Bug 1216058 (CVE-2023-45863) - VUL-0: CVE-2023-45863: kernel: renaming a network device can cause a buffer overflow on the kernel heap, upstream 3bb2a01caa81
Summary: VUL-0: CVE-2023-45863: kernel: renaming a network device can cause a buffer o...
Status: NEW
Alias: CVE-2023-45863
Product: SUSE Security Incidents
Classification: Novell Products
Component: General (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/381154/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-45863:6.4:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-10-09 13:49 UTC by Oliver Neukum
Modified: 2024-01-30 12:21 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Neukum 2023-10-09 13:49:53 UTC 
This is from upstream:

commit 3bb2a01caa813d3a1845d378bbe4169ef280d394
Author: Wang Hai <wanghai38@huawei.com>
Date:   Tue Dec 20 09:21:43 2022 +0800

    kobject: Fix slab-out-of-bounds in fill_kobj_path()
    
    In kobject_get_path(), if kobj->name is changed between calls
    get_kobj_path_length() and fill_kobj_path() and the length becomes
    longer, then fill_kobj_path() will have an out-of-bounds bug.
    
    The actual current problem occurs when the ixgbe probe.
    
    In ixgbe_mii_bus_init(), if the length of netdev->dev.kobj.name
    length becomes longer, out-of-bounds will occur.

--

This is not a very serious issue, because you need root rights, but this is a race condition which allows you to cause a heap overflow in kernel space, which is technically a security issue.
Comment 3 Robert Frohl 2023-10-15 13:26:27 UTC 
got assigned CVE-2023-45863
Comment 10 Joey Lee 2023-11-24 07:32:44 UTC 
Status update:

- cve/linux-3.0     [wait merge]
- cve/linux-4.4     [wait merge]
- cve/linux-4.12    [DONE]
- cve/linux-5.3     [wait merge]
- SLE15-SP4         [wait merge]
- SLE15-SP5         [wait merge]
Comment 29 Maintenance Automation 2023-12-12 16:30:03 UTC 
SUSE-SU-2023:4732-1: An update that solves 15 vulnerabilities, contains three features and has 39 security fixes can now be installed.

