Bug 1186109 – VUL-0: CVE-2021-33033: kernel-source-rt,kernel-source-azure,kernel-source: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c

Bug 1186109 - (CVE-2021-33033) VUL-0: CVE-2021-33033: kernel-source-rt,kernel-source-azure,kernel-source: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c

(CVE-2021-33033)
Summary:	VUL-0: CVE-2021-33033: kernel-source-rt,kernel-source-azure,kernel-source: us...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/284322/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-33033:6.7:(AV:...
Keywords:

Depends on:
Blocks:	1186283
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-05-17 07:20 UTC by Robert Frohl
Modified:	2022-04-07 13:38 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2021-05-17 07:20:33 UTC

CVE-2021-33033

The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in
net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI
definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an
arbitrary value.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33033
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad5d07f4a9cd671233ae20983848874731102c08
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.14
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7
https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-cipso_v4_genopt
https://syzkaller.appspot.com/bug?id=96e7d345748d8814901c91cd92084ed04b46701e

Comment 1 Robert Frohl 2021-05-17 09:24:14 UTC

ad5d07f4a9cd:
> Fixes: b1edeb102397 ("netlabel: Replace protocol/NetLabel linking with refrerence counts")
> Fixes: d7cce01504a0 ("netlabel: Add support for removing a CALIPSO DOI.")

since v2.6.28 and v4.8 respectively, tracking all kernels as affected for now.

Comment 3 Marcus Meissner 2021-05-27 14:45:07 UTC

this requires real root to be impacted, so Privleges required: High

Comment 4 Marcus Meissner 2021-08-16 12:07:24 UTC

ping

Comment 6 Michal Kubeček 2021-11-01 17:43:07 UTC

The fix has been merged or submitted (*) to all affected branches.

  introduced              b1edeb102397    v2.6.28-rc1
  fixed                   ad5d07f4a9cd    v5.12-rc3

  stable                  5.12  
  SLE15-SP4               5.12  
  SLE15-SP2               499c5a0ef71b
  cve/linux-4.12          017dde5659dd
  cve/linux-4.4           08ec772ccfaf
  cve/linux-3.0           f102f00f4521 *
  cve/linux-2.6.32        a9d3936c7da9 *

Reassigning back to security team.

Comment 9 OBSbugzilla Bot 2021-11-02 21:41:18 UTC

This is an autogenerated message for OBS integration:
This bug (1186109) was mentioned in
https://build.opensuse.org/request/show/928854 15.2 / kernel-source

Comment 16 Swamp Workflow Management 2021-11-08 14:21:44 UTC

openSUSE-SU-2021:1460-1: An update that solves 15 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1100416,1129735,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176940,1184673,1185762,1186109,1187167,1188563,1188876,1188983,1188985,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190941,1191229,1191238,1191241,1191315,1191317,1191343,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191731,1191800,1191934,1191958,1192036,1192040,1192041,1192107,1192145,1192267
CVE References: CVE-2018-13405,CVE-2021-33033,CVE-2021-34556,CVE-2021-3542,CVE-2021-35477,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.98.1, kernel-default-5.3.18-lp152.98.1, kernel-default-base-5.3.18-lp152.98.1.lp152.8.46.1, kernel-docs-5.3.18-lp152.98.1, kernel-kvmsmall-5.3.18-lp152.98.1, kernel-obs-build-5.3.18-lp152.98.1, kernel-obs-qa-5.3.18-lp152.98.1, kernel-preempt-5.3.18-lp152.98.1, kernel-source-5.3.18-lp152.98.1, kernel-syms-5.3.18-lp152.98.1

Comment 18 Swamp Workflow Management 2021-11-09 20:18:25 UTC

SUSE-SU-2021:3642-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    kernel-rt-5.3.18-60.1
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-60.1, kernel-rt_debug-5.3.18-60.1, kernel-source-rt-5.3.18-60.1, kernel-syms-rt-5.3.18-60.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Swamp Workflow Management 2021-11-09 20:24:52 UTC

SUSE-SU-2021:3641-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.28.2, kernel-source-azure-5.3.18-38.28.2, kernel-syms-azure-5.3.18-38.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Swamp Workflow Management 2021-11-09 20:31:10 UTC

openSUSE-SU-2021:3641-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.28.2, kernel-source-azure-5.3.18-38.28.2, kernel-syms-azure-5.3.18-38.28.1

Comment 24 Swamp Workflow Management 2021-11-11 14:20:28 UTC

openSUSE-SU-2021:3655-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-59.30.1, kernel-64kb-5.3.18-59.30.1, kernel-debug-5.3.18-59.30.1, kernel-default-5.3.18-59.30.1, kernel-default-base-5.3.18-59.30.1.18.17.1, kernel-docs-5.3.18-59.30.1, kernel-kvmsmall-5.3.18-59.30.1, kernel-obs-build-5.3.18-59.30.1, kernel-obs-qa-5.3.18-59.30.1, kernel-preempt-5.3.18-59.30.1, kernel-source-5.3.18-59.30.1, kernel-syms-5.3.18-59.30.1, kernel-zfcpdump-5.3.18-59.30.1

