Bug 1184170 – VUL-0: CVE-2021-3444: kernel-source: [] Linux kernel bpf verifier incorrect mod32 truncation

Bug 1184170 - (CVE-2021-3444) VUL-0: CVE-2021-3444: kernel-source: [] Linux kernel bpf verifier incorrect mod32 truncation

(CVE-2021-3444)
Summary:	VUL-0: CVE-2021-3444: kernel-source: [] Linux kernel bpf verifier incorrect m...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Gary Ching-Pang Lin
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/280324/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-3444:7.0:(AV:L...
Keywords:

Depends on:
Blocks:	1184171
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-03-30 14:54 UTC by Alexander Bergmann
Modified:	2023-01-18 16:45 UTC (History)
CC List:	10 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2021-03-30 14:54:08 UTC

CVE-2021-3444

The bpf verifier in the Linux kernel did not properly handle mod32 destination
register truncation when the source register was known to be 0. A local attacker
with the ability to load bpf programs could use this gain out-of-bounds reads in
kernel memory leading to information disclosure (kernel memory), and possibly
out-of-bounds writes that could potentially lead to code execution. This issue
was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix
truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels
5.11.2, 5.10.19, and 5.4.101.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3444
http://seclists.org/oss-sec/2021/q1/259
http://www.openwall.com/lists/oss-security/2021/03/23/2
https://www.openwall.com/lists/oss-security/2021/03/23/2
https://access.redhat.com/security/cve/CVE-2021-3444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3444
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809

Comment 1 Gary Ching-Pang Lin 2021-03-31 09:31:50 UTC

Just did a quick check.
SLE15-SP3 already had the fix and we just need to update the tag.
On the other hand, SLE15-SP2 and cve/linux-4.12 contain the "fixes" commit. Will backport the fix.

Comment 2 Gary Ching-Pang Lin 2021-04-01 06:49:02 UTC

For the record, the additional commits are backported to make the fix appliable:

SLE15-SP2
e88b2c6e5a4d bpf: Fix 32 bit src register truncation on div/mod

cve/linux-4.12
f6b1b3bf0d5f bpf: fix subprog verifier bypass by div/mod by 0 exception
e88b2c6e5a4d bpf: Fix 32 bit src register truncation on div/mod

Comment 5 OBSbugzilla Bot 2021-04-07 04:52:16 UTC

This is an autogenerated message for OBS integration:
This bug (1184170) was mentioned in
https://build.opensuse.org/request/show/883472 15.2 / kernel-source

Comment 9 Gary Ching-Pang Lin 2021-04-09 02:34:40 UTC

Nicolai found that my backport of e88b2c6e5a4d for cve/linux-4.12 was incorrect. Will update the patches.

Comment 11 Swamp Workflow Management 2021-04-10 10:24:17 UTC

openSUSE-SU-2021:0532-1: An update that solves 21 vulnerabilities and has 74 fixes is now available.

Category: security (important)
Bug References: 1152472,1152489,1153274,1154353,1155518,1156256,1159280,1160634,1167773,1168777,1169514,1169709,1171295,1173485,1177326,1178163,1178330,1179454,1180197,1180980,1181383,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184167,1184168,1184170,1184176,1184192,1184193,1184196,1184198,1184217,1184218,1184219,1184220,1184224
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-3428,CVE-2021-3444
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.69.1, kernel-default-5.3.18-lp152.69.1, kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1, kernel-docs-5.3.18-lp152.69.1, kernel-kvmsmall-5.3.18-lp152.69.1, kernel-obs-build-5.3.18-lp152.69.1, kernel-obs-qa-5.3.18-lp152.69.1, kernel-preempt-5.3.18-lp152.69.1, kernel-source-5.3.18-lp152.69.1, kernel-syms-5.3.18-lp152.69.1

Comment 12 Gary Ching-Pang Lin 2021-04-12 09:20:59 UTC

Update the fixes for cve/linux-4.12.

Comment 15 Swamp Workflow Management 2021-04-13 19:25:11 UTC

SUSE-SU-2021:1177-1: An update that solves 21 vulnerabilities and has 74 fixes is now available.

