Bug 1204059 (CVE-2022-42720) - VUL-0: CVE-2022-42720: kernel: remote crash/code execution due to refcounting bugs in multi-BSS handling
Summary: VUL-0: CVE-2022-42720: kernel: remote crash/code execution due to refcounting...
Status: RESOLVED FIXED
Alias: CVE-2022-42720
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/344278/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-42720:7.5:(AV:...
Keywords:
Depends on: 1204291
Blocks:
  Show dependency treegraph
 
Reported: 2022-10-05 15:10 UTC by Marcus Meissner
Modified: 2025-02-27 06:10 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
CVE-2022-42720-fix.patch (3.20 KB, patch)
2022-10-10 11:35 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 10 Robert Frohl 2022-10-13 12:44:13 UTC
wifi: cfg80211: fix BSS refcounting bugs
There are multiple refcounting bugs related to multi-BSSID:
 - In bss_ref_get(), if the BSS has a hidden_beacon_bss, then
   the bss pointer is overwritten before checking for the
   transmitted BSS, which is clearly wrong. Fix this by using
   the bss_from_pub() macro.

 - In cfg80211_bss_update() we copy the transmitted_bss pointer
   from tmp into new, but then if we release new, we'll unref
   it erroneously. We already set the pointer and ref it, but
   need to NULL it since it was copied from the tmp data.

 - In cfg80211_inform_single_bss_data(), if adding to the non-
   transmitted list fails, we unlink the BSS and yet still we
   return it, but this results in returning an entry without
   a reference. We shouldn't return it anyway if it was broken
   enough to not get added there.

This fixes CVE-2022-42720.

https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f
Comment 16 Takashi Iwai 2022-10-18 07:08:41 UTC
Reassigned back to security team.
Comment 20 Swamp Workflow Management 2022-10-24 16:22:32 UTC
SUSE-SU-2022:3704-1: An update that solves 15 vulnerabilities, contains one feature and has three fixes is now available.

Category: security (important)
Bug References: 1177471,1199564,1200288,1201309,1201310,1202095,1202385,1202677,1202960,1203552,1203622,1203769,1203770,1203987,1203992,1204051,1204059,1204060
CVE References: CVE-2020-16119,CVE-2022-20008,CVE-2022-2503,CVE-2022-2586,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721
JIRA References: PED-529
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-livepatch-SLE15-SP2_Update_31-1-150200.5.3.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.134.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2022-10-26 14:16:07 UTC
SUSE-SU-2022:3775-1: An update that solves 17 vulnerabilities, contains one feature and has 29 fixes is now available.

Category: security (important)
Bug References: 1177471,1185032,1194023,1196444,1197659,1199564,1200313,1200622,1201309,1201310,1201489,1201645,1201865,1201990,1202095,1202341,1202385,1202677,1202960,1202984,1203159,1203290,1203313,1203389,1203410,1203424,1203514,1203552,1203622,1203737,1203769,1203770,1203906,1203909,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125,1204289,1204290,1204291,1204292
CVE References: CVE-2020-16119,CVE-2022-20008,CVE-2022-2503,CVE-2022-2586,CVE-2022-3169,CVE-2022-3239,CVE-2022-3303,CVE-2022-40768,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722
JIRA References: PED-529
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.98.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.98.1, kernel-64kb-5.3.18-150300.59.98.1, kernel-debug-5.3.18-150300.59.98.1, kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3, kernel-docs-5.3.18-150300.59.98.1, kernel-kvmsmall-5.3.18-150300.59.98.1, kernel-obs-build-5.3.18-150300.59.98.1, kernel-obs-qa-5.3.18-150300.59.98.1, kernel-preempt-5.3.18-150300.59.98.1, kernel-source-5.3.18-150300.59.98.1, kernel-syms-5.3.18-150300.59.98.1, kernel-zfcpdump-5.3.18-150300.59.98.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-preempt-5.3.18-150300.59.98.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-livepatch-SLE15-SP3_Update_25-1-150300.7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.98.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.98.1, kernel-obs-build-5.3.18-150300.59.98.1, kernel-preempt-5.3.18-150300.59.98.1, kernel-source-5.3.18-150300.59.98.1, kernel-syms-5.3.18-150300.59.98.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.98.1, kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3, kernel-preempt-5.3.18-150300.59.98.1, kernel-source-5.3.18-150300.59.98.1, kernel-zfcpdump-5.3.18-150300.59.98.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2022-10-31 14:33:57 UTC
SUSE-SU-2022:3809-1: An update that solves 32 vulnerabilities, contains two features and has 84 fixes is now available.

