1212051 – (CVE-2023-3111) VUL-0: CVE-2023-3111: kernel: Use after free in prepare_to_relocate in fs/btrfs/relocation.c

Bug 1212051 (CVE-2023-3111) - VUL-0: CVE-2023-3111: kernel: Use after free in prepare_to_relocate in fs/btrfs/relocation.c

Summary: VUL-0: CVE-2023-3111: kernel: Use after free in prepare_to_relocate in fs/btr...

Status:	IN_PROGRESS

Alias:	CVE-2023-3111

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/368421/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-3111:6.7:(AV:L...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-06-06 11:24 UTC by Gabriele Sonnu
Modified:	2024-06-25 17:41 UTC (History)
CC List:	12 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gabriele Sonnu 2023-06-06 11:24:57 UTC

CVE-2023-3111

A use after free vulnerability was found in prepare_to_relocate in
fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be
triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3111
https://bugzilla.redhat.com/show_bug.cgi?id=2212513
https://www.cve.org/CVERecord?id=CVE-2023-3111
https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6@gmail.com/

Comment 1 Gabriele Sonnu 2023-06-06 11:38:13 UTC

Fixing commit:

https://github.com/torvalds/linux/commit/85f02d6c856b9f3a0acf5219de6e32f58b9778eb

Only stable branch seems to have it.
Tracking as affected:

 - SLE12-SP5
 - SLE15-SP4
 - SLE15-SP5

Code is slightly different in the older branches but btrfs_commit_transaction() return code isn't checked either, so they could also be vulnerable.

@kernel-team: can you please have a look?

Comment 2 Oscar Salvador 2023-06-07 13:15:52 UTC

@Filipe: Could you please have a look?

Comment 3 Marcus Meissner 2023-06-26 09:42:58 UTC

mandatory for Common Criteria.

reassigning back to kernel-bugs as otherwise no reaction

Comment 5 Takashi Iwai 2023-07-04 08:41:16 UTC

Can we fix this ASAP?  The submission of the next maintenance update was planned in today, and this fix is mandatory.

Adding more people to Cc for driving faster.

Comment 6 Wenruo Qu 2023-07-04 10:11:42 UTC

I'll do the backport for the 3 affected branches.

Comment 7 Filipe Manana 2023-07-04 10:27:22 UTC

I've already pushed the patches last week:

commit 6726801c9b9459d2cb72003ce0a12cf4cf1d28f5 (origin/users/fdmanana/cve/linux-4.12/for-next, cve/linux-4.12)
Author: Filipe Manana <fdmanana@suse.com>
Date:   Thu Jun 29 14:19:17 2023 +0100

    btrfs: unset reloc control if transaction commit fails in
    prepare_to_relocate() (bsc#1212051 CVE-2023-3111).


commit 8d5436704bf87a39d4b5d28235c93d2b8ede1001 (HEAD -> SLE15-SP4, origin/users/fdmanana/SLE15-SP4/for-next)
Author: Filipe Manana <fdmanana@suse.com>
Date:   Thu Jun 29 11:54:41 2023 +0100

    btrfs: unset reloc control if transaction commit fails in
    prepare_to_relocate() (bsc#1212051 CVE-2023-3111).

Comment 8 Takashi Iwai 2023-07-04 10:34:37 UTC

Ah OK, then we should be fine.  SLE12-SP5 will get the fix via cve/linux-4.12 and SLE15-SP5 from SLE15-SP4.  If all branches are covered with those, please reassign back to security team.

Comment 9 Filipe Manana 2023-07-04 10:38:50 UTC

(In reply to Takashi Iwai from comment #8)
> Ah OK, then we should be fine.  SLE12-SP5 will get the fix via
> cve/linux-4.12 and SLE15-SP5 from SLE15-SP4.  If all branches are covered
> with those, please reassign back to security team.

It made its way to SLE15-SP5 through the auto-merge from SLE15-SP4.
But it hasn't made its way from cve/linux-4.12 to SLE12-SP5 yet... Don't know why the auto-merge is taking days for SLE12-SP5 - it's quick with SLE15-SP5.

Comment 10 Takashi Iwai 2023-07-04 10:57:42 UTC

The auto-merge can't work in most cases unfortunately because of merge conflicts, hence usually branch maintainers have to do resolve manually.  So it depends on branch maintainers how quickly doing the merge.