Category: security (important)
Bug References: 1152472,1152489,1153274,1154353,1155518,1156256,1159280,1160634,1167773,1168777,1169514,1169709,1171295,1173485,1177326,1178163,1178330,1179454,1180197,1180980,1181383,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184167,1184168,1184170,1184176,1184192,1184193,1184196,1184198,1184217,1184218,1184219,1184220,1184224
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-3428,CVE-2021-3444
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.41.1, kernel-source-azure-5.3.18-18.41.1, kernel-syms-azure-5.3.18-18.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Swamp Workflow Management 2021-04-13 19:33:15 UTC

SUSE-SU-2021:1175-1: An update that solves 24 vulnerabilities and has 51 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1103990,1103991,1103992,1104270,1104353,1109837,1111981,1112374,1113994,1118657,1118661,1119113,1126390,1129770,1132477,1142635,1152446,1154048,1169709,1172455,1173485,1175165,1176720,1176855,1178163,1179243,1179428,1179454,1179660,1179755,1180846,1181507,1181515,1181544,1181655,1181674,1181747,1181753,1181843,1182011,1182175,1182485,1182574,1182715,1182716,1182717,1183018,1183022,1183023,1183378,1183379,1183380,1183381,1183382,1183416,1183509,1183593,1183646,1183662,1183686,1183692,1183696,1183775,1183861,1183871,1184114,1184167,1184168,1184170,1184192,1184193,1184196,1184198
CVE References: CVE-2020-0433,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-29368,CVE-2020-29374,CVE-2020-35519,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-3428,CVE-2021-3444
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.50.1, kernel-source-azure-4.12.14-16.50.1, kernel-syms-azure-4.12.14-16.50.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2021-04-13 19:41:59 UTC

SUSE-SU-2021:1176-1: An update that solves 25 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1103990,1103991,1103992,1104270,1104353,1109837,1111981,1112374,1113994,1118657,1118661,1119113,1126390,1129770,1132477,1142635,1152446,1154048,1169709,1172455,1173485,1175165,1176720,1176855,1177411,1178163,1179243,1179428,1179454,1179660,1179755,1180846,1181515,1181544,1181655,1181674,1181747,1181753,1181843,1182011,1182175,1182485,1182574,1182715,1182716,1182717,1183018,1183022,1183023,1183378,1183379,1183380,1183381,1183382,1183416,1183509,1183593,1183646,1183686,1183692,1183696,1183775,1183861,1183871,1184114,1184167,1184168,1184170,1184192,1184193,1184196,1184198
CVE References: CVE-2020-0433,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-29368,CVE-2020-29374,CVE-2020-35519,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-3428,CVE-2021-3444
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.37.1, kernel-rt_debug-4.12.14-10.37.1, kernel-source-rt-4.12.14-10.37.1, kernel-syms-rt-4.12.14-10.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Swamp Workflow Management 2021-04-15 16:39:18 UTC

SUSE-SU-2021:1210-1: An update that solves 33 vulnerabilities and has 53 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1103990,1103991,1103992,1104270,1104353,1109837,1111981,1112374,1113295,1113994,1118657,1118661,1119113,1126390,1129770,1132477,1142635,1152446,1154048,1169709,1172455,1173485,1175165,1176720,1176855,1178163,1178181,1179243,1179428,1179454,1179660,1179755,1180846,1181507,1181515,1181544,1181655,1181674,1181747,1181753,1181843,1182011,1182175,1182485,1182574,1182715,1182716,1182717,1183018,1183022,1183023,1183378,1183379,1183380,1183381,1183382,1183405,1183416,1183509,1183593,1183646,1183662,1183686,1183692,1183696,1183755,1183775,1183861,1183871,1184114,1184120,1184167,1184168,1184170,1184192,1184193,1184196,1184198,1184391,1184393,1184397,1184494,1184511,1184583
CVE References: CVE-2020-0433,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-29368,CVE-2020-29374,CVE-2020-35519,CVE-2020-36311,CVE-2021-20219,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.66.2
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.66.2, kernel-obs-build-4.12.14-122.66.2
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.66.2, kernel-source-4.12.14-122.66.2, kernel-syms-4.12.14-122.66.2
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.66.2, kgraft-patch-SLE12-SP5_Update_17-1-8.3.2
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.66.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2021-04-15 19:40:28 UTC

SUSE-SU-2021:1211-1: An update that solves 32 vulnerabilities and has 85 fixes is now available.

Category: security (important)
Bug References: 1047233,1065729,1113295,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1167773,1168777,1169514,1169709,1171295,1173485,1177326,1178163,1178181,1178330,1179454,1180197,1180980,1181383,1181507,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182712,1182713,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183405,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184074,1184120,1184167,1184168,1184170,1184176,1184192,1184193,1184194,1184196,1184198,1184211,1184217,1184218,1184219,1184220,1184224,1184388,1184391,1184393,1184509,1184511,1184512,1184514,1184583,1184647
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-33.1, kernel-rt_debug-5.3.18-33.1, kernel-source-rt-5.3.18-33.1, kernel-syms-rt-5.3.18-33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2021-04-16 13:29:08 UTC

SUSE-SU-2021:1238-1: An update that solves 33 vulnerabilities and has 86 fixes is now available.