Category: security (important)
Bug References: 1023051,1065729,1152489,1156395,1177471,1179722,1179723,1181862,1185032,1191662,1191667,1191881,1192594,1194023,1194272,1194535,1196444,1197158,1197659,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199291,1200288,1200313,1200431,1200622,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201309,1201310,1201420,1201489,1201610,1201705,1201726,1201865,1201948,1201990,1202095,1202096,1202097,1202341,1202346,1202347,1202385,1202393,1202396,1202447,1202577,1202636,1202638,1202672,1202677,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1202960,1202984,1203063,1203098,1203107,1203117,1203135,1203136,1203137,1203159,1203290,1203389,1203410,1203424,1203514,1203552,1203622,1203737,1203769,1203770,1203802,1203906,1203909,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125
CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-27784,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2503,CVE-2022-2586,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-3169,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190,CVE-2022-40768,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722
JIRA References: PED-529,SLE-24635
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-rt-5.3.18-150300.106.1
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.106.1, kernel-rt_debug-5.3.18-150300.106.1, kernel-source-rt-5.3.18-150300.106.1, kernel-syms-rt-5.3.18-150300.106.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.106.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.106.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2022-11-01 23:25:05 UTC
SUSE-SU-2022:3844-1: An update that solves 15 vulnerabilities, contains 12 features and has 33 fixes is now available.

Category: security (important)
Bug References: 1185032,1190497,1194023,1194869,1195917,1196444,1196869,1197659,1198189,1200288,1200622,1201309,1201310,1201987,1202095,1202960,1203039,1203066,1203101,1203197,1203263,1203338,1203360,1203361,1203389,1203410,1203505,1203552,1203664,1203693,1203699,1203767,1203769,1203770,1203794,1203798,1203893,1203902,1203906,1203908,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125
CVE References: CVE-2022-1263,CVE-2022-2586,CVE-2022-3202,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-39189,CVE-2022-41218,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722
JIRA References: PED-387,PED-529,PED-652,PED-664,PED-682,PED-688,PED-720,PED-729,PED-755,PED-763,SLE-19924,SLE-24814
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.28.1, kernel-64kb-5.14.21-150400.24.28.1, kernel-debug-5.14.21-150400.24.28.1, kernel-default-5.14.21-150400.24.28.1, kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5, kernel-docs-5.14.21-150400.24.28.1, kernel-kvmsmall-5.14.21-150400.24.28.1, kernel-obs-build-5.14.21-150400.24.28.1, kernel-obs-qa-5.14.21-150400.24.28.1, kernel-source-5.14.21-150400.24.28.1, kernel-syms-5.14.21-150400.24.28.1, kernel-zfcpdump-5.14.21-150400.24.28.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.28.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.28.1, kernel-livepatch-SLE15-SP4_Update_4-1-150400.9.3.5
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.28.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.28.1, kernel-obs-build-5.14.21-150400.24.28.1, kernel-source-5.14.21-150400.24.28.1, kernel-syms-5.14.21-150400.24.28.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.28.1, kernel-default-5.14.21-150400.24.28.1, kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5, kernel-source-5.14.21-150400.24.28.1, kernel-zfcpdump-5.14.21-150400.24.28.1
SUSE Linux Enterprise Micro 5.3 (src):    kernel-default-5.14.21-150400.24.28.1, kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2022-11-08 14:33:45 UTC
SUSE-SU-2022:3897-1: An update that solves 33 vulnerabilities, contains one feature and has 15 fixes is now available.