Comment 21 Maintenance Automation 2023-07-10 16:30:03 UTC

SUSE-SU-2023:2803-1: An update that solves seven vulnerabilities, contains one feature and has 10 fixes can now be installed.

Category: security (important)
Bug References: 1187829, 1194869, 1210335, 1212051, 1212265, 1212603, 1212605, 1212606, 1212619, 1212701, 1212741, 1212835, 1212838, 1212842, 1212861, 1212869, 1212892
CVE References: CVE-2023-1829, CVE-2023-3090, CVE-2023-3111, CVE-2023-3212, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389
Jira References: SLE-19253
Sources used:
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_9-1-150400.1.3.1
SUSE Real Time Module 15-SP4 (src): kernel-source-rt-5.14.21-150400.15.40.1, kernel-syms-rt-5.14.21-150400.15.40.1
openSUSE Leap 15.4 (src): kernel-source-rt-5.14.21-150400.15.40.1, kernel-syms-rt-5.14.21-150400.15.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Maintenance Automation 2023-07-10 16:30:22 UTC

SUSE-SU-2023:2804-1: An update that solves 13 vulnerabilities, contains one feature and has 27 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1160435, 1172073, 1174852, 1190317, 1191731, 1199046, 1205758, 1208600, 1208604, 1209039, 1209779, 1210533, 1210791, 1211089, 1211519, 1211796, 1212051, 1212128, 1212129, 1212154, 1212158, 1212164, 1212165, 1212167, 1212170, 1212173, 1212175, 1212185, 1212236, 1212240, 1212244, 1212266, 1212443, 1212501, 1212502, 1212606, 1212701, 1212842, 1212938
CVE References: CVE-2023-1077, CVE-2023-1079, CVE-2023-1249, CVE-2023-1637, CVE-2023-2002, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35824
Jira References: SLE-18857
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-source-rt-4.12.14-10.130.1, kernel-syms-rt-4.12.14-10.130.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Maintenance Automation 2023-07-11 16:32:51 UTC

SUSE-SU-2023:2808-1: An update that solves 13 vulnerabilities and has 21 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1160435, 1174852, 1190317, 1205758, 1208600, 1208604, 1209039, 1209779, 1210533, 1211519, 1212051, 1212128, 1212129, 1212154, 1212158, 1212164, 1212165, 1212167, 1212170, 1212173, 1212175, 1212185, 1212236, 1212240, 1212244, 1212266, 1212443, 1212501, 1212502, 1212606, 1212701, 1212842, 1212938
CVE References: CVE-2023-1077, CVE-2023-1079, CVE-2023-1249, CVE-2023-1637, CVE-2023-2002, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35824
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-azure-4.12.14-16.139.1, kernel-source-azure-4.12.14-16.139.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-azure-4.12.14-16.139.1, kernel-source-azure-4.12.14-16.139.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-azure-4.12.14-16.139.1, kernel-source-azure-4.12.14-16.139.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Maintenance Automation 2023-07-13 15:44:51 UTC

SUSE-SU-2023:2820-1: An update that solves 16 vulnerabilities, contains two features and has 34 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1152472, 1152489, 1160435, 1187829, 1189998, 1194869, 1205758, 1208410, 1208600, 1209039, 1209367, 1210335, 1211299, 1211346, 1211387, 1211410, 1211449, 1211796, 1211852, 1212051, 1212129, 1212154, 1212155, 1212158, 1212265, 1212350, 1212448, 1212494, 1212495, 1212504, 1212513, 1212540, 1212561, 1212563, 1212564, 1212584, 1212592, 1212603, 1212605, 1212606, 1212619, 1212701, 1212741, 1212835, 1212838, 1212842, 1212861, 1212869, 1212892
CVE References: CVE-2023-1077, CVE-2023-1249, CVE-2023-1829, CVE-2023-21102, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3161, CVE-2023-3212, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-3931, SLE-19253
Sources used:
Basesystem Module 15-SP4 (src): kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1, kernel-source-5.14.21-150400.24.69.1
Development Tools Module 15-SP4 (src): kernel-syms-5.14.21-150400.24.69.1, kernel-obs-build-5.14.21-150400.24.69.1, kernel-source-5.14.21-150400.24.69.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_14-1-150400.9.3.1
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1
openSUSE Leap 15.4 (src): kernel-obs-build-5.14.21-150400.24.69.1, kernel-source-5.14.21-150400.24.69.1, kernel-syms-5.14.21-150400.24.69.1, kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1, kernel-obs-qa-5.14.21-150400.24.69.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Maintenance Automation 2023-07-14 11:08:42 UTC