Category: security (important)
Bug References: 1047233,1065729,1113295,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1167574,1167773,1168777,1169514,1169709,1171295,1173485,1175995,1177326,1178163,1178181,1178330,1179454,1180197,1180980,1181383,1181507,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183405,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184074,1184120,1184167,1184168,1184170,1184176,1184192,1184193,1184194,1184196,1184198,1184211,1184217,1184218,1184219,1184220,1184224,1184388,1184391,1184393,1184485,1184509,1184511,1184512,1184514,1184583,1184585,1184647
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.61.1, kernel-default-base-5.3.18-24.61.1.9.26.4
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.61.1, kernel-preempt-5.3.18-24.61.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.61.1, kernel-livepatch-SLE15-SP2_Update_12-1-5.3.4
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.61.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.61.1, kernel-obs-build-5.3.18-24.61.1, kernel-preempt-5.3.18-24.61.1, kernel-source-5.3.18-24.61.1, kernel-syms-5.3.18-24.61.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.61.1, kernel-default-base-5.3.18-24.61.1.9.26.4, kernel-preempt-5.3.18-24.61.1, kernel-source-5.3.18-24.61.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.61.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2021-04-16 16:32:36 UTC

SUSE-SU-2021:1248-1: An update that solves 9 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1065729,1113295,1178181,1181507,1183405,1183755,1184120,1184170,1184391,1184393,1184397,1184494,1184511,1184583
CVE References: CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-36311,CVE-2021-20219,CVE-2021-29154,CVE-2021-30002,CVE-2021-3483
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.53.1, kernel-source-azure-4.12.14-16.53.1, kernel-syms-azure-4.12.14-16.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2021-04-20 10:16:21 UTC

SUSE-SU-2021:1266-1: An update that solves 9 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1065729,1113295,1178181,1181507,1181674,1183405,1183662,1183755,1184114,1184120,1184170,1184391,1184393,1184397,1184494,1184511,1184583
CVE References: CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-36311,CVE-2021-20219,CVE-2021-29154,CVE-2021-30002,CVE-2021-3483
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.40.1, kernel-rt_debug-4.12.14-10.40.1, kernel-source-rt-4.12.14-10.40.1, kernel-syms-rt-4.12.14-10.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 39 Felix Niederwanger 2021-05-10 12:42:35 UTC

We're seeing multiple failures on 15-SP1, 12-SP5 test and 12-SP4 runs on various publiccloud images:

* 15-SP1 Azure: https://openqa.suse.de/tests/5980094#step/cve-2021-3444/1
* 15-SP1 Azure-gen2: https://openqa.suse.de/tests/5980101#step/cve-2021-3444/1
* 15-SP1 EC2: https://openqa.suse.de/tests/5980108#step/cve-2021-3444/1
* 15-SP1 GCE: https://openqa.suse.de/tests/5980115#step/cve-2021-3444/1

* 12-SP5 Azure: https://openqa.suse.de/tests/5980150#step/cve-2021-3444/1
* 12-SP5 Azure-gen2: https://openqa.suse.de/tests/5980157#step/cve-2021-3444/1

* 12-SP4 GCE: https://openqa.suse.de/tests/5980206#step/cve-2021-3444/1

Not all test runs are completed yet, but it appears that all 15-SP1, 12-SP5 and 12-SP4 images are affected.

Comment 40 Swamp Workflow Management 2021-05-12 13:34:43 UTC

SUSE-SU-2021:1572-1: An update that solves 6 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1043990,1046303,1047233,1055117,1056787,1065729,1087405,1097583,1097584,1097585,1097586,1097587,1097588,1101816,1103990,1104353,1109837,1111981,1114648,1118657,1118661,1151794,1152457,1175306,1178089,1180624,1180846,1181062,1181161,1182613,1182672,1183063,1183203,1183289,1184170,1184194,1184208,1184209,1184211,1184350,1184388,1184509,1184512,1184514,1184647,1184650,1184724,1184731,1184736,1184737,1184738,1184742,1184760,1184942,1184952,1184957,1184984,1185041,1185113,1185195,1185197,1185244,1185269,1185335,1185365,1185472,1185491,1185549
CVE References: CVE-2020-36310,CVE-2020-36312,CVE-2020-36322,CVE-2021-28950,CVE-2021-29155,CVE-2021-29650
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.56.1, kernel-source-azure-4.12.14-16.56.1, kernel-syms-azure-4.12.14-16.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 41 Swamp Workflow Management 2021-05-12 13:40:32 UTC

