a look at this version too?
> 
> David: My apologies for not replying sooner. I looked at the code weeks ago
> but forgot to comment.

No problem Lee. Thanks for the feedback.

> The only issue I saw was a nit/style point: I'm not sure I see the value of
> using the goto target "err_out" in target_xcopy_locate_se_dev_e4() when only
> one path uses it. But it doesn't hurt anything of course.

Good catch. I'm in the process of respinning this patch and will try to clean this up at the same time.

The respin was suggested by Oracle to close the race where an XCOPY request could proceed while a lun was detached from the backstore following the ref_get(lun_ref) -> target_depend_item() -> ref_put(lun_ref) dance.
Comment 37 David Disseldorp 2020-12-17 00:15:54 UTC
(In reply to David Disseldorp from comment #36)
...
> > The only issue I saw was a nit/style point: I'm not sure I see the value of
> > using the goto target "err_out" in target_xcopy_locate_se_dev_e4() when only
> > one path uses it. But it doesn't hurt anything of course.
> 
> Good catch. I'm in the process of respinning this patch and will try to
> clean this up at the same time.

Actually, there are two paths to it - sess and found_dev can both be NULL on error. I'll leave this as is for now.
Comment 40 David Disseldorp 2021-01-04 12:11:36 UTC
Created attachment 844803 [details]
0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch
Comment 41 David Disseldorp 2021-01-04 12:13:14 UTC
Created attachment 844804 [details]
0002-EMBARGOED-SQUASH-target-rework-device-pinning-to-use.patch

lun_ref rework following feedback from Oracle, to be squashed with 0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch .
Comment 42 David Disseldorp 2021-01-05 09:20:17 UTC
(In reply to David Disseldorp from comment #41)
> Created attachment 844804 [details]
> 0002-EMBARGOED-SQUASH-target-rework-device-pinning-to-use.patch
> 
> lun_ref rework following feedback from Oracle, to be squashed with
> 0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch .

Positive feedback from Mike came in overnight. I'm preparing it for submission today.
Comment 43 David Disseldorp 2021-01-05 12:31:04 UTC
Created attachment 844846 [details]
0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch

Squashed patch. @Lee: let me know if I can add your review/signed-off-by tag to this.

This patch results in a change to struct xcopy_op in drivers/target/target_core_xcopy.h , which might trigger some kabi warnings here. The structure isn't used outside of target_core_xcopy.c .
Comment 44 Michal Kubeček 2021-01-05 13:42:07 UTC
(In reply to David Disseldorp from comment #43)
> Created attachment 844846 [details]
> 0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch
> 
> Squashed patch. @Lee: let me know if I can add your review/signed-off-by tag
> to this.

Are you going to prepare pull requests or should we add the patch to relevant
branches ourselves?

> This patch results in a change to struct xcopy_op in
> drivers/target/target_core_xcopy.h , which might trigger some kabi warnings
> here. The structure isn't used outside of target_core_xcopy.c .

struct xcopy_op doesn't seem tracked in kabi/*/* reference files so that
there should be no kabi error.
Comment 45 David Disseldorp 2021-01-05 13:52:41 UTC
(In reply to Michal Kubeček from comment #44)
> (In reply to David Disseldorp from comment #43)
> > Created attachment 844846 [details]
> > 0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch
> > 
> > Squashed patch. @Lee: let me know if I can add your review/signed-off-by tag
> > to this.
> 
> Are you going to prepare pull requests or should we add the patch to relevant
> branches ourselves?

I'll submit via a user branch on kerncvs.suse.de. I've not submitted embargoed changes there before and don't want to make anything public.
http://kerncvs.suse.de/ mentiones "internal cve branches are automatically merged into public branches" so I assume my submissions should be against "X_EMBARGO" branches, e.g. users/ddiss/SLE15-SP2_EMBARGO/for-next ?

> > This patch results in a change to struct xcopy_op in
> > drivers/target/target_core_xcopy.h , which might trigger some kabi warnings
> > here. The structure isn't used outside of target_core_xcopy.c .
> 
> struct xcopy_op doesn't seem tracked in kabi/*/* reference files so that
> there should be no kabi error.

