Bug 1186060 - (CVE-2021-23134) VUL-0: CVE-2021-23134: kernel-source-rt,kernel-source-azure,kernel-source: kernel: use-after-free in nfc sockets
(CVE-2021-23134)
VUL-0: CVE-2021-23134: kernel-source-rt,kernel-source-azure,kernel-source: ke...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/283962/
CVSSv3.1:SUSE:CVE-2021-23134:7.8:(AV:...
:
Depends on:
Blocks: 1186061
  Show dependency treegraph
 
Reported: 2021-05-14 13:01 UTC by Marcus Meissner
Modified: 2022-07-21 19:52 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2021-05-14 13:01:20 UTC
An use-after-free was found in the Linux kernel in the implementation of nfc sockets (in net/nfc/llcp_sock.c). This can lead to kernel privilege escalation from the context of an unprivileged user.

Reference:
https://www.openwall.com/lists/oss-security/2021/05/11/4

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d


http://seclists.org/oss-sec/2021/q2/118
https://www.openwall.com/lists/oss-security/2021/05/11/4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d
Comment 1 Marcus Meissner 2021-05-14 13:05:02 UTC
seems 5.12 only?
Comment 2 Takashi Iwai 2021-05-14 13:49:38 UTC
This looks like a regression by the fixes in CVE-2020-25670 CVE-2020-25671 bsc#1178181.  So all relevant branches are affected.
Comment 3 Takashi Iwai 2021-05-14 13:55:39 UTC
Backported to SLE15-SP2, cve/linux-4.12, cve/linux-4.4 and cve/linux-3.12 branches.  Older branches are unaffected.

Reassigned back to security team.
Comment 8 OBSbugzilla Bot 2021-06-02 06:11:37 UTC
This is an autogenerated message for OBS integration:
This bug (1186060) was mentioned in
https://build.opensuse.org/request/show/896793 15.2 / kernel-source
Comment 18 Swamp Workflow Management 2021-06-08 16:20:41 UTC
SUSE-SU-2021:1891-1: An update that solves 12 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1176081,1180846,1183947,1184611,1184675,1185642,1185677,1185680,1185724,1185859,1185860,1185862,1185863,1185898,1185899,1185901,1185938,1185950,1185987,1186060,1186061,1186062,1186111,1186285,1186390,1186484,1186498
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.77.1, kernel-source-4.12.14-95.77.1, kernel-syms-4.12.14-95.77.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.77.1, kernel-source-4.12.14-95.77.1, kernel-syms-4.12.14-95.77.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.77.1, kernel-source-4.12.14-95.77.1, kernel-syms-4.12.14-95.77.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.77.1, kernel-source-4.12.14-95.77.1, kernel-syms-4.12.14-95.77.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.77.1, kgraft-patch-SLE12-SP4_Update_21-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.77.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2021-06-08 16:30:13 UTC
SUSE-SU-2021:1890-1: An update that solves 12 vulnerabilities and has 60 fixes is now available.

Category: security (important)
Bug References: 1087082,1133021,1152457,1152489,1155518,1156395,1164648,1177666,1178378,1178418,1178612,1179519,1179825,1179827,1179851,1182257,1182378,1182999,1183346,1183868,1183873,1183932,1183947,1183976,1184081,1184082,1184259,1184611,1184855,1185428,1185495,1185497,1185589,1185606,1185642,1185645,1185677,1185680,1185703,1185725,1185758,1185859,1185860,1185861,1185862,1185863,1185898,1185899,1185911,1185938,1185950,1185982,1185987,1185988,1186060,1186061,1186062,1186111,1186285,1186320,1186390,1186416,1186439,1186441,1186451,1186460,1186479,1186484,1186498,1186501,1186573,1186681
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.67.3, kernel-default-base-5.3.18-24.67.3.9.30.2
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.67.3, kernel-preempt-5.3.18-24.67.4
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.67.3, kernel-livepatch-SLE15-SP2_Update_14-1-5.3.2
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.67.3
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.67.3, kernel-obs-build-5.3.18-24.67.2, kernel-preempt-5.3.18-24.67.4, kernel-source-5.3.18-24.67.2, kernel-syms-5.3.18-24.67.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.67.3, kernel-default-base-5.3.18-24.67.3.9.30.2, kernel-preempt-5.3.18-24.67.4, kernel-source-5.3.18-24.67.2
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.67.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Swamp Workflow Management 2021-06-08 17:01:14 UTC
SUSE-SU-2021:1887-1: An update that solves 12 vulnerabilities and has 38 fixes is now available.