Category: security (important)
Bug References: 1207948, 1210447, 1212649, 1214286, 1214700, 1214840, 1214976, 1215095, 1215123, 1215124, 1215292, 1215420, 1215458, 1215710, 1215802, 1215931, 1216058, 1216105, 1216259, 1216527, 1216584, 1216621, 1216687, 1216693, 1216759, 1216761, 1216788, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217095, 1217124, 1217140, 1217147, 1217195, 1217196, 1217200, 1217205, 1217332, 1217366, 1217511, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780
CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-3777, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46813, CVE-2023-46862, CVE-2023-5158, CVE-2023-5633, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
Jira References: PED-3184, PED-5021, PED-7237
Sources used:
openSUSE Leap 15.5 (src): kernel-source-rt-5.14.21-150500.13.27.2, kernel-syms-rt-5.14.21-150500.13.27.1, kernel-livepatch-SLE15-SP5-RT_Update_8-1-150500.11.3.2
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_8-1-150500.11.3.2
SUSE Real Time Module 15-SP5 (src): kernel-source-rt-5.14.21-150500.13.27.2, kernel-syms-rt-5.14.21-150500.13.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Maintenance Automation 2023-12-12 16:30:15 UTC 
SUSE-SU-2023:4731-1: An update that solves 12 vulnerabilities, contains three features and has 28 security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1189998, 1210447, 1214286, 1214976, 1215124, 1215292, 1215420, 1215458, 1215710, 1216058, 1216105, 1216259, 1216584, 1216693, 1216759, 1216761, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217124, 1217140, 1217195, 1217200, 1217205, 1217332, 1217366, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780
CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
Jira References: PED-3184, PED-5021, PED-7237
Sources used:
openSUSE Leap 15.4 (src): kernel-source-rt-5.14.21-150400.15.62.1, kernel-syms-rt-5.14.21-150400.15.62.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_16-1-150400.1.3.1
SUSE Real Time Module 15-SP4 (src): kernel-source-rt-5.14.21-150400.15.62.1, kernel-syms-rt-5.14.21-150400.15.62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Maintenance Automation 2023-12-12 16:30:26 UTC 
SUSE-SU-2023:4735-1: An update that solves seven vulnerabilities, contains two features and has 19 security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1176950, 1190208, 1203496, 1205462, 1208787, 1210780, 1214037, 1214285, 1214408, 1214764, 1216031, 1216058, 1216259, 1216584, 1216759, 1216965, 1216976, 1217036, 1217087, 1217206, 1217519, 1217525, 1217603, 1217604, 1217607
CVE References: CVE-2023-0461, CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717
Jira References: PED-3184, PED-5021
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-source-rt-4.12.14-10.154.1, kernel-syms-rt-4.12.14-10.154.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Maintenance Automation 2023-12-12 16:30:32 UTC 
SUSE-SU-2023:4734-1: An update that solves 13 vulnerabilities, contains three features and has 38 security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1207948, 1210447, 1214286, 1214700, 1214840, 1214976, 1215123, 1215124, 1215292, 1215420, 1215458, 1215710, 1215802, 1215931, 1216058, 1216105, 1216259, 1216527, 1216584, 1216687, 1216693, 1216759, 1216788, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217095, 1217124, 1217140, 1217147, 1217195, 1217196, 1217200, 1217205, 1217332, 1217366, 1217511, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780
CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5633, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
Jira References: PED-3184, PED-5021, PED-7237
Sources used:
openSUSE Leap 15.5 (src): kernel-syms-azure-5.14.21-150500.33.26.1, kernel-source-azure-5.14.21-150500.33.26.1
Public Cloud Module 15-SP5 (src): kernel-syms-azure-5.14.21-150500.33.26.1, kernel-source-azure-5.14.21-150500.33.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Maintenance Automation 2023-12-12 16:30:42 UTC 
SUSE-SU-2023:4733-1: An update that solves seven vulnerabilities, contains two features and has eight security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1210780, 1214037, 1214344, 1214764, 1215371, 1216058, 1216259, 1216584, 1216965, 1216976, 1217140, 1217332, 1217408, 1217780
CVE References: CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717, CVE-2023-6176
Jira References: PED-3184, PED-5021
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Maintenance Automation 2023-12-12 16:30:48 UTC 
SUSE-SU-2023:4730-1: An update that solves 13 vulnerabilities, contains three features and has 38 security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1207948, 1210447, 1214286, 1214700, 1214840, 1214976, 1215123, 1215124, 1215292, 1215420, 1215458, 1215710, 1215802, 1215931, 1216058, 1216105, 1216259, 1216527, 1216584, 1216687, 1216693, 1216759, 1216788, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217095, 1217124, 1217140, 1217147, 1217195, 1217196, 1217200, 1217205, 1217332, 1217366, 1217511, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780
CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5633, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
Jira References: PED-3184, PED-5021, PED-7237
Sources used:
openSUSE Leap 15.5 (src): kernel-syms-5.14.21-150500.55.39.1, kernel-source-5.14.21-150500.55.39.1, kernel-livepatch-SLE15-SP5_Update_8-1-150500.11.3.1, kernel-obs-build-5.14.21-150500.55.39.1, kernel-obs-qa-5.14.21-150500.55.39.1, kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1
SUSE Linux Enterprise Micro 5.5 (src): kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1
Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.39.1, kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1
Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.39.1, kernel-syms-5.14.21-150500.55.39.1, kernel-obs-build-5.14.21-150500.55.39.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_8-1-150500.11.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Maintenance Automation 2023-12-13 16:30:06 UTC 
SUSE-SU-2023:4784-1: An update that solves seven vulnerabilities, contains two features and has 19 security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1176950, 1190208, 1203496, 1205462, 1208787, 1210780, 1214037, 1214285, 1214408, 1214764, 1216031, 1216058, 1216259, 1216584, 1216759, 1216965, 1216976, 1217036, 1217087, 1217206, 1217519, 1217525, 1217603, 1217604, 1217607
CVE References: CVE-2023-0461, CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717
Jira References: PED-3184, PED-5021
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_51-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.186.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-4.12.14-122.186.1, kernel-syms-4.12.14-122.186.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-4.12.14-122.186.1, kernel-syms-4.12.14-122.186.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-4.12.14-122.186.1, kernel-syms-4.12.14-122.186.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Maintenance Automation 2023-12-13 16:30:11 UTC 
SUSE-SU-2023:4783-1: An update that solves seven vulnerabilities, contains two features and has five security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1210780, 1214037, 1214344, 1214764, 1216058, 1216259, 1216584, 1216965, 1216976, 1217332, 1217780
CVE References: CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717, CVE-2023-6176
Jira References: PED-3184, PED-5021
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_43-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-syms-5.3.18-150200.24.172.1, kernel-default-base-5.3.18-150200.24.172.1.150200.9.87.1, kernel-source-5.3.18-150200.24.172.1, kernel-obs-build-5.3.18-150200.24.172.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-syms-5.3.18-150200.24.172.1, kernel-default-base-5.3.18-150200.24.172.1.150200.9.87.1, kernel-source-5.3.18-150200.24.172.1, kernel-obs-build-5.3.18-150200.24.172.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-syms-5.3.18-150200.24.172.1, kernel-default-base-5.3.18-150200.24.172.1.150200.9.87.1, kernel-source-5.3.18-150200.24.172.1, kernel-obs-build-5.3.18-150200.24.172.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Maintenance Automation 2023-12-13 16:30:48 UTC 
SUSE-SU-2023:4782-1: An update that solves 12 vulnerabilities, contains three features and has 25 security fixes can now be installed.

