1208995 – (CVE-2023-1192) VUL-0: CVE-2023-1192: kernel: use-after-free in smb2_is_status_io_timeout()

Bug 1208995 (CVE-2023-1192) - VUL-0: CVE-2023-1192: kernel: use-after-free in smb2_is_status_io_timeout()

Summary: VUL-0: CVE-2023-1192: kernel: use-after-free in smb2_is_status_io_timeout()

Status:	RESOLVED FIXED

Alias:	CVE-2023-1192

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/359331/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-1192:6.5:(AV:N...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-03-07 08:02 UTC by Robert Frohl
Modified:	2024-06-25 17:31 UTC (History)
CC List:	10 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2023-03-07 08:02:45 UTC

CVE-2023-1192



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1192
https://bugzilla.redhat.com/show_bug.cgi?id=2154178

Comment 1 Robert Frohl 2023-03-07 08:05:17 UTC

from RH:

> The use-after-free in smb2_is_status_io_timeout()
> 
> Local variable points to memory region which may be freed in other thread.

Comment 10 Oscar Salvador 2023-06-07 13:40:42 UTC

Any updates on this one Robert?

Comment 19 Jan Kara 2023-08-31 12:10:21 UTC

OK, Paolo can you go ahead and backport these fixes please? And maybe ping upstream maintainer about them as well?

Comment 20 Paulo Alcantara 2023-09-01 15:28:44 UTC

(In reply to Jan Kara from comment #19)
> OK, Paolo can you go ahead and backport these fixes please? And maybe ping
> upstream maintainer about them as well?

I pinged Steve once more and hopefully he'll merge it upstream.  I'll backport it to all affected SLES kernels.

Comment 34 Paulo Alcantara 2023-10-02 22:32:49 UTC

Reassign to security team to close it.

Comment 40 Maintenance Automation 2023-10-05 16:29:16 UTC

SUSE-SU-2023:3988-1: An update that solves 24 vulnerabilities, contains 10 features and has 64 security fixes can now be installed.

Category: security (important)
Bug References: 1023051, 1065729, 1120059, 1177719, 1187236, 1188885, 1193629, 1194869, 1203329, 1203330, 1205462, 1206453, 1208902, 1208949, 1208995, 1209284, 1209799, 1210048, 1210169, 1210448, 1210643, 1211220, 1212091, 1212142, 1212423, 1212526, 1212857, 1212873, 1213026, 1213123, 1213546, 1213580, 1213601, 1213666, 1213733, 1213757, 1213759, 1213916, 1213921, 1213927, 1213946, 1213949, 1213968, 1213970, 1213971, 1214000, 1214019, 1214073, 1214120, 1214149, 1214180, 1214233, 1214238, 1214285, 1214297, 1214299, 1214305, 1214350, 1214368, 1214370, 1214371, 1214372, 1214380, 1214386, 1214392, 1214393, 1214397, 1214404, 1214428, 1214451, 1214635, 1214659, 1214661, 1214727, 1214729, 1214742, 1214743, 1214756, 1214813, 1214873, 1214928, 1214976, 1214988, 1215123, 1215124, 1215148, 1215221, 1215523
CVE References: CVE-2022-38457, CVE-2022-40133, CVE-2023-1192, CVE-2023-1859, CVE-2023-2007, CVE-2023-20588, CVE-2023-2177, CVE-2023-34319, CVE-2023-3610, CVE-2023-37453, CVE-2023-3772, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128, CVE-2023-4133, CVE-2023-4134, CVE-2023-4147, CVE-2023-4194, CVE-2023-4273, CVE-2023-4387, CVE-2023-4459, CVE-2023-4563, CVE-2023-4569, CVE-2023-4881
Jira References: PED-2023, PED-2025, PED-3924, PED-4579, PED-4759, PED-4927, PED-4929, PED-5738, PED-6003, PED-6004
Sources used:
SUSE Real Time Module 15-SP5 (src): kernel-syms-rt-5.14.21-150500.13.18.1, kernel-source-rt-5.14.21-150500.13.18.1
openSUSE Leap 15.5 (src): kernel-syms-rt-5.14.21-150500.13.18.1, kernel-livepatch-SLE15-SP5-RT_Update_5-1-150500.11.3.1, kernel-source-rt-5.14.21-150500.13.18.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_5-1-150500.11.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 50 Maintenance Automation 2023-10-10 16:35:13 UTC