Thanks for checking.
Comment 46 David Disseldorp 2021-01-05 13:56:47 UTC
(In reply to David Disseldorp from comment #45)
> I've not submitted
> embargoed changes there before and don't want to make anything public.
> http://kerncvs.suse.de/ mentiones "internal cve branches are automatically
> merged into public branches" so I assume my submissions should be against
> "X_EMBARGO" branches, e.g. users/ddiss/SLE15-SP2_EMBARGO/for-next ?

Also, the patch has an "EMBARGOED " subject/path prefix. Can that remain or should I strip it off?
Comment 47 Takashi Iwai 2021-01-05 13:59:34 UTC
You don't have to base on the *_EMBARGOED branch, and you can use the normal SLE15-SP2 branch.  But push your user branch with a different suffix than for-next, e.g. users/foo/SLE15-SP2/bsc12345 or such, then inform each branch maintainer to pull manually.

The patch prefix should be better to be cleaner without EMBARGOED (although this is no big matter in either way).
Comment 48 Michal Kubeček 2021-01-05 14:02:44 UTC
(In reply to David Disseldorp from comment #45)
> I'll submit via a user branch on kerncvs.suse.de. I've not submitted
> embargoed changes there before and don't want to make anything public.
> http://kerncvs.suse.de/ mentiones "internal cve branches are automatically
> merged into public branches" so I assume my submissions should be against
> "X_EMBARGO" branches, e.g. users/ddiss/SLE15-SP2_EMBARGO/for-next ?

Yes for SLE15-SP2 (where we have no cve/linux-5.3 yet).

For older kernels, IMHO the best approach would be to base your branches
on corresponding cve/linux-* but name them in a way that makes it clear that
they are not meant as pull requests for cve/linux-* (not yet, that is), e.g.
.../SLE*_EMBARGO/for-next or .../cve/linux-*/1178372_EMBARGO
Comment 49 David Disseldorp 2021-01-05 14:23:06 UTC
Thanks for the pointers Takashi and Michal. I've queued up the first (15SP2) at:
  users/ddiss/SLE15-SP2/bsc1178372_EMBARGO

I'm running the cve/linux-* backports through final testing and will push under users/ddiss/cve/linux-*/bsc1178372_EMBARGO when done
Comment 50 Lee Duncan 2021-01-05 16:34:34 UTC
(In reply to David Disseldorp from comment #43)
> Created attachment 844846 [details]
> 0001-EMBARGOED-target-fix-XCOPY-NAA-identifier-lookup.patch
> 
> Squashed patch. @Lee: let me know if I can add your review/signed-off-by tag
> to this.
> 
> This patch results in a change to struct xcopy_op in
> drivers/target/target_core_xcopy.h , which might trigger some kabi warnings
> here. The structure isn't used outside of target_core_xcopy.c .

Boy, this patch has evolved. :) Yes, please add my reviewed-by tag. Looks good.
Comment 51 David Disseldorp 2021-01-05 17:11:23 UTC
Created attachment 844853 [details]
EMBARGOED_backport_suse_linux_4.4_target-fix-XCOPY-NAA-identifier-lookup.patch

(In reply to Lee Duncan from comment #50)
...
> Boy, this patch has evolved. :) Yes, please add my reviewed-by tag. Looks
> good.

Thanks for the feedback. I'd also appreciate if you could take a look at the 4.4 based backport I'm attaching here. The diff looks quite different due to the lack of 6906d008b4b0, but the implementation itself is pretty much the same as mainline.

@Takashi and Michal: The users/ddiss/cve/linux-*/bsc1178372_EMBARGO branches have all been pushed, so all maintenance branches with XCOPY support (v3.12+) should now be covered.
Comment 52 Lee Duncan 2021-01-05 17:42:50 UTC
(In reply to David Disseldorp from comment #51)
> Created attachment 844853 [details]
> EMBARGOED_backport_suse_linux_4.4_target-fix-XCOPY-NAA-identifier-lookup.
> patch
> 
> (In reply to Lee Duncan from comment #50)
> ...
> > Boy, this patch has evolved. :) Yes, please add my reviewed-by tag. Looks
> > good.
> 
> Thanks for the feedback. I'd also appreciate if you could take a look at the
> 4.4 based backport I'm attaching here. The diff looks quite different due to
> the lack of 6906d008b4b0, but the implementation itself is pretty much the
> same as mainline.
> 
> @Takashi and Michal: The users/ddiss/cve/linux-*/bsc1178372_EMBARGO branches
> have all been pushed, so all maintenance branches with XCOPY support
> (v3.12+) should now be covered.