SUSE-SU-2021:1573-1: An update that solves 35 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1047233,1173485,1176720,1177411,1178181,1179454,1181032,1182672,1182715,1182716,1182717,1183022,1183063,1183069,1183509,1183593,1183646,1183686,1183696,1183775,1184120,1184167,1184168,1184170,1184192,1184193,1184194,1184196,1184198,1184208,1184211,1184388,1184391,1184393,1184397,1184509,1184511,1184512,1184514,1184583,1184650,1184942,1185113,1185244,1185248
CVE References: CVE-2020-0433,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20219,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.72.1, kernel-docs-4.12.14-150.72.2, kernel-obs-build-4.12.14-150.72.1, kernel-source-4.12.14-150.72.1, kernel-syms-4.12.14-150.72.1, kernel-vanilla-4.12.14-150.72.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.72.1, kernel-docs-4.12.14-150.72.2, kernel-obs-build-4.12.14-150.72.1, kernel-source-4.12.14-150.72.1, kernel-syms-4.12.14-150.72.1, kernel-vanilla-4.12.14-150.72.1, kernel-zfcpdump-4.12.14-150.72.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.72.1, kernel-livepatch-SLE15_Update_24-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.72.1, kernel-docs-4.12.14-150.72.2, kernel-obs-build-4.12.14-150.72.1, kernel-source-4.12.14-150.72.1, kernel-syms-4.12.14-150.72.1, kernel-vanilla-4.12.14-150.72.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.72.1, kernel-docs-4.12.14-150.72.2, kernel-obs-build-4.12.14-150.72.1, kernel-source-4.12.14-150.72.1, kernel-syms-4.12.14-150.72.1, kernel-vanilla-4.12.14-150.72.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.72.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 42 Martin Doucha 2021-05-13 14:07:53 UTC

SLE-12SP3 appears to be affected as well, please don't forget to apply the fixes there.
https://openqa.suse.de/tests/6011280#step/cve-2021-3444/8

Comment 43 Swamp Workflow Management 2021-05-13 16:20:09 UTC

SUSE-SU-2021:1595-1: An update that solves 7 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1043990,1046303,1047233,1055117,1056787,1065729,1087405,1097583,1097584,1097585,1097586,1097587,1097588,1101816,1103990,1104353,1109837,1111981,1114648,1118657,1118661,1151794,1152457,1175306,1178089,1180624,1180846,1181062,1181161,1182613,1182672,1183063,1183203,1183289,1183947,1184170,1184194,1184208,1184209,1184211,1184350,1184388,1184509,1184512,1184514,1184647,1184650,1184724,1184731,1184736,1184737,1184738,1184742,1184760,1184942,1184952,1184957,1184984,1185041,1185113,1185195,1185197,1185244,1185269,1185335,1185365,1185472,1185491,1185549
CVE References: CVE-2020-36310,CVE-2020-36312,CVE-2020-36322,CVE-2021-28950,CVE-2021-29155,CVE-2021-29650,CVE-2021-3444
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.71.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.71.1, kernel-obs-build-4.12.14-122.71.2
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.71.1, kernel-source-4.12.14-122.71.1, kernel-syms-4.12.14-122.71.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.71.1, kgraft-patch-SLE12-SP5_Update_18-1-8.5.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.71.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 44 Swamp Workflow Management 2021-05-13 16:27:15 UTC

SUSE-SU-2021:1596-1: An update that solves 35 vulnerabilities and has 23 fixes is now available.

Category: security (important)
Bug References: 1040855,1044767,1047233,1065729,1094840,1152457,1171078,1173485,1175873,1176700,1176720,1176855,1177411,1177753,1178181,1179454,1181032,1181960,1182194,1182672,1182715,1182716,1182717,1183022,1183063,1183069,1183509,1183593,1183646,1183686,1183696,1183738,1183775,1184120,1184167,1184168,1184170,1184192,1184193,1184194,1184196,1184198,1184208,1184211,1184388,1184391,1184393,1184397,1184509,1184511,1184512,1184514,1184583,1184650,1184942,1185113,1185244,1185248
CVE References: CVE-2020-0433,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20219,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.74.1, kernel-source-4.12.14-95.74.1, kernel-syms-4.12.14-95.74.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.74.1, kernel-source-4.12.14-95.74.1, kernel-syms-4.12.14-95.74.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.74.1, kernel-source-4.12.14-95.74.1, kernel-syms-4.12.14-95.74.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.74.1, kernel-source-4.12.14-95.74.1, kernel-syms-4.12.14-95.74.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.74.1, kgraft-patch-SLE12-SP4_Update_20-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.74.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 45 Gary Ching-Pang Lin 2021-05-14 01:46:33 UTC

(In reply to Martin Doucha from comment #42)
> SLE-12SP3 appears to be affected as well, please don't forget to apply the
> fixes there.
> https://openqa.suse.de/tests/6011280#step/cve-2021-3444/8

Thanks for the notification. Will check the status of SLE12-SP3.