SUSE-SU-2023:2822-1: An update that solves 13 vulnerabilities, contains one feature and has 27 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1160435, 1172073, 1174852, 1190317, 1191731, 1199046, 1205758, 1208600, 1208604, 1209039, 1209779, 1210533, 1210791, 1211089, 1211519, 1211796, 1212051, 1212128, 1212129, 1212154, 1212158, 1212164, 1212165, 1212167, 1212170, 1212173, 1212175, 1212185, 1212236, 1212240, 1212244, 1212266, 1212443, 1212501, 1212502, 1212606, 1212701, 1212842, 1212938
CVE References: CVE-2023-1077, CVE-2023-1079, CVE-2023-1249, CVE-2023-1637, CVE-2023-2002, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35824
Jira References: SLE-18857
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_45-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.165.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-4.12.14-122.165.1, kernel-source-4.12.14-122.165.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-4.12.14-122.165.1, kernel-source-4.12.14-122.165.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-4.12.14-122.165.1, kernel-source-4.12.14-122.165.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Maintenance Automation 2023-07-14 13:14:50 UTC

SUSE-SU-2023:2830-1: An update that solves 12 vulnerabilities and has four fixes can now be installed.

Category: security (important)
Bug References: 1160435, 1198400, 1208604, 1209039, 1209779, 1210533, 1211449, 1212051, 1212128, 1212129, 1212154, 1212158, 1212501, 1212502, 1212606, 1212842
CVE References: CVE-2023-1079, CVE-2023-1249, CVE-2023-1637, CVE-2023-2002, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35824
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_42-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.151.1, kernel-source-4.12.14-150100.197.151.1, kernel-obs-build-4.12.14-150100.197.151.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.151.1, kernel-source-4.12.14-150100.197.151.1, kernel-obs-build-4.12.14-150100.197.151.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-syms-4.12.14-150100.197.151.1, kernel-source-4.12.14-150100.197.151.1, kernel-obs-build-4.12.14-150100.197.151.1
SUSE CaaS Platform 4.0 (src): kernel-syms-4.12.14-150100.197.151.1, kernel-source-4.12.14-150100.197.151.1, kernel-obs-build-4.12.14-150100.197.151.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Maintenance Automation 2023-07-14 13:15:13 UTC

SUSE-SU-2023:2831-1: An update that solves 16 vulnerabilities, contains one feature and has 33 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1152472, 1152489, 1160435, 1187829, 1189998, 1194869, 1205758, 1208410, 1208600, 1209039, 1209367, 1210335, 1211299, 1211346, 1211387, 1211410, 1211796, 1211852, 1212051, 1212129, 1212154, 1212155, 1212158, 1212265, 1212350, 1212448, 1212494, 1212495, 1212504, 1212513, 1212540, 1212561, 1212563, 1212564, 1212584, 1212592, 1212603, 1212605, 1212606, 1212619, 1212701, 1212741, 1212835, 1212838, 1212842, 1212861, 1212869, 1212892
CVE References: CVE-2023-1077, CVE-2023-1249, CVE-2023-1829, CVE-2023-21102, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3161, CVE-2023-3212, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-3931
Sources used:
openSUSE Leap 15.4 (src): kernel-source-azure-5.14.21-150400.14.55.1, kernel-syms-azure-5.14.21-150400.14.55.1
Public Cloud Module 15-SP4 (src): kernel-source-azure-5.14.21-150400.14.55.1, kernel-syms-azure-5.14.21-150400.14.55.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Maintenance Automation 2023-07-18 16:33:05 UTC