Category: security (important)
Bug References: 1064802,1066129,1087082,1101816,1103992,1104427,1104745,1109837,1112374,1113431,1126390,1133021,1152457,1174682,1176081,1177666,1180552,1181383,1182256,1183738,1183754,1183947,1184040,1184081,1184082,1184611,1184675,1184855,1185428,1185481,1185642,1185680,1185703,1185724,1185758,1185859,1185860,1185863,1185898,1185899,1185906,1185938,1186060,1186062,1186285,1186416,1186439,1186441,1186460,1186484
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.59.1, kernel-source-azure-4.12.14-16.59.1, kernel-syms-azure-4.12.14-16.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2021-06-08 22:28:23 UTC
SUSE-SU-2021:1899-1: An update that solves 12 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1064802,1066129,1087082,1101816,1103992,1104353,1104427,1104745,1109837,1113431,1126390,1133021,1152457,1174682,1176081,1177666,1180552,1181383,1182256,1183738,1183947,1184081,1184082,1184611,1184855,1185428,1185481,1185680,1185703,1185724,1185758,1185827,1185901,1185906,1185938,1186060,1186111,1186390,1186416,1186439,1186441,1186452,1186460,1186498
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.46.1, kernel-rt_debug-4.12.14-10.46.1, kernel-source-rt-4.12.14-10.46.1, kernel-syms-rt-4.12.14-10.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2021-06-09 16:36:23 UTC
SUSE-SU-2021:1913-1: An update that solves 12 vulnerabilities and has 52 fixes is now available.

Category: security (important)
Bug References: 1064802,1066129,1087082,1101816,1103992,1104353,1104427,1104745,1109837,1112374,1113431,1126390,1133021,1152457,1174682,1176081,1177666,1180552,1181383,1182256,1183738,1183754,1183947,1184040,1184081,1184082,1184611,1184675,1184855,1185428,1185481,1185642,1185677,1185680,1185703,1185724,1185758,1185827,1185859,1185860,1185862,1185863,1185898,1185899,1185901,1185906,1185938,1185950,1185987,1186060,1186061,1186062,1186111,1186285,1186390,1186416,1186439,1186441,1186452,1186460,1186484,1186487,1186498,1186573
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.74.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.74.2, kernel-obs-build-4.12.14-122.74.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.74.1, kernel-source-4.12.14-122.74.1, kernel-syms-4.12.14-122.74.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.74.1, kgraft-patch-SLE12-SP5_Update_19-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.74.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2021-06-09 16:42:06 UTC
SUSE-SU-2021:1912-1: An update that solves 12 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1181161,1183405,1183738,1183947,1184611,1184675,1185642,1185680,1185725,1185859,1185860,1185862,1185863,1185898,1185899,1185901,1185938,1185950,1185987,1186060,1186061,1186062,1186111,1186285,1186390,1186484,1186498
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1, kernel-zfcpdump-4.12.14-197.92.1
SUSE Manager Retail Branch Server 4.0 (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE Manager Proxy 4.0 (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1, kernel-zfcpdump-4.12.14-197.92.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.92.1, kernel-livepatch-SLE15-SP1_Update_25-1-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.92.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.92.1, kernel-docs-4.12.14-197.92.1, kernel-obs-build-4.12.14-197.92.1, kernel-source-4.12.14-197.92.1, kernel-syms-4.12.14-197.92.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2021-06-15 16:51:55 UTC
SUSE-SU-2021:1975-1: An update that solves 52 vulnerabilities and has 250 fixes is now available.

Category: security (important)
Bug References: 1043990,1047233,1055117,1065729,1087082,1113295,1133021,1152457,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1164648,1167260,1167574,1167773,1168777,1168838,1169709,1171295,1173485,1174416,1174426,1175995,1176447,1176774,1177028,1177326,1177411,1177437,1177666,1178089,1178134,1178163,1178181,1178330,1178378,1178418,1178612,1179243,1179454,1179458,1179519,1179825,1179827,1179851,1180100,1180197,1180814,1180846,1180980,1181104,1181161,1181383,1181507,1181674,1181862,1182077,1182257,1182377,1182378,1182552,1182574,1182591,1182613,1182712,1182713,1182715,1182716,1182717,1182999,1183022,1183048,1183069,1183077,1183095,1183120,1183203,1183249,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183289,1183310,1183311,1183312,1183313,1183314,1183315,1183316,1183317,1183318,1183319,1183320,1183321,1183322,1183323,1183324,1183325,1183326,1183346,1183366,1183369,1183386,1183405,1183412,1183427,1183428,1183445,1183447,1183491,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183658,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183815,1183843,1183859,1183868,1183871,1183873,1183932,1183947,1183976,1184074,1184081,1184082,1184120,1184167,1184168,1184170,1184171,1184176,1184192,1184193,1184194,1184196,1184197,1184198,1184199,1184208,1184209,1184211,1184217,1184218,1184219,1184220,1184224,1184259,1184264,1184386,1184388,1184391,1184393,1184436,1184485,1184509,1184511,1184512,1184514,1184583,1184585,1184611,1184615,1184650,1184710,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184769,1184811,1184855,1184893,1184934,1184942,1184943,1184952,1184953,1184955,1184957,1184969,1184984,1185010,1185041,1185110,1185113,1185233,1185269,1185365,1185428,1185454,1185472,1185491,1185495,1185497,1185549,1185550,1185558,1185573,1185581,1185586,1185587,1185589,1185606,1185640,1185641,1185642,1185645,1185670,1185677,1185680,1185703,1185725,1185736,1185758,1185796,1185840,1185857,1185859,1185860,1185861,1185862,1185863,1185898,1185899,1185911,1185938,1185950,1185954,1185980,1185982,1185987,1185988,1186009,1186060,1186061,1186062,1186111,1186118,1186219,1186285,1186320,1186349,1186352,1186353,1186354,1186355,1186356,1186357,1186390,1186401,1186408,1186416,1186439,1186441,1186451,1186460,1186467,1186479,1186484,1186498,1186501,1186512,1186573,1186681
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20268,CVE-2021-23134,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28952,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483,CVE-2021-3489,CVE-2021-3490,CVE-2021-3491
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.3.1, kernel-source-azure-5.3.18-38.3.1, kernel-syms-azure-5.3.18-38.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2021-07-11 16:54:18 UTC
openSUSE-SU-2021:1975-1: An update that solves 52 vulnerabilities and has 250 fixes is now available.