Comment 46 Gary Ching-Pang Lin 2021-05-14 07:53:44 UTC

(In reply to Martin Doucha from comment #42)
> SLE-12SP3 appears to be affected as well, please don't forget to apply the
> fixes there.
> https://openqa.suse.de/tests/6011280#step/cve-2021-3444/8

Linux 4.4 didn't do the extra "fixup" after verification as the later kernel. It'd take a few more patches to fix 4.4 properly.

Comment 47 Swamp Workflow Management 2021-05-14 13:20:19 UTC

SUSE-SU-2021:1605-1: An update that solves 6 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1043990,1046303,1047233,1055117,1056787,1065729,1087405,1097583,1097584,1097585,1097586,1097587,1097588,1101816,1103990,1104353,1109837,1111981,1114648,1118657,1118661,1151794,1152457,1175306,1178089,1180624,1180846,1181062,1181161,1182613,1182672,1183063,1183203,1183289,1184170,1184194,1184208,1184209,1184211,1184350,1184388,1184509,1184512,1184514,1184647,1184650,1184724,1184731,1184736,1184737,1184738,1184742,1184760,1184942,1184952,1184957,1184984,1185041,1185113,1185195,1185197,1185244,1185269,1185335,1185365,1185472,1185491,1185549
CVE References: CVE-2020-36310,CVE-2020-36312,CVE-2020-36322,CVE-2021-28950,CVE-2021-29155,CVE-2021-29650
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.43.1, kernel-rt_debug-4.12.14-10.43.1, kernel-source-rt-4.12.14-10.43.1, kernel-syms-rt-4.12.14-10.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 48 Swamp Workflow Management 2021-05-18 16:18:19 UTC

SUSE-SU-2021:1624-1: An update that solves 35 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1047233,1172455,1173485,1176720,1177411,1178181,1179454,1180197,1181960,1182011,1182672,1182715,1182716,1182717,1183022,1183063,1183069,1183509,1183593,1183646,1183686,1183696,1183775,1184120,1184167,1184168,1184170,1184192,1184193,1184194,1184196,1184198,1184208,1184211,1184388,1184391,1184393,1184397,1184509,1184511,1184512,1184514,1184583,1184650,1184942,1185113,1185244
CVE References: CVE-2020-0433,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20219,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2, kernel-zfcpdump-4.12.14-197.89.2
SUSE Manager Retail Branch Server 4.0 (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE Manager Proxy 4.0 (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2, kernel-zfcpdump-4.12.14-197.89.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.89.2, kernel-livepatch-SLE15-SP1_Update_24-1-3.3.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.89.2
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 49 Swamp Workflow Management 2021-05-18 16:29:11 UTC

SUSE-SU-2021:1625-1: An update that solves 32 vulnerabilities and has 85 fixes is now available.

Category: security (important)
Bug References: 1047233,1065729,1113295,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1167773,1168777,1169514,1169709,1171295,1173485,1177326,1178163,1178181,1178330,1179454,1180197,1180980,1181383,1181507,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182712,1182713,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183405,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184074,1184120,1184167,1184168,1184170,1184176,1184192,1184193,1184194,1184196,1184198,1184211,1184217,1184218,1184219,1184220,1184224,1184388,1184391,1184393,1184509,1184511,1184512,1184514,1184583,1184647
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-5.3.18-8.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 50 Swamp Workflow Management 2021-05-22 10:30:25 UTC

openSUSE-SU-2021:0758-1: An update that solves 32 vulnerabilities and has 85 fixes is now available.

Category: security (important)
Bug References: 1047233,1065729,1113295,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1167773,1168777,1169514,1169709,1171295,1173485,1177326,1178163,1178181,1178330,1179454,1180197,1180980,1181383,1181507,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182712,1182713,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183405,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184074,1184120,1184167,1184168,1184170,1184176,1184192,1184193,1184194,1184196,1184198,1184211,1184217,1184218,1184219,1184220,1184224,1184388,1184391,1184393,1184509,1184511,1184512,1184514,1184583,1184647
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-rt-5.3.18-lp152.3.8.1, kernel-rt_debug-5.3.18-lp152.3.8.1, kernel-source-rt-5.3.18-lp152.3.8.1, kernel-syms-rt-5.3.18-lp152.3.8.1

Comment 54 Marcus Meissner 2021-06-04 08:52:46 UTC

gary, openqa sees this also a problem on SLES 12 SP3 LTSS actually.

