Bugzilla – Bug 1184675
VUL-0: CVE-2021-23133: kernel-source: sctp_destroy_sock list_del race condition
Last modified: 2022-06-22 00:56:16 UTC
The fix has been submitted to netdev mailing list: https://patchwork.kernel.org/project/netdevbpf/patch/20210413181031.27557-1-orcohen@paloaltonetworks.com/
In net tree now as commit b166a20b0738 ("net/sctp: fix race condition in sctp_destroy_sock") It should appear in mainline with the same commit id soon.
oss-security: Hello, This is an announcement about CVE-2021-23133 which is a race-condition I found in Linux kernel sctp sockets (net/sctp/socket.c). It can lead to kernel privilege escalation from the context of a network service or from an unprivileged process if certain conditions are met. The bug was fixed on April 13, 2021: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b =*=*=*=*=*=*=*=*= VULNERABILITY DETAILS - sctp_destroy_sock list_del race condition =*=*=*=*=*=*=*=*= All of the code figures below are from kernel version 5.11 The netns_sctp struct contains sctp related information per network namespace, one if it's fields is the auto_asconf_splist list. As the list can be accessed from multiple threads, every access to the list should be protected by the addr_wq_lock spinlock. (include/net/netns/sctp.h - netns_sctp structure) ... struct list_head addr_waitq; struct timer_list addr_wq_timer; struct list_head auto_asconf_splist; /* Lock that protects both addr_waitq and auto_asconf_splist */ spinlock_t addr_wq_lock; ... The sctp_sock struct contains the auto_asconf_list field which is used in order to add elements to the auto_asconf_splist. (include/net/sctp/struct.h - sctp_sock structure) ... struct list_head auto_asconf_list; ... When creating a sctp socket, the sctp_init_sock method is called, after setting up and initializing the sock structure, the following code is executed in the end of the function: (net/sctp/socket.c - sctp_init_sock function) ... if (net->sctp.default_auto_asconf) { spin_lock(&sock_net(sk)->sctp.addr_wq_lock); list_add_tail(&sp->auto_asconf_list, &net->sctp.auto_asconf_splist); sp->do_auto_asconf = 1; spin_unlock(&sock_net(sk)->sctp.addr_wq_lock); } ... net->sctp.default_auto_asconf can be set to true via writing to the proc variable "/proc/sys/net/sctp/default_auto_asconf", which is per network namespace. If this variable is set, the socket will be added to the per network namespace auto_asconf_list and do_auto_asconf will be set to 1 in the socket. The bug lies in the sctp_destroy_sock function, this function assumes that when it's called, the addr_wq_lock is held, so it allows itself to run the following code without any additional locking mechanism: ... if (sp->do_auto_asconf) { sp->do_auto_asconf = 0; list_del(&sp->auto_asconf_list); } ... However, there are 2 places in kernel code where sk_common_release (which calls sctp_destroy_sock) is called without taking the lock: 1. In sctp_accept, if the sctp_sock_migrate function fails. 2. In inet_create or inet6_create, if there is a bpf program attached to BPF_CGROUP_INET_SOCK_CREATE which denies creation of the sctp socket. =*=*=*=*=*=*=*=*= TRIGGERING THE VULNERABILITY =*=*=*=*=*=*=*=*= I wrote a poc (stcp_race_priv_user.c) which triggers the vulnerability via technique (2), the poc simply attaches BPF_CGROUP_SOCK program to BPF_CGROUP_INET_SOCK_CREATE which denies creation of any socket, and then runs 2 threads that each one of them creates sctp sockets in a loop. The race is then triggered and list_add corruption is detected in sctp_init_sock. When running with CONFIG_DEBUG_LIST the kernel is crashing immediately: The call stack is as follows: ... [ 69.693724] list_add corruption. prev->next should be next (ffffffff829fa980), but was