Comment 25 Swamp Workflow Management 2021-11-11 14:40:25 UTC

SUSE-SU-2021:3655-1: An update that solves 13 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    kernel-default-5.3.18-59.30.1, kernel-default-base-5.3.18-59.30.1.18.17.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.30.1, kernel-preempt-5.3.18-59.30.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.30.1, kernel-livepatch-SLE15-SP3_Update_8-1-7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.30.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.30.1, kernel-obs-build-5.3.18-59.30.1, kernel-preempt-5.3.18-59.30.1, kernel-source-5.3.18-59.30.1, kernel-syms-5.3.18-59.30.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.30.1, kernel-default-5.3.18-59.30.1, kernel-default-base-5.3.18-59.30.1.18.17.1, kernel-preempt-5.3.18-59.30.1, kernel-source-5.3.18-59.30.1, kernel-zfcpdump-5.3.18-59.30.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2021-11-15 17:20:39 UTC

openSUSE-SU-2021:1477-1: An update that solves 15 vulnerabilities and has 41 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1100416,1129735,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176940,1184673,1185762,1186109,1187167,1188563,1188876,1188983,1188985,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190941,1191229,1191238,1191241,1191315,1191317,1191343,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191731,1191800,1191934,1191958,1192036,1192040,1192041,1192107,1192145,1192267,1192549
CVE References: CVE-2018-13405,CVE-2021-33033,CVE-2021-34556,CVE-2021-3542,CVE-2021-35477,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.102.1, kernel-default-5.3.18-lp152.102.1, kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1, kernel-docs-5.3.18-lp152.102.1, kernel-kvmsmall-5.3.18-lp152.102.1, kernel-obs-build-5.3.18-lp152.102.1, kernel-obs-qa-5.3.18-lp152.102.1, kernel-preempt-5.3.18-lp152.102.1, kernel-source-5.3.18-lp152.102.1, kernel-syms-5.3.18-lp152.102.1

Comment 31 Swamp Workflow Management 2021-11-16 20:21:08 UTC

SUSE-SU-2021:3675-1: An update that solves 15 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1089118,1094840,1133021,1152472,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176447,1176774,1176914,1176940,1178134,1180100,1180749,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1188601,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191851,1191867,1191934,1191958,1191980,1192040,1192041,1192074,1192107,1192145,1192229,1192267,1192288,1192549
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056,CVE-2021-43389
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    kernel-default-5.3.18-59.34.1, kernel-default-base-5.3.18-59.34.1.18.21.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.34.1, kernel-preempt-5.3.18-59.34.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.34.1, kernel-livepatch-SLE15-SP3_Update_9-1-7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.34.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.34.1, kernel-obs-build-5.3.18-59.34.1, kernel-preempt-5.3.18-59.34.1, kernel-source-5.3.18-59.34.1, kernel-syms-5.3.18-59.34.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.34.1, kernel-default-5.3.18-59.34.1, kernel-default-base-5.3.18-59.34.1.18.21.1, kernel-preempt-5.3.18-59.34.1, kernel-source-5.3.18-59.34.1, kernel-zfcpdump-5.3.18-59.34.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Swamp Workflow Management 2021-11-16 20:31:43 UTC

openSUSE-SU-2021:3675-1: An update that solves 15 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1089118,1094840,1133021,1152472,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176447,1176774,1176914,1176940,1178134,1180100,1180749,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1188601,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191851,1191867,1191934,1191958,1191980,1192040,1192041,1192074,1192107,1192145,1192229,1192267,1192288,1192549
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056,CVE-2021-43389
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-59.34.1, kernel-64kb-5.3.18-59.34.1, kernel-debug-5.3.18-59.34.1, kernel-default-5.3.18-59.34.1, kernel-default-base-5.3.18-59.34.1.18.21.1, kernel-docs-5.3.18-59.34.1, kernel-kvmsmall-5.3.18-59.34.1, kernel-obs-build-5.3.18-59.34.1, kernel-obs-qa-5.3.18-59.34.1, kernel-preempt-5.3.18-59.34.1, kernel-source-5.3.18-59.34.1, kernel-syms-5.3.18-59.34.1, kernel-zfcpdump-5.3.18-59.34.1

Comment 33 Swamp Workflow Management 2021-11-17 14:23:16 UTC

SUSE-SU-2021:3723-1: An update that solves 14 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1050549,1065729,1085030,1094840,1114648,1180624,1184673,1186063,1186109,1188563,1188601,1188983,1188985,1190006,1190067,1190317,1190349,1190351,1190479,1190620,1190795,1190941,1191241,1191315,1191317,1191349,1191450,1191452,1191455,1191500,1191579,1191628,1191662,1191667,1191713,1191801,1192145,1192379
CVE References: CVE-2018-13405,CVE-2021-33033,CVE-2021-34556,CVE-2021-3542,CVE-2021-35477,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.65.1, kernel-rt_debug-4.12.14-10.65.1, kernel-source-rt-4.12.14-10.65.1, kernel-syms-rt-4.12.14-10.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 34 Swamp Workflow Management 2021-11-19 20:34:48 UTC