Also looks reasonable though a bit different.
Comment 57 David Disseldorp 2021-01-08 12:20:26 UTC
Created attachment 844938 [details]
research.txt - vuln analysis, mostly matching initial report

Attaching updated research.txt analysis. Marking tcmu-runner patches as obsolete, as the tcmu-runner fix is now tracked via bsc#1180676 .
Comment 59 Marcus Meissner 2021-01-12 18:01:03 UTC
now public
Comment 60 OBSbugzilla Bot 2021-01-13 07:52:39 UTC
This is an autogenerated message for OBS integration:
This bug (1178372) was mentioned in
https://build.opensuse.org/request/show/862807 15.1 / kernel-source
Comment 61 OBSbugzilla Bot 2021-01-13 16:24:12 UTC
This is an autogenerated message for OBS integration:
This bug (1178372) was mentioned in
https://build.opensuse.org/request/show/862934 15.2 / kernel-source
Comment 62 Swamp Workflow Management 2021-01-14 08:21:00 UTC
SUSE-SU-2021:0117-1: An update that solves 15 vulnerabilities and has 98 fixes is now available.

Category: security (moderate)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1163727,1165933,1167657,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1175995,1176396,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178372,1178590,1178612,1178634,1178660,1178756,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506,1180541,1180559,1180566
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28374,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.46.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.46.1, kernel-livepatch-SLE15-SP2_Update_9-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.46.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.46.1, kernel-obs-build-5.3.18-24.46.1, kernel-preempt-5.3.18-24.46.1, kernel-source-5.3.18-24.46.1, kernel-syms-5.3.18-24.46.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.46.1, kernel-default-base-5.3.18-24.46.1.9.19.1, kernel-preempt-5.3.18-24.46.1, kernel-source-5.3.18-24.46.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 63 Swamp Workflow Management 2021-01-14 08:33:43 UTC
SUSE-SU-2021:0118-1: An update that solves 14 vulnerabilities and has 77 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1050242,1050536,1050545,1055117,1056653,1056657,1056787,1064802,1065729,1066129,1094840,1103990,1103992,1104389,1104393,1109695,1109837,1110096,1112178,1112374,1115431,1118657,1129770,1136460,1136461,1138374,1139944,1144912,1152457,1163727,1164780,1171078,1172145,1172538,1172694,1174784,1174852,1176558,1176559,1176956,1178270,1178372,1178401,1178590,1178634,1178762,1179014,1179015,1179045,1179082,1179107,1179142,1179204,1179419,1179444,1179520,1179578,1179601,1179663,1179666,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559
CVE References: CVE-2018-20669,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28374,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.78.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.78.1, kernel-livepatch-SLE15-SP1_Update_21-1-3.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.78.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.78.1, kernel-obs-build-4.12.14-197.78.1, kernel-source-4.12.14-197.78.1, kernel-syms-4.12.14-197.78.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.78.1, kernel-source-4.12.14-197.78.1, kernel-zfcpdump-4.12.14-197.78.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.78.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 64 Swamp Workflow Management 2021-01-15 02:20:26 UTC
openSUSE-SU-2021:0060-1: An update that solves 17 vulnerabilities and has 99 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1163727,1165933,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175389,1175480,1175995,1176396,1176846,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178372,1178590,1178612,1178634,1178660,1178756,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179878,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506,1180541,1180559,1180566,1180773
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-25639,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-27835,CVE-2020-28374,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.60.1, kernel-default-5.3.18-lp152.60.1, kernel-docs-5.3.18-lp152.60.1, kernel-kvmsmall-5.3.18-lp152.60.1, kernel-obs-build-5.3.18-lp152.60.1, kernel-obs-qa-5.3.18-lp152.60.1, kernel-preempt-5.3.18-lp152.60.1, kernel-source-5.3.18-lp152.60.1, kernel-syms-5.3.18-lp152.60.1
Comment 65 Swamp Workflow Management 2021-01-15 11:22:28 UTC