dead000000000100. (prev=ffff8881079b8538). [ 69.694693] WARNING: CPU: 12 PID: 409 at lib/list_debug.c:28 __list_add_valid+0x4d/0x70 [ 69.695345] Modules linked in: [ 69.695601] CPU: 12 PID: 409 Comm: test_sctp_race Not tainted 5.11.0 #74 [ 69.696167] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 69.696949] RIP: 0010:__list_add_valid+0x4d/0x70 [ 69.697336] Code: c3 48 89 c1 48 c7 c7 10 97 59 82 e8 4d 4f c1 ff 0f 0b 31 c0 c3 48 89 d1 48 c7 c7 60 97 59 82 48 89 f2 48 89 c6 e8 33 4f c1 ff <0f> 0b 31 c0 c3 48 89 fe 48 89 c1 48 c7 c7 b0 97 59 82 e8 1c 4f c1 [ 69.698864] RSP: 0018:ffffc90000647e48 EFLAGS: 00010282 [ 69.699300] RAX: 0000000000000000 RBX: ffff8881079a8000 RCX: 0000000000000000 [ 69.699903] RDX: ffff88842fd27860 RSI: ffff88842fd17a50 RDI: ffff88842fd17a50 [ 69.700487] RBP: ffffffff829fa000 R08: 0000000000000003 R09: 0000000000000001 [ 69.701086] R10: ffff888100c83a60 R11: ffffc90000647c58 R12: ffff8881079b8538 [ 69.701688] R13: ffff8881079a8538 R14: ffffffff829fa980 R15: 0000000000000084 [ 69.702273] FS: 00007f2fb82c7b40(0000) GS:ffff88842fd00000(0000) knlGS:0000000000000000 [ 69.702950] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.703426] CR2: 00007f2fb76bcff8 CR3: 0000000107960004 CR4: 00000000003706e0 [ 69.704019] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.704601] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.705200] Call Trace: [ 69.705414] sctp_init_sock+0x339/0x380 [ 69.705759] inet_create+0x1ac/0x350 [ 69.706054] __sock_create+0xfd/0x200 [ 69.706365] __sys_socket+0x55/0xd0 [ 69.706674] ? exit_to_user_mode_prepare+0x2f/0x120 [ 69.707079] __x64_sys_socket+0x11/0x20 [ 69.707398] do_syscall_64+0x33/0x40 [ 69.707715] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.708139] RIP: 0033:0x7f2fb77a7f17 ... This specific poc (stcp_race_priv_user.c) requires CAP_BPF and CAP_NET_ADMIN capabilities in order to attach the bpf program, according to https://lwn.net/Articles/820560/, this is still considered a security boundary. =*=*=*=*=*=*=*=*= TRIGGERING FROM UNPRIVILEGED USER =*=*=*=*=*=*=*=*= However, if a BPF_CGROUP_INET_SOCK_CREATE program is already attached, such that an unprivileged user can fail a creation of some sctp socket, then the vulnerability can be triggered by an unprivileged user if unprivileged user namespaces are enabled, by creating a new user and network namespace, setting "/proc/sys/net/sctp/default_auto_asconf" in the new network namespace and then racing between the 2 threads. This can be demonstrated by the following files: 1. load_bpf_prog.c - Which loads the BPF_CGROUP_INET_SOCK_CREATE, and should be run from a privileged process. 2. stcp_race_unpriv_user.c - Which can be run from a regular, unprivileged user. I haven't checked, but there are probably network security tools which attaches bpf program to BPF_CGROUP_INET_SOCK_CREATE. Regarding triggering via technique (2), which is failing sctp_sock_migrate in sctp_accept, I've tried many tricks in order to fail sctp_sock_migrate but eventually this requires failing some kmalloc or crypto calls, which I couldn't fail in a modern Ubuntu with almost the latest kernel. However, it may be possible to do that in older kernel versions, or with some other trick which I am not aware about, or if sctp_accept or sctp_sock_migrate changes in the future. Note that by triggering via this technique, the vulnerability can be triggered from an unprivileged user without the BPF_CGROUP_INET_SOCK_CREATE program attached. =*=*=*=*=*=*=*=*= TIMELINE =*=*=*=*=*=*=*=*= 2021-04-08: Bug reported to security () kernel org and linux-distros () vs openwall org 2021-04-13: Patch submitted to netdev 2021-04-17: Patch committed to mainline kernel 2021-04-18: Public announcement =*=*=*=*=*=*=*=*= CREDIT =*=*=*=*=*=*=*=*= Or Cohen Palo Alto Networks