SUSE-SU-2023:4031-1: An update that solves 13 vulnerabilities, contains one feature and has 39 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109837, 1152446, 1154048, 1207168, 1208995, 1210169, 1212703, 1213016, 1214157, 1214380, 1214386, 1214586, 1214940, 1214943, 1214945, 1214946, 1214948, 1214949, 1214950, 1214952, 1214953, 1214961, 1214962, 1214964, 1214965, 1214966, 1214967, 1215115, 1215117, 1215121, 1215122, 1215136, 1215149, 1215152, 1215162, 1215164, 1215165, 1215207, 1215221, 1215275, 1215299, 1215467, 1215607, 1215634, 1215858, 1215860, 1215861, 1215877, 1215897, 1215898, 1215954
CVE References: CVE-2020-36766, CVE-2023-0394, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
Jira References: PED-5021
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_49-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.179.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-4.12.14-122.179.1, kernel-syms-4.12.14-122.179.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-4.12.14-122.179.1, kernel-syms-4.12.14-122.179.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-4.12.14-122.179.1, kernel-syms-4.12.14-122.179.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 51 Maintenance Automation 2023-10-10 16:35:22 UTC

SUSE-SU-2023:4030-1: An update that solves 13 vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1207036, 1208995, 1210169, 1210643, 1212703, 1214233, 1214351, 1214380, 1214386, 1215115, 1215117, 1215150, 1215221, 1215275, 1215299
CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-23454, CVE-2023-40283, CVE-2023-42753, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_41-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.166.1, kernel-source-5.3.18-150200.24.166.1, kernel-default-base-5.3.18-150200.24.166.1.150200.9.83.1, kernel-syms-5.3.18-150200.24.166.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.166.1, kernel-source-5.3.18-150200.24.166.1, kernel-default-base-5.3.18-150200.24.166.1.150200.9.83.1, kernel-syms-5.3.18-150200.24.166.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.166.1, kernel-source-5.3.18-150200.24.166.1, kernel-default-base-5.3.18-150200.24.166.1.150200.9.83.1, kernel-syms-5.3.18-150200.24.166.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 52 Maintenance Automation 2023-10-10 16:35:31 UTC

SUSE-SU-2023:4033-1: An update that solves 12 vulnerabilities and has 39 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109837, 1152446, 1154048, 1208995, 1210169, 1212703, 1213016, 1214157, 1214380, 1214386, 1214586, 1214940, 1214943, 1214945, 1214946, 1214948, 1214949, 1214950, 1214952, 1214953, 1214961, 1214962, 1214964, 1214965, 1214966, 1214967, 1215115, 1215117, 1215121, 1215122, 1215136, 1215149, 1215152, 1215162, 1215164, 1215165, 1215207, 1215221, 1215275, 1215299, 1215467, 1215607, 1215634, 1215858, 1215860, 1215861, 1215877, 1215897, 1215898, 1215954
CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-syms-rt-4.12.14-10.144.1, kernel-source-rt-4.12.14-10.144.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 53 Maintenance Automation 2023-10-10 16:35:45 UTC

SUSE-SU-2023:4028-1: An update that solves eight vulnerabilities and contains one feature can now be installed.

