Bug 1200143 – VUL-0: CVE-2022-1975: kernel-source,kernel-source-azure,kernel-source-rt: sleep in atomic bug when firmware download timeout

Bug 1200143 - (CVE-2022-1975) VUL-0: CVE-2022-1975: kernel-source,kernel-source-azure,kernel-source-rt: sleep in atomic bug when firmware download timeout

(CVE-2022-1975)
Summary:	VUL-0: CVE-2022-1975: kernel-source,kernel-source-azure,kernel-source-rt: sle...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/333305/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-1975:4.5:(AV:A...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-06-02 06:49 UTC by Robert Frohl
Modified:	2023-01-18 17:42 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2022-06-02 06:49:48 UTC

rh#2084435

The sleep-in-atomic bug in /net/nfc/netlink.c of linux that allows attacker to crash linux kernel by simulating nfc device from user-space.

[Root cause]

The root cause of this sleep-in-atomic bug is that nlmsg_new with GFP_KERNEL parameter
is called in fw_dnld_timeout which is a timer handler.

[Patch]

https://github.com/torvalds/linux/commit/4071bf121d59944d5cd2238de0642f3d7995a997

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2084435
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1975

Comment 1 Robert Frohl 2022-06-02 07:15:20 UTC

based on fixes (9674da8 && 9ea7187 ): treating v3.11 and up as affected:

- linux-4.4
- linux-4.12
- linux-5.3
- SLE15-SP4

Comment 2 Takashi Iwai 2022-06-02 07:34:20 UTC

SLE15-SP4 already contains the fix, and I updated the patch reference.
The fix was backported to for the rest, cve/linux-5.3, cve/linux-4.12 and cve/linux-4.4 branches.

Reassigned back to security team.

Comment 17 Swamp Workflow Management 2022-06-14 22:19:27 UTC

SUSE-SU-2022:2077-1: An update that solves 29 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1055710,1065729,1084513,1087082,1126703,1158266,1173265,1182171,1183646,1183723,1187055,1191647,1196426,1197343,1198031,1198032,1198516,1198577,1198660,1198687,1198742,1199012,1199063,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2018-20784,CVE-2018-7755,CVE-2019-19377,CVE-2020-10769,CVE-2021-20292,CVE-2021-20321,CVE-2021-28688,CVE-2021-33061,CVE-2021-38208,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-28388,CVE-2022-28390,CVE-2022-30594
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.175.2, kernel-source-4.4.121-92.175.2, kernel-syms-4.4.121-92.175.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2022-06-14 22:23:37 UTC

SUSE-SU-2022:2080-1: An update that solves 18 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1024718,1055117,1061840,1065729,1129770,1158266,1162338,1162369,1173871,1188885,1194124,1195612,1195651,1196426,1196570,1197219,1197601,1198438,1198577,1198899,1198989,1199035,1199063,1199237,1199239,1199314,1199399,1199426,1199505,1199507,1199526,1199602,1199605,1199606,1199631,1199650,1199671,1199839,1200015,1200045,1200057,1200143,1200144,1200173,1200249
CVE References: CVE-2019-19377,CVE-2021-33061,CVE-2021-39711,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-24448,CVE-2022-30594
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.100.2, kernel-source-azure-4.12.14-16.100.1, kernel-syms-azure-4.12.14-16.100.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Swamp Workflow Management 2022-06-14 22:27:41 UTC

SUSE-SU-2022:2082-1: An update that solves 29 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1051510,1055710,1065729,1084513,1087082,1126703,1158266,1173265,1182171,1183646,1183723,1187055,1191647,1195651,1196426,1197343,1198031,1198032,1198516,1198577,1198660,1198687,1198742,1198962,1198997,1199012,1199063,1199314,1199426,1199505,1199507,1199605,1199650,1199785,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2018-20784,CVE-2018-7755,CVE-2019-19377,CVE-2020-10769,CVE-2021-20292,CVE-2021-20321,CVE-2021-28688,CVE-2021-33061,CVE-2021-38208,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-28388,CVE-2022-28390,CVE-2022-30594
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.164.3
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2022-06-16 19:19:33 UTC