SUSE-SU-2023:2871-1: An update that solves 82 vulnerabilities, contains 25 features and has 390 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1186449, 1187829, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198400, 1198438, 1198835, 1199304, 1199701, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204363, 1204662, 1204993, 1205153, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206552, 1206578, 1206640, 1206649, 1206677, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207036, 1207050, 1207051, 1207088, 1207125, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207933, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208410, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208601, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208741, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209039, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209291, 1209292, 1209366, 1209367, 1209436, 1209457, 1209504, 1209532, 1209556, 1209600, 1209615, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209780, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210335, 1210336, 1210337, 1210409, 1210439, 1210449, 1210450, 1210453, 1210454, 1210498, 1210506, 1210533, 1210551, 1210565, 1210584, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210853, 1210940, 1210943, 1210947, 1210953, 1210986, 1211014, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211205, 1211263, 1211280, 1211281, 1211299, 1211346, 1211387, 1211400, 1211410, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211794, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211852, 1211855, 1211960, 1212051, 1212129, 1212154, 1212155, 1212158, 1212265, 1212350, 1212445, 1212448, 1212456, 1212494, 1212495, 1212504, 1212513, 1212540, 1212556, 1212561, 1212563, 1212564, 1212584, 1212592, 1212603, 1212605, 1212606, 1212619, 1212685, 1212701, 1212741, 1212835, 1212838, 1212842, 1212848, 1212861, 1212869, 1212892, 1212961, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213116, 1213134
CVE References: CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1829, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-2430, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-28866, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-3090, CVE-2023-31084, CVE-2023-3111, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3220, CVE-2023-32233, CVE-2023-33288, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-33951, CVE-2023-33952, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-1549, PED-3210, PED-3259, PED-3692, PED-370, PED-3750, PED-3759, PED-376, PED-3931, PED-4022, PED-835, SES-1880, SLE-18375, SLE-18377, SLE-18378, SLE-18379, SLE-18383, SLE-18384, SLE-18385, SLE-18978, SLE-18992, SLE-19001, SLE-19253, SLE-19255, SLE-19556
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5_Update_1-1-150500.11.7.1, kernel-syms-5.14.21-150500.55.7.1, kernel-obs-qa-5.14.21-150500.55.7.1, kernel-obs-build-5.14.21-150500.55.7.1, kernel-source-5.14.21-150500.55.7.1, kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5
Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.7.1, kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5
Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.7.1, kernel-syms-5.14.21-150500.55.7.1, kernel-obs-build-5.14.21-150500.55.7.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_1-1-150500.11.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Maintenance Automation 2023-07-19 20:34:52 UTC

SUSE-SU-2023:2892-1: An update that solves 15 vulnerabilities, contains one feature and has 85 fixes can now be installed.

Category: security (important)
Bug References: 1187829, 1189998, 1194869, 1205758, 1208410, 1209039, 1209780, 1210335, 1210565, 1210584, 1210853, 1211014, 1211346, 1211400, 1211410, 1211794, 1211852, 1212051, 1212265, 1212350, 1212405, 1212445, 1212448, 1212456, 1212494, 1212495, 1212504, 1212513, 1212540, 1212556, 1212561, 1212563, 1212564, 1212584, 1212592, 1212603, 1212605, 1212606, 1212619, 1212685, 1212701, 1212741, 1212835, 1212838, 1212842, 1212848, 1212861, 1212869, 1212892, 1212961, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213116, 1213134
CVE References: CVE-2023-1249, CVE-2023-1829, CVE-2023-2430, CVE-2023-28866, CVE-2023-3090, CVE-2023-3111, CVE-2023-3212, CVE-2023-3220, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-3931
Sources used:
openSUSE Leap 15.5 (src): kernel-syms-azure-5.14.21-150500.33.6.1, kernel-source-azure-5.14.21-150500.33.6.1
Public Cloud Module 15-SP5 (src): kernel-syms-azure-5.14.21-150500.33.6.1, kernel-source-azure-5.14.21-150500.33.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 40 Maintenance Automation 2023-08-14 08:30:13 UTC

SUSE-SU-2023:3302-1: An update that solves 28 vulnerabilities, contains two features and has 115 fixes can now be installed.