Category: security (important)
Bug References: 1208600, 1208995, 1210448, 1213666, 1213927, 1214348, 1214451, 1215115
CVE References: CVE-2023-1077, CVE-2023-1192, CVE-2023-2007, CVE-2023-20588, CVE-2023-3772, CVE-2023-4385, CVE-2023-4459, CVE-2023-4623
Jira References: PED-4579
Sources used:
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (src): kernel-syms-3.0.101-108.147.1, kernel-source-3.0.101-108.147.1
SUSE Linux Enterprise Server 11 SP4 (src): kernel-syms-3.0.101-108.147.1, kernel-source-3.0.101-108.147.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 54 Maintenance Automation 2023-10-12 12:46:26 UTC

SUSE-SU-2023:4058-1: An update that solves 18 vulnerabilities, contains three features and has 71 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1152472, 1187236, 1201284, 1202845, 1206453, 1208995, 1210169, 1210643, 1210658, 1212639, 1212703, 1213123, 1213534, 1213808, 1214022, 1214037, 1214040, 1214233, 1214351, 1214479, 1214543, 1214635, 1214813, 1214873, 1214928, 1214940, 1214941, 1214942, 1214943, 1214944, 1214945, 1214946, 1214947, 1214948, 1214949, 1214950, 1214951, 1214952, 1214953, 1214954, 1214955, 1214957, 1214958, 1214959, 1214961, 1214962, 1214963, 1214964, 1214965, 1214966, 1214967, 1214986, 1214988, 1214990, 1214991, 1214992, 1214993, 1214995, 1214997, 1214998, 1215115, 1215117, 1215123, 1215124, 1215148, 1215150, 1215221, 1215275, 1215322, 1215467, 1215523, 1215581, 1215752, 1215858, 1215860, 1215861, 1215875, 1215877, 1215894, 1215895, 1215896, 1215899, 1215911, 1215915, 1215916, 1215941, 1215956, 1215957
CVE References: CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-37453, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-40283, CVE-2023-4155, CVE-2023-42753, CVE-2023-42754, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5345
Jira References: PED-1549, PED-2023, PED-2025
Sources used:
openSUSE Leap 15.5 (src): kernel-source-azure-5.14.21-150500.33.20.1, kernel-syms-azure-5.14.21-150500.33.20.1
Public Cloud Module 15-SP5 (src): kernel-source-azure-5.14.21-150500.33.20.1, kernel-syms-azure-5.14.21-150500.33.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 56 Maintenance Automation 2023-10-17 16:30:20 UTC

SUSE-SU-2023:4095-1: An update that solves 14 vulnerabilities and has eight security fixes can now be installed.

Category: security (important)
Bug References: 1176588, 1202845, 1207036, 1207270, 1208995, 1210169, 1210643, 1210658, 1212703, 1213812, 1214233, 1214351, 1214380, 1214386, 1215115, 1215117, 1215150, 1215221, 1215275, 1215299, 1215322, 1215356
CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-23454, CVE-2023-4004, CVE-2023-40283, CVE-2023-42753, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
Sources used:
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_37-1-150300.7.5.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Manager Proxy 4.2 (src): kernel-source-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Manager Retail Branch Server 4.2 (src): kernel-source-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Manager Server 4.2 (src): kernel-source-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Enterprise Storage 7.1 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 58 Maintenance Automation 2023-10-20 12:30:08 UTC

SUSE-SU-2023:4142-1: An update that solves 13 vulnerabilities and has eight security fixes can now be installed.

Category: security (important)
Bug References: 1176588, 1202845, 1207270, 1208995, 1210169, 1210643, 1210658, 1212703, 1213812, 1214233, 1214351, 1214380, 1214386, 1215115, 1215117, 1215150, 1215221, 1215275, 1215299, 1215322, 1215356
CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-4004, CVE-2023-40283, CVE-2023-42753, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 61 Maintenance Automation 2023-11-02 16:30:09 UTC