b166a20b0738: > Fixes: 610236587600 ("bpf: Add new cgroup attach type to enable sock modifications") commit 610236587600 part of v4.10, tracking SLE12-SP4 and newer as affected
On Sun, Apr 18, 2021 at 11:41:06AM +0300, Or Cohen wrote: > Hello, > > This is an announcement about CVE-2021-23133 which is a race-condition > I found in Linux kernel sctp sockets (net/sctp/socket.c). It can lead to kernel > privilege escalation from the context of a network service or from > an unprivileged process if certain conditions are met. > > The bug was fixed on April 13, 2021: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b It looks that additionally https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f refer to CVE-2021-23133. Are both commits necessary? Regards, Salvatore
From: Alex Murray <alex.murray@canonical.com> On Mon, 2021-05-10 at 13:54:43 +0930, Salvatore Bonaccorso wrote: > Hi, > > On Sun, Apr 18, 2021 at 11:41:06AM +0300, Or Cohen wrote: > > Hello, > > > > This is an announcement about CVE-2021-23133 which is a race-condition > > I found in Linux kernel sctp sockets (net/sctp/socket.c). It can lead > > to kernel > > privilege escalation from the context of a network service or from > > an unprivileged process if certain conditions are met. > > > > The bug was fixed on April 13, 2021: > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b > > It looks that additionally > https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f > refer to CVE-2021-23133. It seems b166a20b07382b8bc1dcee2a448715c9c2c81b5b got reverted in the follow-up commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/sctp/socket.c?id=01bfe5e8e428b475982a98a46cca5755726f3f7f and so 34e5b01186858b36c4d7c87e1a025071e8e2401f would appear to be the most correct fix from what I can tell.
Hi Alex, On Mon, May 10, 2021 at 03:28:02PM +0930, Alex Murray wrote: > > On Mon, 2021-05-10 at 13:54:43 +0930, Salvatore Bonaccorso wrote: > > > Hi, > > > > On Sun, Apr 18, 2021 at 11:41:06AM +0300, Or Cohen wrote: > > > Hello, > > > > > > This is an announcement about CVE-2021-23133 which is a race-condition > > > I found in Linux kernel sctp sockets (net/sctp/socket.c). It can > > > lead to kernel > > > privilege escalation from the context of a network service or from > > > an unprivileged process if certain conditions are met. > > > > > > The bug was fixed on April 13, 2021: > > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b > > > > It looks that additionally > > https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f > > refer to CVE-2021-23133. > > It seems b166a20b07382b8bc1dcee2a448715c9c2c81b5b got reverted in the > follow-up commit > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/sctp/socket.c?id=01bfe5e8e428b475982a98a46cca5755726f3f7f > and so 34e5b01186858b36c4d7c87e1a025071e8e2401f would appear to be the > most correct fix from what I can tell. Ah right, I missed the revert of the original commit. Thanks for pointing that to me. Regards, Salvatore
can you check if the state is good, as the b6 commit seem to have been reverted?
We did not have either of the three commits in any of our branches. The issue was introduced in 4.10-rc1 by commit 610236587600 ("bpf: Add new cgroup attach type to enable sock modifications") which was not backported into any older branch so that only 4.12 and 5.3 based branches and stable are affected. Submitted 34e5b0118685 to SLE15-SP2 and cve/linux-4.12 together with blacklist entry for b166a20b0738 (so that git-fixes script does not suggest it) and both 01bfe5e8e428 and 34e5b0118685 into stable (b166a20b0738 is in 5.12 but the other two are mainline 5.13-rc1). Reassigning back to security team.