(bpf_prog05 test  in ltp)

Comment 55 Gary Ching-Pang Lin 2021-06-04 09:41:07 UTC

(In reply to Marcus Meissner from comment #54)
> gary, openqa sees this also a problem on SLES 12 SP3 LTSS actually.
> 
> (bpf_prog05 test  in ltp)

The SLE12-SP3 kernel lacks a series of fixup_bpf_calls() patches to apply the fix properly and I'm still evaluating them and see how to minimize the patches to backport. On the other hand, the pointer arithmetic is forbidden for unprivileged users in kernel 4.4, so the damage is limited.

Comment 58 Swamp Workflow Management 2021-06-15 16:38:47 UTC

SUSE-SU-2021:1975-1: An update that solves 52 vulnerabilities and has 250 fixes is now available.

Category: security (important)
Bug References: 1043990,1047233,1055117,1065729,1087082,1113295,1133021,1152457,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1164648,1167260,1167574,1167773,1168777,1168838,1169709,1171295,1173485,1174416,1174426,1175995,1176447,1176774,1177028,1177326,1177411,1177437,1177666,1178089,1178134,1178163,1178181,1178330,1178378,1178418,1178612,1179243,1179454,1179458,1179519,1179825,1179827,1179851,1180100,1180197,1180814,1180846,1180980,1181104,1181161,1181383,1181507,1181674,1181862,1182077,1182257,1182377,1182378,1182552,1182574,1182591,1182613,1182712,1182713,1182715,1182716,1182717,1182999,1183022,1183048,1183069,1183077,1183095,1183120,1183203,1183249,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183289,1183310,1183311,1183312,1183313,1183314,1183315,1183316,1183317,1183318,1183319,1183320,1183321,1183322,1183323,1183324,1183325,1183326,1183346,1183366,1183369,1183386,1183405,1183412,1183427,1183428,1183445,1183447,1183491,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183658,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183815,1183843,1183859,1183868,1183871,1183873,1183932,1183947,1183976,1184074,1184081,1184082,1184120,1184167,1184168,1184170,1184171,1184176,1184192,1184193,1184194,1184196,1184197,1184198,1184199,1184208,1184209,1184211,1184217,1184218,1184219,1184220,1184224,1184259,1184264,1184386,1184388,1184391,1184393,1184436,1184485,1184509,1184511,1184512,1184514,1184583,1184585,1184611,1184615,1184650,1184710,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184769,1184811,1184855,1184893,1184934,1184942,1184943,1184952,1184953,1184955,1184957,1184969,1184984,1185010,1185041,1185110,1185113,1185233,1185269,1185365,1185428,1185454,1185472,1185491,1185495,1185497,1185549,1185550,1185558,1185573,1185581,1185586,1185587,1185589,1185606,1185640,1185641,1185642,1185645,1185670,1185677,1185680,1185703,1185725,1185736,1185758,1185796,1185840,1185857,1185859,1185860,1185861,1185862,1185863,1185898,1185899,1185911,1185938,1185950,1185954,1185980,1185982,1185987,1185988,1186009,1186060,1186061,1186062,1186111,1186118,1186219,1186285,1186320,1186349,1186352,1186353,1186354,1186355,1186356,1186357,1186390,1186401,1186408,1186416,1186439,1186441,1186451,1186460,1186467,1186479,1186484,1186498,1186501,1186512,1186573,1186681
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20268,CVE-2021-23134,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28952,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483,CVE-2021-3489,CVE-2021-3490,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.3.1, kernel-source-azure-5.3.18-38.3.1, kernel-syms-azure-5.3.18-38.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 59 Swamp Workflow Management 2021-06-15 17:20:30 UTC

SUSE-SU-2021:1977-1: An update that solves 52 vulnerabilities and has 187 fixes is now available.