SUSE-SU-2023:4347-1: An update that solves 17 vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1208995, 1210169, 1210778, 1212703, 1214233, 1214380, 1214386, 1215115, 1215117, 1215221, 1215275, 1215299, 1215467, 1215745, 1215858, 1215860, 1215861, 1216046, 1216051
CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-31085, CVE-2023-34324, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-40283, CVE-2023-42754, CVE-2023-45862, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_45-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-obs-build-4.12.14-150100.197.160.1, kernel-syms-4.12.14-150100.197.160.1, kernel-source-4.12.14-150100.197.160.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-obs-build-4.12.14-150100.197.160.1, kernel-syms-4.12.14-150100.197.160.1, kernel-source-4.12.14-150100.197.160.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-obs-build-4.12.14-150100.197.160.1, kernel-syms-4.12.14-150100.197.160.1, kernel-source-4.12.14-150100.197.160.1
SUSE CaaS Platform 4.0 (src): kernel-obs-build-4.12.14-150100.197.160.1, kernel-syms-4.12.14-150100.197.160.1, kernel-source-4.12.14-150100.197.160.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 65 Maintenance Automation 2024-04-26 16:30:04 UTC

SUSE-SU-2024:1454-1: An update that solves 114 vulnerabilities, contains one feature and has four security fixes can now be installed.

Category: security (important)
Bug References: 1186060, 1192145, 1194516, 1208995, 1209635, 1209657, 1212514, 1213456, 1217987, 1217988, 1217989, 1218336, 1218447, 1218479, 1218562, 1219170, 1219264, 1220320, 1220340, 1220366, 1220411, 1220413, 1220442, 1220445, 1220468, 1220484, 1220521, 1220528, 1220529, 1220532, 1220536, 1220554, 1220556, 1220560, 1220561, 1220566, 1220575, 1220580, 1220583, 1220611, 1220615, 1220625, 1220631, 1220638, 1220640, 1220641, 1220662, 1220669, 1220687, 1220692, 1220697, 1220703, 1220706, 1220739, 1220743, 1220745, 1220749, 1220751, 1220764, 1220768, 1220769, 1220777, 1220779, 1220785, 1220790, 1220794, 1220826, 1220829, 1220836, 1220846, 1220850, 1220861, 1220871, 1220883, 1220946, 1220969, 1221044, 1221058, 1221061, 1221077, 1221088, 1221293, 1221532, 1221534, 1221541, 1221548, 1221575, 1221605, 1221606, 1221608, 1221830, 1221934, 1221935, 1221949, 1221952, 1221965, 1221966, 1221969, 1221989, 1221991, 1221992, 1221993, 1221994, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222004, 1222117, 1222422, 1222585, 1222619, 1222660, 1222664, 1222669, 1222706
CVE References: CVE-2020-36780, CVE-2020-36782, CVE-2020-36783, CVE-2021-23134, CVE-2021-46909, CVE-2021-46921, CVE-2021-46930, CVE-2021-46938, CVE-2021-46939, CVE-2021-46943, CVE-2021-46944, CVE-2021-46950, CVE-2021-46951, CVE-2021-46958, CVE-2021-46960, CVE-2021-46961, CVE-2021-46962, CVE-2021-46963, CVE-2021-46971, CVE-2021-46981, CVE-2021-46984, CVE-2021-46988, CVE-2021-46990, CVE-2021-46991, CVE-2021-46992, CVE-2021-46998, CVE-2021-47000, CVE-2021-47006, CVE-2021-47013, CVE-2021-47015, CVE-2021-47020, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47051, CVE-2021-47055, CVE-2021-47056, CVE-2021-47058, CVE-2021-47061, CVE-2021-47063, CVE-2021-47065, CVE-2021-47068, CVE-2021-47069, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47077, CVE-2021-47082, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47120, CVE-2021-47138, CVE-2021-47139, CVE-2021-47141, CVE-2021-47142, CVE-2021-47144, CVE-2021-47153, CVE-2021-47161, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47170, CVE-2021-47171, CVE-2021-47172, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2022-0487, CVE-2022-4744, CVE-2022-48626, CVE-2023-0160, CVE-2023-1192, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52500, CVE-2023-52509, CVE-2023-52572, CVE-2023-52575, CVE-2023-52583, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52628, CVE-2023-6270, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-22099, CVE-2024-26600, CVE-2024-26614, CVE-2024-26642, CVE-2024-26704, CVE-2024-26733
Jira References: PED-5759
Maintenance Incident: [SUSE:Maintenance:33232](https://smelt.suse.de/incident/33232/)
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src):
 kernel-livepatch-SLE15-SP2_Update_47-1-150200.5.3.3
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 kernel-syms-5.3.18-150200.24.188.1, kernel-source-5.3.18-150200.24.188.1, kernel-default-base-5.3.18-150200.24.188.1.150200.9.95.3, kernel-obs-build-5.3.18-150200.24.188.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 kernel-syms-5.3.18-150200.24.188.1, kernel-source-5.3.18-150200.24.188.1, kernel-default-base-5.3.18-150200.24.188.1.150200.9.95.3, kernel-obs-build-5.3.18-150200.24.188.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 kernel-syms-5.3.18-150200.24.188.1, kernel-source-5.3.18-150200.24.188.1, kernel-default-base-5.3.18-150200.24.188.1.150200.9.95.3, kernel-obs-build-5.3.18-150200.24.188.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 66 Maintenance Automation 2024-05-03 08:30:57 UTC