SUSE-SU-2022:2103-1: An update that solves 26 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1028340,1055710,1071995,1087082,1114648,1158266,1172456,1183723,1187055,1191647,1191958,1195651,1196367,1196426,1197219,1197343,1198400,1198516,1198577,1198687,1198742,1198776,1198825,1199012,1199063,1199314,1199399,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2019-19377,CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-33061,CVE-2021-38208,CVE-2021-39711,CVE-2021-43389,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-30594
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.92.2, kernel-docs-4.12.14-150000.150.92.2, kernel-obs-build-4.12.14-150000.150.92.2, kernel-source-4.12.14-150000.150.92.2, kernel-syms-4.12.14-150000.150.92.2, kernel-vanilla-4.12.14-150000.150.92.2
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.92.2, kernel-docs-4.12.14-150000.150.92.2, kernel-obs-build-4.12.14-150000.150.92.2, kernel-source-4.12.14-150000.150.92.2, kernel-syms-4.12.14-150000.150.92.2, kernel-vanilla-4.12.14-150000.150.92.2, kernel-zfcpdump-4.12.14-150000.150.92.2
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.92.2, kernel-livepatch-SLE15_Update_30-1-150000.1.3.2
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.92.2, kernel-docs-4.12.14-150000.150.92.2, kernel-obs-build-4.12.14-150000.150.92.2, kernel-source-4.12.14-150000.150.92.2, kernel-syms-4.12.14-150000.150.92.2, kernel-vanilla-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.92.2, kernel-docs-4.12.14-150000.150.92.2, kernel-obs-build-4.12.14-150000.150.92.2, kernel-source-4.12.14-150000.150.92.2, kernel-syms-4.12.14-150000.150.92.2, kernel-vanilla-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.92.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2022-06-16 19:29:30 UTC

SUSE-SU-2022:2104-1: An update that solves 23 vulnerabilities, contains one feature and has 19 fixes is now available.

Category: security (important)
Bug References: 1028340,1065729,1071995,1158266,1177282,1191647,1195651,1195926,1196114,1196367,1196426,1196433,1196514,1196570,1196942,1197157,1197343,1197472,1197656,1197660,1197895,1198330,1198400,1198484,1198516,1198577,1198660,1198687,1198778,1198825,1199012,1199063,1199314,1199505,1199507,1199605,1199650,1199918,1200015,1200143,1200144,1200249
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-20321,CVE-2021-33061,CVE-2022-0168,CVE-2022-1011,CVE-2022-1158,CVE-2022-1184,CVE-2022-1353,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-28893,CVE-2022-30594
JIRA References: SLE-18234
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-livepatch-SLE15-SP2_Update_27-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.115.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2022-06-17 13:21:20 UTC

SUSE-SU-2022:2111-1: An update that solves 30 vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 1028340,1055710,1065729,1071995,1084513,1087082,1114648,1158266,1172456,1177282,1182171,1183723,1187055,1191647,1191958,1195065,1195651,1196018,1196367,1196426,1196999,1197219,1197343,1197663,1198400,1198516,1198577,1198660,1198687,1198742,1198777,1198825,1199012,1199063,1199314,1199399,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2018-7755,CVE-2019-19377,CVE-2019-20811,CVE-2020-26541,CVE-2021-20292,CVE-2021-20321,CVE-2021-33061,CVE-2021-38208,CVE-2021-39711,CVE-2021-43389,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-22942,CVE-2022-28748,CVE-2022-30594
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.114.2, kernel-default-4.12.14-150100.197.114.2, kernel-kvmsmall-4.12.14-150100.197.114.2, kernel-vanilla-4.12.14-150100.197.114.2, kernel-zfcpdump-4.12.14-150100.197.114.2
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.114.2, kernel-default-4.12.14-150100.197.114.2, kernel-kvmsmall-4.12.14-150100.197.114.2, kernel-vanilla-4.12.14-150100.197.114.2, kernel-zfcpdump-4.12.14-150100.197.114.2
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2, kernel-zfcpdump-4.12.14-150100.197.114.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.114.2, kernel-livepatch-SLE15-SP1_Update_31-1-150100.3.3.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.114.2
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2022-06-20 13:21:08 UTC

SUSE-SU-2022:2116-1: An update that solves 17 vulnerabilities and has 26 fixes is now available.