Category: security (important)
Bug References: 1150305, 1187829, 1193629, 1194869, 1206418, 1207129, 1207894, 1207948, 1208788, 1210335, 1210565, 1210584, 1210627, 1210780, 1210825, 1210853, 1211014, 1211131, 1211243, 1211738, 1211811, 1211867, 1212051, 1212256, 1212265, 1212301, 1212445, 1212456, 1212502, 1212525, 1212603, 1212604, 1212685, 1212766, 1212835, 1212838, 1212842, 1212846, 1212848, 1212861, 1212869, 1212892, 1212901, 1212905, 1212961, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213059, 1213061, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213116, 1213134, 1213167, 1213205, 1213206, 1213226, 1213233, 1213245, 1213247, 1213252, 1213258, 1213259, 1213263, 1213264, 1213272, 1213286, 1213287, 1213304, 1213417, 1213493, 1213523, 1213524, 1213533, 1213543, 1213578, 1213585, 1213586, 1213588, 1213601, 1213620, 1213632, 1213653, 1213705, 1213713, 1213715, 1213747, 1213756, 1213759, 1213777, 1213810, 1213812, 1213856, 1213857, 1213863, 1213867, 1213870, 1213871, 1213872
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-1829, CVE-2023-20569, CVE-2023-20593, CVE-2023-21400, CVE-2023-2156, CVE-2023-2166, CVE-2023-2430, CVE-2023-2985, CVE-2023-3090, CVE-2023-31083, CVE-2023-3111, CVE-2023-3117, CVE-2023-31248, CVE-2023-3212, CVE-2023-3268, CVE-2023-3389, CVE-2023-3390, CVE-2023-35001, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-3812, CVE-2023-38409, CVE-2023-3863, CVE-2023-4004
Jira References: PED-4718, PED-4758
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5-RT_Update_3-1-150500.11.5.1, kernel-syms-rt-5.14.21-150500.13.11.1, kernel-source-rt-5.14.21-150500.13.11.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_3-1-150500.11.5.1
SUSE Real Time Module 15-SP5 (src): kernel-syms-rt-5.14.21-150500.13.11.1, kernel-source-rt-5.14.21-150500.13.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 45 Maintenance Automation 2023-09-14 12:31:22 UTC

SUSE-SU-2023:3601-1: An update that solves 16 vulnerabilities, contains one feature and has 29 security fixes can now be installed.

Category: security (important)
Bug References: 1120059, 1203517, 1210327, 1210448, 1212051, 1213543, 1213546, 1213601, 1213666, 1213899, 1213904, 1213906, 1213908, 1213910, 1213911, 1213912, 1213921, 1213927, 1213969, 1213970, 1213971, 1214019, 1214149, 1214157, 1214209, 1214233, 1214299, 1214335, 1214348, 1214350, 1214451, 1214453, 1214752, 1214928, 1215028, 1215032, 1215034, 1215035, 1215036, 1215037, 1215038, 1215041, 1215046, 1215049, 1215057
CVE References: CVE-2022-36402, CVE-2023-2007, CVE-2023-20588, CVE-2023-34319, CVE-2023-3772, CVE-2023-3812, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128, CVE-2023-4132, CVE-2023-4133, CVE-2023-4134, CVE-2023-4194, CVE-2023-4385, CVE-2023-4387, CVE-2023-4459
Jira References: PED-4579
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-syms-rt-4.12.14-10.141.1, kernel-source-rt-4.12.14-10.141.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 46 Maintenance Automation 2023-09-19 16:31:08 UTC

SUSE-SU-2023:3681-1: An update that solves 16 vulnerabilities, contains two features and has 29 security fixes can now be installed.

Category: security (important)
Bug References: 1120059, 1203517, 1210327, 1210448, 1212051, 1213543, 1213546, 1213601, 1213666, 1213899, 1213904, 1213906, 1213908, 1213910, 1213911, 1213912, 1213921, 1213927, 1213969, 1213970, 1213971, 1214019, 1214149, 1214157, 1214209, 1214233, 1214299, 1214335, 1214348, 1214350, 1214451, 1214453, 1214752, 1214928, 1215028, 1215032, 1215034, 1215035, 1215036, 1215037, 1215038, 1215041, 1215046, 1215049, 1215057
CVE References: CVE-2022-36402, CVE-2023-2007, CVE-2023-20588, CVE-2023-34319, CVE-2023-3772, CVE-2023-3812, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128, CVE-2023-4132, CVE-2023-4133, CVE-2023-4134, CVE-2023-4194, CVE-2023-4385, CVE-2023-4387, CVE-2023-4459
Jira References: PED-4579, SLE-18779
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-azure-4.12.14-16.149.1, kernel-syms-azure-4.12.14-16.149.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-azure-4.12.14-16.149.1, kernel-syms-azure-4.12.14-16.149.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-azure-4.12.14-16.149.1, kernel-syms-azure-4.12.14-16.149.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 47 Maintenance Automation 2023-09-20 12:30:02 UTC

SUSE-SU-2023:3705-1: An update that solves 16 vulnerabilities, contains two features and has 29 security fixes can now be installed.