SUSE-SU-2024:1489-1: An update that solves 157 vulnerabilities, contains five features and has four security fixes can now be installed.

Category: security (important)
Bug References: 1184942, 1186060, 1192145, 1194516, 1208995, 1209635, 1209657, 1212514, 1213456, 1217987, 1217988, 1217989, 1218336, 1218447, 1218479, 1218562, 1219170, 1219264, 1220320, 1220340, 1220366, 1220400, 1220411, 1220413, 1220414, 1220425, 1220426, 1220429, 1220432, 1220442, 1220445, 1220465, 1220468, 1220475, 1220484, 1220486, 1220487, 1220516, 1220521, 1220528, 1220529, 1220532, 1220554, 1220556, 1220557, 1220560, 1220561, 1220566, 1220575, 1220580, 1220583, 1220611, 1220615, 1220621, 1220625, 1220630, 1220631, 1220638, 1220639, 1220640, 1220641, 1220662, 1220663, 1220669, 1220670, 1220677, 1220678, 1220685, 1220687, 1220688, 1220692, 1220697, 1220703, 1220706, 1220733, 1220734, 1220739, 1220743, 1220745, 1220749, 1220751, 1220753, 1220758, 1220759, 1220764, 1220768, 1220769, 1220777, 1220779, 1220785, 1220790, 1220794, 1220824, 1220826, 1220829, 1220836, 1220846, 1220850, 1220861, 1220871, 1220883, 1220946, 1220954, 1220969, 1220979, 1220982, 1220985, 1220987, 1221015, 1221044, 1221058, 1221061, 1221077, 1221088, 1221276, 1221293, 1221532, 1221534, 1221541, 1221548, 1221552, 1221575, 1221605, 1221606, 1221608, 1221830, 1221931, 1221932, 1221934, 1221935, 1221949, 1221952, 1221965, 1221966, 1221969, 1221973, 1221974, 1221978, 1221989, 1221990, 1221991, 1221992, 1221993, 1221994, 1221996, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222003, 1222004, 1222117, 1222422, 1222585, 1222619, 1222660, 1222664, 1222669, 1222706
CVE References: CVE-2020-36780, CVE-2020-36781, CVE-2020-36782, CVE-2020-36783, CVE-2021-23134, CVE-2021-29155, CVE-2021-46908, CVE-2021-46909, CVE-2021-46911, CVE-2021-46914, CVE-2021-46917, CVE-2021-46918, CVE-2021-46919, CVE-2021-46920, CVE-2021-46921, CVE-2021-46922, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46938, CVE-2021-46939, CVE-2021-46943, CVE-2021-46944, CVE-2021-46950, CVE-2021-46951, CVE-2021-46956, CVE-2021-46958, CVE-2021-46959, CVE-2021-46960, CVE-2021-46961, CVE-2021-46962, CVE-2021-46963, CVE-2021-46971, CVE-2021-46976, CVE-2021-46980, CVE-2021-46981, CVE-2021-46983, CVE-2021-46984, CVE-2021-46988, CVE-2021-46990, CVE-2021-46991