SUSE-SU-2021:0133-1: An update that solves 14 vulnerabilities and has 85 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1050242,1050536,1050545,1055117,1056653,1056657,1056787,1064802,1065729,1066129,1094840,1103990,1103992,1104389,1104393,1109695,1109837,1110096,1112178,1112374,1114648,1115431,1118657,1122971,1129770,1136460,1136461,1138374,1139944,1144912,1152457,1163727,1164780,1171078,1172145,1172538,1172694,1174784,1174852,1176558,1176559,1176956,1177666,1178270,1178372,1178401,1178590,1178634,1178762,1179014,1179015,1179045,1179082,1179107,1179142,1179204,1179403,1179406,1179418,1179419,1179421,1179444,1179520,1179578,1179601,1179616,1179663,1179666,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559
CVE References: CVE-2018-20669,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28374,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.57.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.57.1, kernel-obs-build-4.12.14-122.57.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.57.1, kernel-source-4.12.14-122.57.1, kernel-syms-4.12.14-122.57.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.57.1, kgraft-patch-SLE12-SP5_Update_14-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.57.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 69 Swamp Workflow Management 2021-01-16 14:20:16 UTC
openSUSE-SU-2021:0075-1: An update that solves 17 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1112178,1115431,1129770,1138374,1139944,1144912,1152457,1163727,1164780,1168952,1171078,1172145,1172538,1172694,1174784,1176558,1176559,1176846,1176956,1177666,1178049,1178270,1178372,1178401,1178590,1178634,1178762,1178900,1179014,1179015,1179045,1179082,1179107,1179142,1179204,1179444,1179508,1179509,1179520,1179575,1179578,1179601,1179663,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559,1180676
CVE References: CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-25639,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.91.1, kernel-default-4.12.14-lp151.28.91.1, kernel-docs-4.12.14-lp151.28.91.1, kernel-kvmsmall-4.12.14-lp151.28.91.1, kernel-obs-build-4.12.14-lp151.28.91.1, kernel-obs-qa-4.12.14-lp151.28.91.1, kernel-source-4.12.14-lp151.28.91.1, kernel-syms-4.12.14-lp151.28.91.1, kernel-vanilla-4.12.14-lp151.28.91.1
Comment 77 tan 2021-02-03 03:34:56 UTC
Hello All,

Could you please share with me when will the sles12sp2 ltss patch for CVE-2020-28374 be released?

Any update from you would appreciated.

Thanks,
Mengsu
Comment 84 Swamp Workflow Management 2021-02-09 14:19:22 UTC
SUSE-SU-2021:0347-1: An update that solves 11 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1065600,1149032,1152472,1152489,1153274,1154353,1155518,1163727,1163930,1165545,1167773,1172355,1175389,1176395,1176831,1176846,1178142,1178372,1178631,1178684,1179142,1179396,1179508,1179509,1179567,1179572,1179575,1179878,1180008,1180130,1180264,1180412,1180541,1180559,1180562,1180566,1180676,1180759,1180765,1180773,1180809,1180812,1180848,1180859,1180889,1180891,1180971,1181014,1181018,1181077,1181104,1181148,1181158,1181161,1181169,1181203,1181217,1181218,1181219,1181220,1181237,1181318,1181335,1181346,1181349,1181425,1181494,1181504,1181511,1181538,1181553,1181584,1181645
CVE References: CVE-2020-25211,CVE-2020-25639,CVE-2020-27835,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-36158,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.35.2, kernel-source-azure-5.3.18-18.35.2, kernel-syms-azure-5.3.18-18.35.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 85 Swamp Workflow Management 2021-02-09 14:36:34 UTC
SUSE-SU-2021:0348-1: An update that solves 9 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046540,1046542,1046648,1050242,1050244,1050536,1050538,1050545,1056653,1056657,1056787,1064802,1066129,1073513,1074220,1075020,1086282,1086301,1086313,1086314,1098633,1103990,1103991,1103992,1104270,1104277,1104279,1104353,1104427,1104742,1104745,1109837,1111981,1112178,1112374,1113956,1119113,1126206,1126390,1127354,1127371,1129770,1136348,1144912,1149032,1163727,1172145,1174206,1176831,1176846,1178036,1178049,1178372,1178631,1178684,1178900,1179093,1179508,1179509,1179563,1179573,1179575,1179878,1180008,1180130,1180559,1180562,1180676,1180765,1180812,1180859,1180891,1180912,1181001,1181018,1181170,1181230,1181231,1181349,1181425,1181553,901327
CVE References: CVE-2020-25639,CVE-2020-27835,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-36158,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.44.1, kernel-source-azure-4.12.14-16.44.1, kernel-syms-azure-4.12.14-16.44.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 86 Swamp Workflow Management 2021-02-10 20:24:45 UTC
SUSE-SU-2021:0427-1: An update that solves 10 vulnerabilities and has 61 fixes is now available.