Category: security (important)
Bug References: 1120059, 1203517, 1210327, 1210448, 1212051, 1213543, 1213546, 1213601, 1213666, 1213899, 1213904, 1213906, 1213908, 1213910, 1213911, 1213912, 1213921, 1213927, 1213969, 1213970, 1213971, 1214019, 1214149, 1214157, 1214209, 1214233, 1214299, 1214335, 1214348, 1214350, 1214451, 1214453, 1214752, 1214928, 1215028, 1215032, 1215034, 1215035, 1215036, 1215037, 1215038, 1215041, 1215046, 1215049, 1215057
CVE References: CVE-2022-36402, CVE-2023-2007, CVE-2023-20588, CVE-2023-34319, CVE-2023-3772, CVE-2023-3812, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128, CVE-2023-4132, CVE-2023-4133, CVE-2023-4134, CVE-2023-4194, CVE-2023-4385, CVE-2023-4387, CVE-2023-4459
Jira References: PED-4579, SLE-18779
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_48-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.176.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-4.12.14-122.176.1, kernel-source-4.12.14-122.176.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-4.12.14-122.176.1, kernel-source-4.12.14-122.176.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-4.12.14-122.176.1, kernel-source-4.12.14-122.176.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 60 Maintenance Automation 2023-11-02 16:30:22 UTC

SUSE-SU-2023:4348-1: An update that solves 11 vulnerabilities and has three security fixes can now be installed.

Category: security (important)
Bug References: 1210778, 1210853, 1212051, 1214842, 1215095, 1215467, 1215518, 1215745, 1215858, 1215860, 1215861, 1216046, 1216051, 1216134
CVE References: CVE-2023-2163, CVE-2023-31085, CVE-2023-3111, CVE-2023-34324, CVE-2023-3777, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-45862
Sources used:
openSUSE Leap 15.3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2, kernel-obs-qa-5.3.18-150300.59.141.1, kernel-source-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-livepatch-SLE15-SP3_Update_38-1-150300.7.3.2
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_38-1-150300.7.3.2
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2
SUSE Manager Proxy 4.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1
SUSE Manager Retail Branch Server 4.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1
SUSE Manager Server 4.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1
SUSE Enterprise Storage 7.1 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 61 Maintenance Automation 2023-11-03 16:30:20 UTC

SUSE-SU-2023:4358-1: An update that solves nine vulnerabilities and has one security fix can now be installed.

Category: security (important)
Bug References: 1212051, 1214842, 1215095, 1215467, 1215518, 1215745, 1215858, 1215860, 1215861, 1216046
CVE References: CVE-2023-2163, CVE-2023-3111, CVE-2023-34324, CVE-2023-3777, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 62 Maintenance Automation 2023-11-06 16:30:02 UTC

SUSE-SU-2023:4377-1: An update that solves 10 vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1210778, 1210853, 1212051, 1215467, 1215518, 1215745, 1215858, 1215860, 1215861, 1216046, 1216051, 1216134
CVE References: CVE-2023-2163, CVE-2023-31085, CVE-2023-3111, CVE-2023-34324, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-45862
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_42-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.169.1, kernel-source-5.3.18-150200.24.169.1, kernel-syms-5.3.18-150200.24.169.1, kernel-default-base-5.3.18-150200.24.169.1.150200.9.85.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.169.1, kernel-source-5.3.18-150200.24.169.1, kernel-syms-5.3.18-150200.24.169.1, kernel-default-base-5.3.18-150200.24.169.1.150200.9.85.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.169.1, kernel-source-5.3.18-150200.24.169.1, kernel-syms-5.3.18-150200.24.169.1, kernel-default-base-5.3.18-150200.24.169.1.150200.9.85.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 66 Maintenance Automation 2024-01-17 12:36:42 UTC

SUSE-SU-2024:0112-1: An update that solves 13 vulnerabilities and has one security fix can now be installed.

Category: security (important)
Bug References: 1179610, 1205762, 1210778, 1212051, 1212703, 1215237, 1215858, 1215860, 1216046, 1216058, 1216976, 1217947, 1218253, 1218559
CVE References: CVE-2020-26555, CVE-2022-45887, CVE-2023-1206, CVE-2023-31085, CVE-2023-3111, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39197, CVE-2023-45863, CVE-2023-51779, CVE-2023-6606, CVE-2023-6932
Sources used:
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (src): kernel-source-3.0.101-108.150.1, kernel-syms-3.0.101-108.150.1
SUSE Linux Enterprise Server 11 SP4 (src): kernel-source-3.0.101-108.150.1, kernel-syms-3.0.101-108.150.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.