SUSE-SU-2021:3748-1: An update that solves 13 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 1050549,1065729,1085030,1114648,1180624,1184673,1186063,1186109,1188563,1188601,1188983,1188985,1190006,1190067,1190317,1190349,1190397,1190479,1190620,1190795,1190941,1191241,1191315,1191317,1191349,1191450,1191452,1191455,1191500,1191579,1191628,1191662,1191667,1191713,1191801,1191888,1192145,1192267
CVE References: CVE-2018-13405,CVE-2021-33033,CVE-2021-34556,CVE-2021-3542,CVE-2021-35477,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.98.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.98.1, kernel-obs-build-4.12.14-122.98.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.98.1, kernel-source-4.12.14-122.98.1, kernel-syms-4.12.14-122.98.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.98.1, kgraft-patch-SLE12-SP5_Update_25-1-8.7.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 48 Swamp Workflow Management 2021-12-01 20:24:01 UTC

SUSE-SU-2021:14849-1: An update that solves 17 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1183089,1184673,1186109,1187050,1187215,1188172,1188563,1188601,1188876,1189057,1189262,1189399,1190117,1190351,1191315,1191660,1191958,1192036,1192267,904899,905100
CVE References: CVE-2014-7841,CVE-2020-36385,CVE-2021-20265,CVE-2021-33033,CVE-2021-3542,CVE-2021-3609,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3679,CVE-2021-37159,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.132.1, kernel-default-3.0.101-108.132.1, kernel-ec2-3.0.101-108.132.1, kernel-pae-3.0.101-108.132.1, kernel-ppc64-3.0.101-108.132.1, kernel-source-3.0.101-108.132.1, kernel-syms-3.0.101-108.132.1, kernel-trace-3.0.101-108.132.1, kernel-xen-3.0.101-108.132.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.132.1, kernel-pae-3.0.101-108.132.1, kernel-ppc64-3.0.101-108.132.1, kernel-trace-3.0.101-108.132.1, kernel-xen-3.0.101-108.132.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.132.1, kernel-default-3.0.101-108.132.1, kernel-ec2-3.0.101-108.132.1, kernel-pae-3.0.101-108.132.1, kernel-ppc64-3.0.101-108.132.1, kernel-trace-3.0.101-108.132.1, kernel-xen-3.0.101-108.132.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 49 Swamp Workflow Management 2021-12-02 11:22:12 UTC

openSUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-197.102.2, kernel-default-4.12.14-197.102.2, kernel-kvmsmall-4.12.14-197.102.2, kernel-vanilla-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2

Comment 50 Swamp Workflow Management 2021-12-02 11:34:27 UTC

SUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-livepatch-SLE15-SP1_Update_27-1-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.102.2
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 51 Swamp Workflow Management 2021-12-06 14:36:19 UTC

SUSE-SU-2021:3929-1: An update that solves 36 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1068032,1087082,1098425,1100416,1119934,1129735,1171217,1171420,1173346,1176724,1183089,1184673,1186109,1186390,1188172,1188325,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189706,1190023,1190025,1190067,1190117,1190159,1190276,1190349,1190351,1190601,1191193,1191315,1191790,1191958,1191961,1192781,802154
CVE References: CVE-2017-5753,CVE-2018-13405,CVE-2018-16882,CVE-2020-0429,CVE-2020-12655,CVE-2020-14305,CVE-2020-3702,CVE-2021-20265,CVE-2021-20322,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-3896,CVE-2021-40490,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.161.1, kernel-source-4.4.121-92.161.1, kernel-syms-4.4.121-92.161.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 52 Swamp Workflow Management 2021-12-06 18:14:32 UTC

SUSE-SU-2021:3935-1: An update that solves 38 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1073928,1098425,1100416,1119934,1129735,1171217,1171420,1173346,1176724,1177666,1181158,1181854,1181855,1183089,1184673,1185726,1185727,1185758,1185973,1186109,1186390,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189278,1189291,1189399,1189420,1189706,1190022,1190023,1190025,1190067,1190117,1190159,1190194,1190349,1190351,1190601,1190717,1191193,1191315,1191790,1191801,1191958,1191961,1192267,1192400,1192775,1192781
CVE References: CVE-2017-17862,CVE-2017-17864,CVE-2018-13405,CVE-2018-16882,CVE-2020-0429,CVE-2020-12655,CVE-2020-14305,CVE-2020-3702,CVE-2020-4788,CVE-2021-20265,CVE-2021-20322,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-3896,CVE-2021-40490,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.150.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 53 Swamp Workflow Management 2021-12-07 20:22:59 UTC

SUSE-SU-2021:3969-1: An update that solves 37 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 1085235,1085308,1087078,1087082,1100394,1102640,1105412,1108488,1129898,1133374,1171420,1173489,1174161,1181854,1184804,1185377,1185726,1185758,1186109,1186482,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190117,1190159,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191790,1191800,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-3639,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20320,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1, kernel-zfcpdump-4.12.14-150.78.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.78.1, kernel-livepatch-SLE15_Update_26-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.78.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 55 Gabriele Sonnu 2022-04-07 13:38:58 UTC

Done.