Category: security (important)
Bug References: 1065600,1149032,1152472,1152489,1153274,1154353,1155518,1163930,1165545,1167773,1172355,1175389,1176395,1176831,1176846,1178142,1178372,1178631,1178684,1178995,1179142,1179396,1179508,1179509,1179567,1179572,1179575,1179878,1180008,1180130,1180264,1180412,1180676,1180759,1180765,1180773,1180809,1180812,1180848,1180859,1180889,1180891,1180964,1180971,1181014,1181018,1181077,1181104,1181148,1181158,1181161,1181169,1181203,1181217,1181218,1181219,1181220,1181237,1181318,1181335,1181346,1181349,1181425,1181494,1181504,1181511,1181538,1181544,1181553,1181584,1181645
CVE References: CVE-2020-25211,CVE-2020-25639,CVE-2020-27835,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-25.1, kernel-rt_debug-5.3.18-25.1, kernel-source-rt-5.3.18-25.1, kernel-syms-rt-5.3.18-25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 87 Swamp Workflow Management 2021-02-11 14:19:16 UTC
SUSE-SU-2021:0434-1: An update that solves 26 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1144912,1149032,1158775,1163727,1171979,1176395,1176846,1176962,1177304,1177666,1178036,1178182,1178198,1178372,1178589,1178590,1178684,1178886,1179107,1179140,1179141,1179419,1179429,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179878,1179895,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1180676,1181001,1181158,1181349,1181504,1181553,1181645
CVE References: CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25639,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27835,CVE-2020-28374,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.68.1, kernel-source-4.12.14-95.68.1, kernel-syms-4.12.14-95.68.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.68.1, kernel-source-4.12.14-95.68.1, kernel-syms-4.12.14-95.68.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.68.1, kernel-source-4.12.14-95.68.1, kernel-syms-4.12.14-95.68.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.68.1, kernel-source-4.12.14-95.68.1, kernel-syms-4.12.14-95.68.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.68.1, kgraft-patch-SLE12-SP4_Update_18-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 88 Swamp Workflow Management 2021-02-11 14:32:12 UTC
SUSE-SU-2021:0433-1: An update that solves 10 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046540,1046542,1046648,1050242,1050244,1050536,1050538,1050545,1056653,1056657,1056787,1064802,1066129,1073513,1074220,1075020,1086282,1086301,1086313,1086314,1098633,1103990,1103991,1103992,1104270,1104277,1104279,1104353,1104427,1104742,1104745,1109837,1111981,1112178,1112374,1113956,1119113,1126206,1126390,1127354,1127371,1129770,1136348,1144912,1149032,1163727,1172145,1174206,1176831,1176846,1178036,1178049,1178372,1178631,1178684,1178900,1179093,1179508,1179509,1179563,1179573,1179575,1179878,1180008,1180130,1180559,1180562,1180676,1180765,1180812,1180859,1180891,1180912,1181001,1181018,1181170,1181230,1181231,1181349,1181425,1181504,1181553,1181645
CVE References: CVE-2020-25639,CVE-2020-27835,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-36158,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.31.1, kernel-rt_debug-4.12.14-10.31.1, kernel-source-rt-4.12.14-10.31.1, kernel-syms-rt-4.12.14-10.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 89 Swamp Workflow Management 2021-02-11 20:34:12 UTC
SUSE-SU-2021:0438-1: An update that solves 29 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1144912,1149032,1163840,1168952,1172199,1173074,1173942,1176395,1176846,1177666,1178182,1178272,1178372,1178589,1178590,1178684,1178886,1179071,1179107,1179140,1179141,1179419,1179429,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179878,1179895,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1180676,1181001,1181158,1181349,1181504,1181553,1181645