Category: security (important)
Bug References: 1032323,1065729,1152489,1196018,1198702,1200465,1200788,1201725,1202638,1202686,1202700,1203066,1203098,1203290,1203387,1203391,1203496,1203514,1203770,1203802,1204051,1204053,1204059,1204060,1204125,1204166,1204168,1204354,1204355,1204382,1204402,1204415,1204417,1204431,1204439,1204470,1204479,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204653,1204728,1204753,1204754
CVE References: CVE-2021-4037,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-3176,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3623,CVE-2022-3625,CVE-2022-3629,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-39189,CVE-2022-40768,CVE-2022-41674,CVE-2022-42703,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722,CVE-2022-43750
JIRA References: PED-1931
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.83.1, kernel-source-azure-5.3.18-150300.38.83.1, kernel-syms-azure-5.3.18-150300.38.83.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.83.1, kernel-source-azure-5.3.18-150300.38.83.1, kernel-syms-azure-5.3.18-150300.38.83.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2022-11-15 20:25:04 UTC
SUSE-SU-2022:3998-1: An update that solves 37 vulnerabilities, contains 25 features and has 38 fixes is now available.

Category: security (important)
Bug References: 1065729,1071995,1152472,1152489,1188238,1194869,1196018,1196632,1199904,1200567,1200692,1200788,1202187,1202686,1202700,1202914,1203098,1203229,1203290,1203435,1203514,1203699,1203701,1203767,1203770,1203802,1203922,1203979,1204017,1204051,1204059,1204060,1204125,1204142,1204166,1204168,1204171,1204241,1204353,1204354,1204355,1204402,1204413,1204415,1204417,1204428,1204431,1204439,1204470,1204479,1204498,1204533,1204569,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204753,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970
CVE References: CVE-2022-1882,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-40476,CVE-2022-40768,CVE-2022-41674,CVE-2022-42703,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722,CVE-2022-43750
JIRA References: PED-1082,PED-1084,PED-1085,PED-1096,PED-1211,PED-1649,PED-634,PED-676,PED-678,PED-679,PED-707,PED-732,PED-813,PED-817,PED-822,PED-825,PED-833,PED-842,PED-846,PED-850,PED-851,PED-856,PED-857,SLE-13847,SLE-9246
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.21.2, kernel-source-azure-5.14.21-150400.14.21.1, kernel-syms-azure-5.14.21-150400.14.21.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.21.2, kernel-source-azure-5.14.21-150400.14.21.1, kernel-syms-azure-5.14.21-150400.14.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Swamp Workflow Management 2022-12-23 15:20:52 UTC
SUSE-SU-2022:4617-1: An update that solves 96 vulnerabilities, contains 50 features and has 246 fixes is now available.