SUSE-SU-2021:1891-1: An update that solves 12 vulnerabilities and has 15 fixes is now available. Category: security (important) Bug References: 1176081,1180846,1183947,1184611,1184675,1185642,1185677,1185680,1185724,1185859,1185860,1185862,1185863,1185898,1185899,1185901,1185938,1185950,1185987,1186060,1186061,1186062,1186111,1186285,1186390,1186484,1186498 CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): kernel-default-4.12.14-95.77.1, kernel-source-4.12.14-95.77.1, kernel-syms-4.12.14-95.77.1 SUSE OpenStack Cloud 9 (src): kernel-default-4.12.14-95.77.1, kernel-source-4.12.14-95.77.1, kernel-syms-4.12.14-95.77.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): kernel-default-4.12.14-95.77.1, kernel-source-4.12.14-95.77.1, kernel-syms-4.12.14-95.77.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): kernel-default-4.12.14-95.77.1, kernel-source-4.12.14-95.77.1, kernel-syms-4.12.14-95.77.1 SUSE Linux Enterprise Live Patching 12-SP4 (src): kernel-default-4.12.14-95.77.1, kgraft-patch-SLE12-SP4_Update_21-1-6.3.1 SUSE Linux Enterprise High Availability 12-SP4 (src): kernel-default-4.12.14-95.77.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1887-1: An update that solves 12 vulnerabilities and has 38 fixes is now available. Category: security (important) Bug References: 1064802,1066129,1087082,1101816,1103992,1104427,1104745,1109837,1112374,1113431,1126390,1133021,1152457,1174682,1176081,1177666,1180552,1181383,1182256,1183738,1183754,1183947,1184040,1184081,1184082,1184611,1184675,1184855,1185428,1185481,1185642,1185680,1185703,1185724,1185758,1185859,1185860,1185863,1185898,1185899,1185906,1185938,1186060,1186062,1186285,1186416,1186439,1186441,1186460,1186484 CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): kernel-azure-4.12.14-16.59.1, kernel-source-azure-4.12.14-16.59.1, kernel-syms-azure-4.12.14-16.59.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1913-1: An update that solves 12 vulnerabilities and has 52 fixes is now available. Category: security (important) Bug References: 1064802,1066129,1087082,1101816,1103992,1104353,1104427,1104745,1109837,1112374,1113431,1126390,1133021,1152457,1174682,1176081,1177666,1180552,1181383,1182256,1183738,1183754,1183947,1184040,1184081,1184082,1184611,1184675,1184855,1185428,1185481,1185642,1185677,1185680,1185703,1185724,1185758,1185827,1185859,1185860,1185862,1185863,1185898,1185899,1185901,1185906,1185938,1185950,1185987,1186060,1186061,1186062,1186111,1186285,1186390,1186416,1186439,1186441,1186452,1186460,1186484,1186487,1186498,1186573 CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): kernel-default-4.12.14-122.74.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): kernel-docs-4.12.14-122.74.2, kernel-obs-build-4.12.14-122.74.1 SUSE Linux Enterprise Server 12-SP5 (src): kernel-default-4.12.14-122.74.1, kernel-source-4.12.14-122.74.1, kernel-syms-4.12.14-122.74.1 SUSE Linux Enterprise Live Patching 12-SP5 (src): kernel-default-4.12.14-122.74.1, kgraft-patch-SLE12-SP5_Update_19-1-8.3.1 SUSE Linux Enterprise High Availability 12-SP5 (src): kernel-default-4.12.14-122.74.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1912-1: An update that solves 12 vulnerabilities and has 15 fixes is now available. Category: security (important) Bug References: 1181161,1183405,1183738,1183947,1184611,1184675,1185642,1185680,1185725,1185859,1185860,1185862,1185863,1185898,1185899,1185901,1185938,1185950,1185987,1186060,1186061,1186062,1186111,1186285,1186390,1186484,1186498 CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491 JIRA References: Sources used: SUSE Manager Server 4.0 (src): kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1, kernel-zfcpdump-4.12.14-197.92.1 SUSE Manager Retail Branch Server 4.0 (src): kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1 SUSE Manager Proxy 4.0 (src): kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1, kernel-zfcpdump-4.12.14-197.92.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1 SUSE Linux Enterprise Module for Live Patching 15-SP1 (src): kernel-default-4.12.14-197.92.1, kernel-livepatch-SLE15-SP1_Update_25-1-3.3.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1 SUSE Linux Enterprise High Availability 15-SP1 (src): kernel-default-4.12.14-197.92.1 SUSE Enterprise Storage 6 (src): kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1 SUSE CaaS Platform 4.0 (src): kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2421-1: An update that solves 24 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1176081,1179610,1183738,1184611,1184675,1185642,1185725,1185859,1185860,1185861,1185862,1185898,1185987,1186060,1186062,1186111,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116 CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3491,CVE-2021-3609 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1 SUSE Linux Enterprise Server 15-LTSS (src): kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1, kernel-zfcpdump-4.12.14-150.75.1 SUSE Linux Enterprise Module for Live Patching 15 (src): kernel-default-4.12.14-150.75.1, kernel-livepatch-SLE15_Update_25-1-1.3.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1 SUSE Linux Enterprise High Availability 15 (src): kernel-default-4.12.14-150.75.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
released