CVE References: CVE-2019-20806,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-10781,CVE-2020-11668,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25639,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27835,CVE-2020-28374,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1, kernel-zfcpdump-4.12.14-150.66.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.66.1, kernel-livepatch-SLE15_Update_22-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.66.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 93 Swamp Workflow Management 2021-03-09 20:33:28 UTC
SUSE-SU-2021:0744-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1178372,1181747,1181753,1181843,1182175
CVE References: CVE-2020-28374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.152.2, kernel-source-4.4.121-92.152.2, kernel-syms-4.4.121-92.152.2, kgraft-patch-SLE12-SP2_Update_40-1-3.3.2
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.152.2, kernel-source-4.4.121-92.152.2, kernel-syms-4.4.121-92.152.2, kgraft-patch-SLE12-SP2_Update_40-1-3.3.2
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.152.2, kernel-source-4.4.121-92.152.2, kernel-syms-4.4.121-92.152.2, kgraft-patch-SLE12-SP2_Update_40-1-3.3.2
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.152.2, kernel-source-4.4.121-92.152.2, kernel-syms-4.4.121-92.152.2
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.152.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 94 Swamp Workflow Management 2021-03-09 20:36:05 UTC
SUSE-SU-2021:0743-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1177440,1178372,1181747,1181753,1181843,1182175
CVE References: CVE-2020-28374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.141.2, kernel-source-4.4.180-94.141.2, kernel-syms-4.4.180-94.141.2, kgraft-patch-SLE12-SP3_Update_38-1-4.3.2
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.141.2, kernel-source-4.4.180-94.141.2, kernel-syms-4.4.180-94.141.2, kgraft-patch-SLE12-SP3_Update_38-1-4.3.2
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.141.2, kernel-source-4.4.180-94.141.2, kernel-syms-4.4.180-94.141.2, kgraft-patch-SLE12-SP3_Update_38-1-4.3.2
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.141.2, kernel-source-4.4.180-94.141.2, kernel-syms-4.4.180-94.141.2, kgraft-patch-SLE12-SP3_Update_38-1-4.3.2
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.141.2, kernel-source-4.4.180-94.141.2, kernel-syms-4.4.180-94.141.2
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.141.2
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.141.2, kernel-source-4.4.180-94.141.2, kernel-syms-4.4.180-94.141.2, kgraft-patch-SLE12-SP3_Update_38-1-4.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 95 tan 2021-04-21 04:42:10 UTC
Hello all,

Does sles12sp2 plan to fix this bug?

Thanks,
Mengsu
Comment 96 David Disseldorp 2021-04-21 10:04:03 UTC
(In reply to tan mengsu from comment #95)
> Hello all,
> 
> Does sles12sp2 plan to fix this bug?

Hi Mengsu,

Isn't SLES12-SP2-LTSS covered by comment#93 ? If not then I'd suggest getting in touch with the maintenance team.
Comment 97 tan 2021-04-21 10:30:57 UTC
(In reply to David Disseldorp from comment #96)
> (在评论#95中回复tan mengsu )
> >大家好,
> > 
> > sles12sp2是否计划修复此错误?
> 
> 孟秀喜
> 
> SLES12-SP2-LTSS是否未包含在注释#93中?如果没有,我建议与维护团队联系。

Hi David,

ok,got it,thanks for you help.

Thanks,
Mengsu
Comment 98 David Disseldorp 2021-05-11 11:54:39 UTC
I think this one is done and dusted. Reassigning to the security team for closure.
Comment 102 Marcus Meissner 2021-09-10 09:12:37 UTC
fixed