Category: security (important)
Bug References: 1023051,1032323,1065729,1071995,1152472,1152489,1156395,1164051,1177471,1184350,1185032,1188238,1189297,1189999,1190256,1190497,1190969,1192968,1193629,1194023,1194592,1194869,1194904,1195480,1195917,1196018,1196444,1196616,1196632,1196867,1196869,1197158,1197391,1197659,1197755,1197756,1197757,1197763,1198189,1198410,1198577,1198702,1198971,1199086,1199364,1199515,1199670,1199904,1200015,1200058,1200268,1200288,1200301,1200313,1200431,1200465,1200494,1200544,1200567,1200622,1200644,1200651,1200692,1200788,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201309,1201310,1201361,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201726,1201768,1201865,1201940,1201941,1201948,1201954,1201956,1201958,1202095,1202096,1202097,1202113,1202131,1202154,1202187,1202262,1202265,1202312,1202341,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202623,1202636,1202672,1202681,1202685,1202686,1202700,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202872,1202874,1202898,1202914,1202960,1202989,1202992,1202993,1203002,1203008,1203036,1203039,1203041,1203063,1203066,1203067,1203098,1203101,1203107,1203116,1203117,1203138,1203139,1203159,1203183,1203197,1203208,1203229,1203263,1203290,1203338,1203360,1203361,1203389,1203391,1203410,1203435,1203505,1203511,1203514,1203552,1203606,1203664,1203693,1203699,1203767,1203769,1203770,1203794,1203798,1203802,1203829,1203893,1203902,1203906,1203908,1203922,1203935,1203939,1203960,1203969,1203987,1203992,1203994,1204017,1204051,1204059,1204060,1204092,1204125,1204132,1204142,1204166,1204168,1204170,1204171,1204183,1204228,1204241,1204289,1204290,1204291,1204292,1204353,1204354,1204355,1204402,1204405,1204413,1204414,1204415,1204417,1204424,1204428,1204431,1204432,1204439,1204470,1204479,1204486,1204498,1204533,1204569,1204574,1204575,1204576,1204619,1204624,1204631,1204635,1204636,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204745,1204753,1204780,1204810,1204850,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,1205007,1205100,1205111,1205113,1205128,1205130,1205149,1205153,1205220,1205257,1205264,1205282,1205313,1205331,1205332,1205427,1205428,1205473,1205496,1205507,1205514,1205521,1205567,1205616,1205617,1205653,1205671,1205679,1205683,1205700,1205705,1205709,1205711,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206045,1206046,1206047,1206048,1206049,1206050,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,1206273,1206391
CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-1184,CVE-2022-1263,CVE-2022-1882,CVE-2022-20368,CVE-2022-20369,CVE-2022-2153,CVE-2022-2586,CVE-2022-2588,CVE-2022-2602,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-28748,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2964,CVE-2022-2977,CVE-2022-2978,CVE-2022-3028,CVE-2022-3078,CVE-2022-3114,CVE-2022-3169,CVE-2022-3176,CVE-2022-3202,CVE-2022-32250,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3566,CVE-2022-3567,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3635,CVE-2022-3640,CVE-2022-3643,CVE-2022-3646,CVE-2022-3649,CVE-2022-36879,CVE-2022-36946,CVE-2022-3707,CVE-2022-3903,CVE-2022-39188,CVE-2022-39189,CVE-2022-39190,CVE-2022-40476,CVE-2022-40768,CVE-2022-4095,CVE-2022-41218,CVE-2022-4129,CVE-2022-4139,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42703,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722,CVE-2022-42895,CVE-2022-42896,CVE-2022-43750,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934
JIRA References: PED-1082,PED-1084,PED-1085,PED-1096,PED-1211,PED-1573,PED-1649,PED-1706,PED-1936,PED-2684,PED-387,PED-529,PED-611,PED-634,PED-652,PED-664,PED-676,PED-678,PED-679,PED-682,PED-688,PED-707,PED-720,PED-729,PED-732,PED-755,PED-763,PED-813,PED-817,PED-822,PED-824,PED-825,PED-833,PED-842,PED-846,PED-849,PED-850,PED-851,PED-856,PED-857,SLE-13847,SLE-18130,SLE-19359,SLE-19924,SLE-20183,SLE-23766,SLE-24572,SLE-24682,SLE-24814,SLE-9246
Sources used:
openSUSE Leap Micro 5.3 (src):    kernel-rt-5.14.21-150400.15.5.1
openSUSE Leap 15.4 (src):    kernel-rt-5.14.21-150400.15.5.1, kernel-rt_debug-5.14.21-150400.15.5.1, kernel-source-rt-5.14.21-150400.15.5.1, kernel-syms-rt-5.14.21-150400.15.5.1
SUSE Linux Enterprise Module for Realtime 15-SP4 (src):    kernel-rt-5.14.21-150400.15.5.1, kernel-rt_debug-5.14.21-150400.15.5.1, kernel-source-rt-5.14.21-150400.15.5.1, kernel-syms-rt-5.14.21-150400.15.5.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-livepatch-SLE15-SP4-RT_Update_1-1-150400.1.3.1
SUSE Linux Enterprise Micro 5.3 (src):    kernel-rt-5.14.21-150400.15.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.