, CVE-2021-46992, CVE-2021-46998, CVE-2021-47000, CVE-2021-47001, CVE-2021-47003, CVE-2021-47006, CVE-2021-47009, CVE-2021-47013, CVE-2021-47014, CVE-2021-47015, CVE-2021-47017, CVE-2021-47020, CVE-2021-47026, CVE-2021-47034, CVE-2021-47035, CVE-2021-47038, CVE-2021-47044, CVE-2021-47045, CVE-2021-47046, CVE-2021-47049, CVE-2021-47051, CVE-2021-47055, CVE-2021-47056, CVE-2021-47058, CVE-2021-47061, CVE-2021-47063, CVE-2021-47065, CVE-2021-47068, CVE-2021-47069, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47077, CVE-2021-47082, CVE-2021-47087, CVE-2021-47095, CVE-2021-47097, CVE-2021-47100, CVE-2021-47101, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47120, CVE-2021-47130, CVE-2021-47136, CVE-2021-47137, CVE-2021-47138, CVE-2021-47139, CVE-2021-47141, CVE-2021-47142, CVE-2021-47144, CVE-2021-47150, CVE-2021-47153, CVE-2021-47160, CVE-2021-47161, CVE-2021-47164, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47170, CVE-2021-47171, CVE-2021-47172, CVE-2021-47173, CVE-2021-47174, CVE-2021-47175, CVE-2021-47176, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2022-0487, CVE-2022-4744, CVE-2022-48626, CVE-2023-0160, CVE-2023-1192, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52492, CVE-2023-52500, CVE-2023-52508, CVE-2023-52509, CVE-2023-52572, CVE-2023-52575, CVE-2023-52583, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52628, CVE-2023-6270, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-22099, CVE-2024-26600, CVE-2024-26614, CVE-2024-26642, CVE-2024-26704, CVE-2024-26733
Jira References: PED-5759, SLE-13706, SLE-15131, SLE-15172, SLE-15176
Maintenance Incident: [SUSE:Maintenance:33221](https://smelt.suse.de/incident/33221/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Enterprise Storage 7.1 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
openSUSE Leap 15.3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-livepatch-SLE15-SP3_Update_43-1-150300.7.3.5, kernel-obs-build-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5, kernel-source-5.3.18-150300.59.158.1, kernel-obs-qa-5.3.18-150300.59.158.1
SUSE Linux Enterprise Live Patching 15-SP3 (src):
 kernel-livepatch-SLE15-SP3_Update_43-1-150300.7.3.5
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 67 Maintenance Automation 2024-05-03 08:37:29 UTC