Category: security (important)
Bug References: 1055117,1065729,1087082,1113295,1133021,1152457,1152472,1152489,1153274,1154353,1155518,1156395,1160634,1164648,1167260,1167574,1167773,1168777,1168838,1169709,1171295,1173485,1174416,1174426,1175995,1176447,1176774,1177028,1177326,1177666,1178089,1178134,1178163,1178330,1178378,1178418,1179243,1179519,1179825,1179827,1179851,1180197,1180814,1180846,1181104,1181383,1181507,1181674,1181862,1182077,1182257,1182377,1182552,1182574,1182613,1182712,1182715,1182717,1182999,1183022,1183069,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183289,1183310,1183311,1183312,1183313,1183314,1183315,1183316,1183317,1183318,1183319,1183320,1183321,1183322,1183323,1183324,1183326,1183346,1183366,1183369,1183386,1183405,1183412,1183427,1183428,1183445,1183447,1183491,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183658,1183662,1183686,1183692,1183750,1183757,1183775,1183815,1183868,1183871,1183873,1183947,1183976,1184074,1184081,1184082,1184120,1184167,1184168,1184170,1184171,1184192,1184193,1184194,1184196,1184197,1184198,1184199,1184208,1184209,1184211,1184217,1184218,1184219,1184220,1184224,1184264,1184386,1184388,1184391,1184393,1184436,1184485,1184514,1184585,1184611,1184615,1184650,1184710,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184769,1184811,1184855,1184934,1184942,1184943,1184955,1184969,1184984,1185010,1185113,1185233,1185269,1185428,1185491,1185495,1185549,1185550,1185558,1185573,1185581,1185586,1185587,1185606,1185640,1185641,1185642,1185645,1185670,1185680,1185703,1185725,1185736,1185758,1185796,1185840,1185857,1185898,1185899,1185911,1185938,1185950,1185980,1185988,1186009,1186061,1186111,1186118,1186219,1186285,1186320,1186349,1186352,1186353,1186354,1186355,1186356,1186357,1186401,1186408,1186439,1186441,1186479,1186484,1186498,1186501,1186512,1186681
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20268,CVE-2021-23134,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28952,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483,CVE-2021-3489,CVE-2021-3490,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.5.2, kernel-preempt-5.3.18-59.5.2
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.5.2, kernel-livepatch-SLE15-SP3_Update_1-1-7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.5.2
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.5.2, kernel-obs-build-5.3.18-59.5.1, kernel-preempt-5.3.18-59.5.2, kernel-source-5.3.18-59.5.2, kernel-syms-5.3.18-59.5.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.5.2, kernel-default-5.3.18-59.5.2, kernel-default-base-5.3.18-59.5.2.18.2.2, kernel-preempt-5.3.18-59.5.2, kernel-source-5.3.18-59.5.2, kernel-zfcpdump-5.3.18-59.5.2
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.5.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 60 openQA Review 2021-07-06 14:23:38 UTC

This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve
https://openqa.suse.de/tests/6351023

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The label in the openQA scenario is removed

Comment 61 Swamp Workflow Management 2021-07-11 16:42:07 UTC

openSUSE-SU-2021:1975-1: An update that solves 52 vulnerabilities and has 250 fixes is now available.

Category: security (important)
Bug References: 1043990,1047233,1055117,1065729,1087082,1113295,1133021,1152457,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1164648,1167260,1167574,1167773,1168777,1168838,1169709,1171295,1173485,1174416,1174426,1175995,1176447,1176774,1177028,1177326,1177411,1177437,1177666,1178089,1178134,1178163,1178181,1178330,1178378,1178418,1178612,1179243,1179454,1179458,1179519,1179825,1179827,1179851,1180100,1180197,1180814,1180846,1180980,1181104,1181161,1181383,1181507,1181674,1181862,1182077,1182257,1182377,1182378,1182552,1182574,1182591,1182613,1182712,1182713,1182715,1182716,1182717,1182999,1183022,1183048,1183069,1183077,1183095,1183120,1183203,1183249,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183289,1183310,1183311,1183312,1183313,1183314,1183315,1183316,1183317,1183318,1183319,1183320,1183321,1183322,1183323,1183324,1183325,1183326,1183346,1183366,1183369,1183386,1183405,1183412,1183427,1183428,1183445,1183447,1183491,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183658,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183815,1183843,1183859,1183868,1183871,1183873,1183932,1183947,1183976,1184074,1184081,1184082,1184120,1184167,1184168,1184170,1184171,1184176,1184192,1184193,1184194,1184196,1184197,1184198,1184199,1184208,1184209,1184211,1184217,1184218,1184219,1184220,1184224,1184259,1184264,1184386,1184388,1184391,1184393,1184436,1184485,1184509,1184511,1184512,1184514,1184583,1184585,1184611,1184615,1184650,1184710,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184769,1184811,1184855,1184893,1184934,1184942,1184943,1184952,1184953,1184955,1184957,1184969,1184984,1185010,1185041,1185110,1185113,1185233,1185269,1185365,1185428,1185454,1185472,1185491,1185495,1185497,1185549,1185550,1185558,1185573,1185581,1185586,1185587,1185589,1185606,1185640,1185641,1185642,1185645,1185670,1185677,1185680,1185703,1185725,1185736,1185758,1185796,1185840,1185857,1185859,1185860,1185861,1185862,1185863,1185898,1185899,1185911,1185938,1185950,1185954,1185980,1185982,1185987,1185988,1186009,1186060,1186061,1186062,1186111,1186118,1186219,1186285,1186320,1186349,1186352,1186353,1186354,1186355,1186356,1186357,1186390,1186401,1186408,1186416,1186439,1186441,1186451,1186460,1186467,1186479,1186484,1186498,1186501,1186512,1186573,1186681
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20268,CVE-2021-23134,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28952,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483,CVE-2021-3489,CVE-2021-3490,CVE-2021-3491
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.3.1, kernel-source-azure-5.3.18-38.3.1, kernel-syms-azure-5.3.18-38.3.1