Category: security (important)
Bug References: 1024718,1055117,1061840,1065729,1129770,1158266,1162338,1162369,1173871,1188885,1194124,1195651,1196426,1196570,1197219,1197601,1198438,1198577,1198899,1199035,1199063,1199237,1199239,1199314,1199399,1199426,1199505,1199507,1199526,1199602,1199605,1199606,1199631,1199650,1199671,1199839,1200015,1200045,1200057,1200143,1200144,1200173,1200249
CVE References: CVE-2019-19377,CVE-2021-33061,CVE-2021-39711,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-30594
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.124.3
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.124.2, kernel-obs-build-4.12.14-122.124.3
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.124.3, kernel-source-4.12.14-122.124.2, kernel-syms-4.12.14-122.124.2
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.124.3, kgraft-patch-SLE12-SP5_Update_32-1-8.3.3
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.124.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 34 Swamp Workflow Management 2022-06-24 13:18:43 UTC

SUSE-SU-2022:2172-1: An update that solves 7 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1177282,1184924,1198924,1199365,1199482,1200015,1200143,1200144,1200206,1200207,1200249,1200259,1200263,1200343,1200494,1200529,1200604
CVE References: CVE-2020-26541,CVE-2022-1012,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-20141,CVE-2022-32250
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.62.1, kernel-source-azure-5.3.18-150300.38.62.1, kernel-syms-azure-5.3.18-150300.38.62.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.62.1, kernel-source-azure-5.3.18-150300.38.62.1, kernel-syms-azure-5.3.18-150300.38.62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 35 Swamp Workflow Management 2022-06-24 13:20:46 UTC

SUSE-SU-2022:2173-1: An update that solves four vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1177282,1199365,1200015,1200143,1200144,1200206,1200207,1200249,1200259,1200263,1200268,1200529
CVE References: CVE-2020-26541,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.76.1, kernel-preempt-5.3.18-150300.59.76.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.76.1, kernel-64kb-5.3.18-150300.59.76.1, kernel-debug-5.3.18-150300.59.76.1, kernel-default-5.3.18-150300.59.76.1, kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2, kernel-docs-5.3.18-150300.59.76.1, kernel-kvmsmall-5.3.18-150300.59.76.1, kernel-obs-build-5.3.18-150300.59.76.1, kernel-obs-qa-5.3.18-150300.59.76.1, kernel-preempt-5.3.18-150300.59.76.1, kernel-source-5.3.18-150300.59.76.1, kernel-syms-5.3.18-150300.59.76.1, kernel-zfcpdump-5.3.18-150300.59.76.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.76.1, kernel-preempt-5.3.18-150300.59.76.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.76.1, kernel-livepatch-SLE15-SP3_Update_20-1-150300.7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.76.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.76.1, kernel-obs-build-5.3.18-150300.59.76.1, kernel-preempt-5.3.18-150300.59.76.1, kernel-source-5.3.18-150300.59.76.1, kernel-syms-5.3.18-150300.59.76.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.76.1, kernel-default-5.3.18-150300.59.76.1, kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2, kernel-preempt-5.3.18-150300.59.76.1, kernel-source-5.3.18-150300.59.76.1, kernel-zfcpdump-5.3.18-150300.59.76.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.76.1, kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.76.1, kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.76.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 36 Swamp Workflow Management 2022-06-24 16:24:36 UTC