SUSE-SU-2024:1489-1: An update that solves 157 vulnerabilities, contains five features and has four security fixes can now be installed.

Category: security (important)
Bug References: 1184942, 1186060, 1192145, 1194516, 1208995, 1209635, 1209657, 1212514, 1213456, 1217987, 1217988, 1217989, 1218336, 1218447, 1218479, 1218562, 1219170, 1219264, 1220320, 1220340, 1220366, 1220400, 1220411, 1220413, 1220414, 1220425, 1220426, 1220429, 1220432, 1220442, 1220445, 1220465, 1220468, 1220475, 1220484, 1220486, 1220487, 1220516, 1220521, 1220528, 1220529, 1220532, 1220554, 1220556, 1220557, 1220560, 1220561, 1220566, 1220575, 1220580, 1220583, 1220611, 1220615, 1220621, 1220625, 1220630, 1220631, 1220638, 1220639, 1220640, 1220641, 1220662, 1220663, 1220669, 1220670, 1220677, 1220678, 1220685, 1220687, 1220688, 1220692, 1220697, 1220703, 1220706, 1220733, 1220734, 1220739, 1220743, 1220745, 1220749, 1220751, 1220753, 1220758, 1220759, 1220764, 1220768, 1220769, 1220777, 1220779, 1220785, 1220790, 1220794, 1220824, 1220826, 1220829, 1220836, 1220846, 1220850, 1220861, 1220871, 1220883, 1220946, 1220954, 1220969, 1220979, 1220982, 1220985, 1220987, 1221015, 1221044, 1221058, 1221061, 1221077, 1221088, 1221276, 1221293, 1221532, 1221534, 1221541, 1221548, 1221552, 1221575, 1221605, 1221606, 1221608, 1221830, 1221931, 1221932, 1221934, 1221935, 1221949, 1221952, 1221965, 1221966, 1221969, 1221973, 1221974, 1221978, 1221989, 1221990, 1221991, 1221992, 1221993, 1221994, 1221996, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222003, 1222004, 1222117, 1222422, 1222585, 1222619, 1222660, 1222664, 1222669, 1222706
CVE References: CVE-2020-36780, CVE-2020-36781, CVE-2020-36782, CVE-2020-36783, CVE-2021-23134, CVE-2021-29155, CVE-2021-46908, CVE-2021-46909, CVE-2021-46911, CVE-2021-46914, CVE-2021-46917, CVE-2021-46918, CVE-2021-46919, CVE-2021-46920, CVE-2021-46921, CVE-2021-46922, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46938, CVE-2021-46939, CVE-2021-46943, CVE-2021-46944, CVE-2021-46950, CVE-2021-46951, CVE-2021-46956, CVE-2021-46958, CVE-2021-46959, CVE-2021-46960, CVE-2021-46961, CVE-2021-46962, CVE-2021-46963, CVE-2021-46971, CVE-2021-46976, CVE-2021-46980, CVE-2021-46981, CVE-2021-46983, CVE-2021-46984, CVE-2021-46988, CVE-2021-46990, CVE-2021-46991, CVE-2021-46992, CVE-2021-46998, CVE-2021-47000, CVE-2021-47001, CVE-2021-47003, CVE-2021-47006, CVE-2021-47009, CVE-2021-47013, CVE-2021-47014, CVE-2021-47015, CVE-2021-47017, CVE-2021-47020, CVE-2021-47026, CVE-2021-47034, CVE-2021-47035, CVE-2021-47038, CVE-2021-47044, CVE-2021-47045, CVE-2021-47046, CVE-2021-47049, CVE-2021-47051, CVE-2021-47055, CVE-2021-47056, CVE-2021-47058, CVE-2021-47061, CVE-2021-47063, CVE-2021-47065, CVE-2021-47068, CVE-2021-47069, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47077, CVE-2021-47082, CVE-2021-47087, CVE-2021-47095, CVE-2021-47097, CVE-2021-47100, CVE-2021-47101, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47120, CVE-2021-47130, CVE-2021-47136, CVE-2021-47137, CVE-2021-47138, CVE-2021-47139, CVE-2021-47141, CVE-2021-47142, CVE-2021-47144, CVE-2021-47150, CVE-2021-47153, CVE-2021-47160, CVE-2021-47161, CVE-2021-47164, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47170, CVE-2021-47171, CVE-2021-47172, CVE-2021-47173, CVE-2021-47174, CVE-2021-47175, CVE-2021-47176, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2022-0487, CVE-2022-4744, CVE-2022-48626, CVE-2023-0160, CVE-2023-1192, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52492, CVE-2023-52500, CVE-2023-52508, CVE-2023-52509, CVE-2023-52572, CVE-2023-52575, CVE-2023-52583, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52628, CVE-2023-6270, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-22099, CVE-2024-26600, CVE-2024-26614, CVE-2024-26642, CVE-2024-26704, CVE-2024-26733
Jira References: PED-5759, SLE-13706, SLE-15131, SLE-15172, SLE-15176
Maintenance Incident: [SUSE:Maintenance:33221](https://smelt.suse.de/incident/33221/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Enterprise Storage 7.1 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
openSUSE Leap 15.3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-livepatch-SLE15-SP3_Update_43-1-150300.7.3.5, kernel-obs-build-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5, kernel-source-5.3.18-150300.59.158.1, kernel-obs-qa-5.3.18-150300.59.158.1
SUSE Linux Enterprise Live Patching 15-SP3 (src):
 kernel-livepatch-SLE15-SP3_Update_43-1-150300.7.3.5
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.