Comment 62 Swamp Workflow Management 2021-07-11 17:26:02 UTC

openSUSE-SU-2021:1977-1: An update that solves 52 vulnerabilities and has 187 fixes is now available.

Category: security (important)
Bug References: 1055117,1065729,1087082,1113295,1133021,1152457,1152472,1152489,1153274,1154353,1155518,1156395,1160634,1164648,1167260,1167574,1167773,1168777,1168838,1169709,1171295,1173485,1174416,1174426,1175995,1176447,1176774,1177028,1177326,1177666,1178089,1178134,1178163,1178330,1178378,1178418,1179243,1179519,1179825,1179827,1179851,1180197,1180814,1180846,1181104,1181383,1181507,1181674,1181862,1182077,1182257,1182377,1182552,1182574,1182613,1182712,1182715,1182717,1182999,1183022,1183069,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183289,1183310,1183311,1183312,1183313,1183314,1183315,1183316,1183317,1183318,1183319,1183320,1183321,1183322,1183323,1183324,1183326,1183346,1183366,1183369,1183386,1183405,1183412,1183427,1183428,1183445,1183447,1183491,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183658,1183662,1183686,1183692,1183750,1183757,1183775,1183815,1183868,1183871,1183873,1183947,1183976,1184074,1184081,1184082,1184120,1184167,1184168,1184170,1184171,1184192,1184193,1184194,1184196,1184197,1184198,1184199,1184208,1184209,1184211,1184217,1184218,1184219,1184220,1184224,1184264,1184386,1184388,1184391,1184393,1184436,1184485,1184514,1184585,1184611,1184615,1184650,1184710,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184769,1184811,1184855,1184934,1184942,1184943,1184955,1184969,1184984,1185010,1185113,1185233,1185269,1185428,1185491,1185495,1185549,1185550,1185558,1185573,1185581,1185586,1185587,1185606,1185640,1185641,1185642,1185645,1185670,1185680,1185703,1185725,1185736,1185758,1185796,1185840,1185857,1185898,1185899,1185911,1185938,1185950,1185980,1185988,1186009,1186061,1186111,1186118,1186219,1186285,1186320,1186349,1186352,1186353,1186354,1186355,1186356,1186357,1186401,1186408,1186439,1186441,1186479,1186484,1186498,1186501,1186512,1186681
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20268,CVE-2021-23134,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28952,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483,CVE-2021-3489,CVE-2021-3490,CVE-2021-3491
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-64kb-5.3.18-59.5.2, kernel-debug-5.3.18-59.5.2, kernel-default-5.3.18-59.5.2, kernel-default-base-5.3.18-59.5.2.18.2.2, kernel-docs-5.3.18-59.5.2, kernel-kvmsmall-5.3.18-59.5.2, kernel-obs-build-5.3.18-59.5.1, kernel-obs-qa-5.3.18-59.5.1, kernel-preempt-5.3.18-59.5.2, kernel-source-5.3.18-59.5.2, kernel-syms-5.3.18-59.5.1, kernel-zfcpdump-5.3.18-59.5.2

Comment 63 openQA Review 2021-07-26 16:33:39 UTC

This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve
https://openqa.suse.de/tests/6470709

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The label in the openQA scenario is removed

Comment 64 openQA Review 2021-08-12 09:55:06 UTC

This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve
https://openqa.suse.de/tests/6470709

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The label in the openQA scenario is removed

Comment 67 openQA Review 2021-08-27 01:24:16 UTC

This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve
https://openqa.suse.de/tests/6470709

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The label in the openQA scenario is removed

Comment 68 openQA Review 2021-09-10 01:58:49 UTC

This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve
https://openqa.suse.de/tests/6470709

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The label in the openQA scenario is removed

Comment 69 openQA Review 2021-09-24 02:21:29 UTC

This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve
https://openqa.suse.de/tests/6470709

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`

Comment 72 Borislav Petkov 2021-09-24 16:58:09 UTC

Can we disable false positive notifications too pls?

Comment 73 openQA Review 2021-10-09 00:53:42 UTC

This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve
https://openqa.suse.de/tests/6470709

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`