SUSE-SU-2022:2177-1: An update that solves 20 vulnerabilities, contains three features and has 39 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1177282,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199365,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200015,1200019,1200045,1200046,1200143,1200144,1200192,1200206,1200207,1200216,1200249,1200259,1200263,1200529,1200549,1200604
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1975,CVE-2022-20008,CVE-2022-20141,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594,CVE-2022-32250
JIRA References: SLE-13521,SLE-16387,SLE-8371
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.93.1, kernel-rt_debug-5.3.18-150300.93.1, kernel-source-rt-5.3.18-150300.93.1, kernel-syms-rt-5.3.18-150300.93.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.93.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.93.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 45 Swamp Workflow Management 2022-07-14 13:21:37 UTC

SUSE-SU-2022:2393-1: An update that solves 21 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1158266,1162338,1162369,1173871,1177282,1194013,1196901,1198577,1199426,1199487,1199507,1199657,1200059,1200143,1200144,1200249,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1200762,1201050,1201080,1201251
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-26341,CVE-2021-4157,CVE-2022-1184,CVE-2022-1679,CVE-2022-1729,CVE-2022-1974,CVE-2022-1975,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-21499,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33981
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.102.1, kernel-source-4.12.14-95.102.1, kernel-syms-4.12.14-95.102.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.102.1, kernel-source-4.12.14-95.102.1, kernel-syms-4.12.14-95.102.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.102.1, kernel-source-4.12.14-95.102.1, kernel-syms-4.12.14-95.102.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.102.1, kernel-source-4.12.14-95.102.1, kernel-syms-4.12.14-95.102.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.102.1, kgraft-patch-SLE12-SP4_Update_28-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.102.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 48 Gabriele Sonnu 2022-07-29 15:03:17 UTC

Done.

Comment 50 Swamp Workflow Management 2022-08-02 19:19:41 UTC

SUSE-SU-2022:2629-1: An update that solves 33 vulnerabilities and has 41 fixes is now available.

Category: security (important)
Bug References: 1024718,1055117,1061840,1065729,1129770,1158266,1177282,1188885,1194013,1194124,1196426,1196570,1196901,1196964,1197170,1197219,1197601,1198438,1198577,1198866,1198899,1199035,1199063,1199237,1199239,1199314,1199399,1199426,1199482,1199487,1199505,1199507,1199526,1199605,1199631,1199650,1199657,1199671,1199839,1200015,1200045,1200143,1200144,1200173,1200249,1200343,1200549,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200762,1200806,1200807,1200809,1200810,1200813,1200820,1200821,1200822,1200829,1200868,1200869,1200870,1200871,1200872,1200873,1200925,1201050,1201080,1201251
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-26341,CVE-2021-33061,CVE-2021-39711,CVE-2021-4157,CVE-2022-1012,CVE-2022-1184,CVE-2022-1652,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1836,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.94.1, kernel-rt_debug-4.12.14-10.94.1, kernel-source-rt-4.12.14-10.94.1, kernel-syms-rt-4.12.14-10.94.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 51 Swamp Workflow Management 2022-09-01 14:04:22 UTC

openSUSE-SU-2022:2173-1: An update that solves four vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1177282,1199365,1200015,1200143,1200144,1200206,1200207,1200249,1200259,1200263,1200268,1200529
CVE References: CVE-2020-26541,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.76.1, kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2

Comment 52 Swamp Workflow Management 2022-09-01 14:21:23 UTC

openSUSE-SU-2022:2177-1: An update that solves 20 vulnerabilities, contains three features and has 39 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1177282,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199365,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200015,1200019,1200045,1200046,1200143,1200144,1200192,1200206,1200207,1200216,1200249,1200259,1200263,1200529,1200549,1200604
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1975,CVE-2022-20008,CVE-2022-20141,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594,CVE-2022-32250
JIRA References: SLE-13521,SLE-16387,SLE-8371
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-rt-5.3.18-150300.93.1