Category: security (important)
Bug References: 1043990,1047233,1055117,1065729,1087082,1113295,1133021,1152457,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1164648,1167260,1167574,1167773,1168777,1168838,1169709,1171295,1173485,1174416,1174426,1175995,1176447,1176774,1177028,1177326,1177411,1177437,1177666,1178089,1178134,1178163,1178181,1178330,1178378,1178418,1178612,1179243,1179454,1179458,1179519,1179825,1179827,1179851,1180100,1180197,1180814,1180846,1180980,1181104,1181161,1181383,1181507,1181674,1181862,1182077,1182257,1182377,1182378,1182552,1182574,1182591,1182613,1182712,1182713,1182715,1182716,1182717,1182999,1183022,1183048,1183069,1183077,1183095,1183120,1183203,1183249,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183289,1183310,1183311,1183312,1183313,1183314,1183315,1183316,1183317,1183318,1183319,1183320,1183321,1183322,1183323,1183324,1183325,1183326,1183346,1183366,1183369,1183386,1183405,1183412,1183427,1183428,1183445,1183447,1183491,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183658,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183815,1183843,1183859,1183868,1183871,1183873,1183932,1183947,1183976,1184074,1184081,1184082,1184120,1184167,1184168,1184170,1184171,1184176,1184192,1184193,1184194,1184196,1184197,1184198,1184199,1184208,1184209,1184211,1184217,1184218,1184219,1184220,1184224,1184259,1184264,1184386,1184388,1184391,1184393,1184436,1184485,1184509,1184511,1184512,1184514,1184583,1184585,1184611,1184615,1184650,1184710,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184769,1184811,1184855,1184893,1184934,1184942,1184943,1184952,1184953,1184955,1184957,1184969,1184984,1185010,1185041,1185110,1185113,1185233,1185269,1185365,1185428,1185454,1185472,1185491,1185495,1185497,1185549,1185550,1185558,1185573,1185581,1185586,1185587,1185589,1185606,1185640,1185641,1185642,1185645,1185670,1185677,1185680,1185703,1185725,1185736,1185758,1185796,1185840,1185857,1185859,1185860,1185861,1185862,1185863,1185898,1185899,1185911,1185938,1185950,1185954,1185980,1185982,1185987,1185988,1186009,1186060,1186061,1186062,1186111,1186118,1186219,1186285,1186320,1186349,1186352,1186353,1186354,1186355,1186356,1186357,1186390,1186401,1186408,1186416,1186439,1186441,1186451,1186460,1186467,1186479,1186484,1186498,1186501,1186512,1186573,1186681
CVE References: CVE-2019-18814,CVE-2019-19769,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20268,CVE-2021-23134,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28952,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483,CVE-2021-3489,CVE-2021-3490,CVE-2021-3491
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.3.1, kernel-source-azure-5.3.18-38.3.1, kernel-syms-azure-5.3.18-38.3.1
Comment 32 Swamp Workflow Management 2021-07-20 16:37:38 UTC
SUSE-SU-2021:2406-1: An update that solves 20 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1179610,1180846,1184611,1185859,1185860,1185861,1185862,1185863,1185898,1185987,1186060,1186062,1186111,1186390,1186463,1187038,1187050,1187215,1187452,1187595,1187601,1187934,1188062,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.158.1, kernel-source-4.4.121-92.158.1, kernel-syms-4.4.121-92.158.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Swamp Workflow Management 2021-07-21 13:23:39 UTC
SUSE-SU-2021:2421-1: An update that solves 24 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1176081,1179610,1183738,1184611,1184675,1185642,1185725,1185859,1185860,1185861,1185862,1185898,1185987,1186060,1186062,1186111,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3491,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1, kernel-zfcpdump-4.12.14-150.75.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.75.1, kernel-livepatch-SLE15_Update_25-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2021-07-22 16:21:35 UTC
SUSE-SU-2021:2451-1: An update that solves 20 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1115026,1175462,1179610,1184611,1185724,1185859,1185860,1185861,1185862,1185863,1185898,1185987,1186060,1186062,1186111,1186235,1186390,1186463,1187038,1187050,1187193,1187215,1187388,1187452,1187595,1187601,1187934,1188062,1188063,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.147.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Marcus Meissner 2021-08-05 13:26:34 UTC
released