Category: security (important)
Bug References: 1210447, 1214286, 1214976, 1215124, 1215292, 1215420, 1215458, 1215710, 1216058, 1216105, 1216259, 1216584, 1216693, 1216759, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217124, 1217140, 1217195, 1217200, 1217205, 1217332, 1217366, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780
CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
Jira References: PED-3184, PED-5021, PED-7237
Sources used:
openSUSE Leap 15.4 (src): kernel-source-azure-5.14.21-150400.14.75.1, kernel-syms-azure-5.14.21-150400.14.75.1
Public Cloud Module 15-SP4 (src): kernel-source-azure-5.14.21-150400.14.75.1, kernel-syms-azure-5.14.21-150400.14.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Maintenance Automation 2023-12-13 20:30:26 UTC 
SUSE-SU-2023:4811-1: An update that solves seven vulnerabilities, contains two features and has eight security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1210780, 1214037, 1214344, 1214764, 1215371, 1216058, 1216259, 1216584, 1216965, 1216976, 1217140, 1217332, 1217408, 1217780
CVE References: CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717, CVE-2023-6176
Jira References: PED-3184, PED-5021
Sources used:
openSUSE Leap 15.3 (src): kernel-obs-build-5.3.18-150300.59.144.1, kernel-syms-5.3.18-150300.59.144.1, kernel-livepatch-SLE15-SP3_Update_39-1-150300.7.3.1, kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1, kernel-obs-qa-5.3.18-150300.59.144.1, kernel-source-5.3.18-150300.59.144.1
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_39-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.144.1, kernel-syms-5.3.18-150300.59.144.1, kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1, kernel-source-5.3.18-150300.59.144.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.144.1, kernel-syms-5.3.18-150300.59.144.1, kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1, kernel-source-5.3.18-150300.59.144.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-obs-build-5.3.18-150300.59.144.1, kernel-syms-5.3.18-150300.59.144.1, kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1, kernel-source-5.3.18-150300.59.144.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.144.1, kernel-syms-5.3.18-150300.59.144.1, kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1, kernel-source-5.3.18-150300.59.144.1
SUSE Enterprise Storage 7.1 (src): kernel-obs-build-5.3.18-150300.59.144.1, kernel-syms-5.3.18-150300.59.144.1, kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1, kernel-source-5.3.18-150300.59.144.1
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Maintenance Automation 2023-12-13 20:30:33 UTC 
SUSE-SU-2023:4810-1: An update that solves 12 vulnerabilities, contains three features and has 26 security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1210447, 1214286, 1214976, 1215124, 1215292, 1215420, 1215458, 1215710, 1216058, 1216105, 1216259, 1216584, 1216693, 1216759, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217124, 1217140, 1217195, 1217200, 1217205, 1217332, 1217366, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780
CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
Jira References: PED-3184, PED-5021, PED-7237
Sources used:
openSUSE Leap 15.4 (src): kernel-obs-qa-5.14.21-150400.24.100.1, kernel-obs-build-5.14.21-150400.24.100.2, kernel-syms-5.14.21-150400.24.100.1, kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2, kernel-source-5.14.21-150400.24.100.2, kernel-livepatch-SLE15-SP4_Update_21-1-150400.9.3.2
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
openSUSE Leap Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
Basesystem Module 15-SP4 (src): kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2, kernel-source-5.14.21-150400.24.100.2
Development Tools Module 15-SP4 (src): kernel-source-5.14.21-150400.24.100.2, kernel-obs-build-5.14.21-150400.24.100.2, kernel-syms-5.14.21-150400.24.100.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_21-1-150400.9.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Maintenance Automation 2023-12-15 12:30:01 UTC 
SUSE-SU-2023:4882-1: An update that solves seven vulnerabilities, contains two features and has one security fix can now be installed.

Category: security (important)
Bug References: 1084909, 1208787, 1210780, 1216058, 1216259, 1216584, 1216965, 1216976
CVE References: CVE-2023-0461, CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717
Jira References: PED-3184, PED-5021
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_46-1-150100.3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.165.1, kernel-obs-build-4.12.14-150100.197.165.1, kernel-source-4.12.14-150100.197.165.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.165.1, kernel-obs-build-4.12.14-150100.197.165.1, kernel-source-4.12.14-150100.197.165.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-syms-4.12.14-150100.197.165.1, kernel-obs-build-4.12.14-150100.197.165.1, kernel-source-4.12.14-150100.197.165.1
SUSE CaaS Platform 4.0 (src): kernel-syms-4.12.14-150100.197.165.1, kernel-obs-build-4.12.14-150100.197.165.1, kernel-source-4.12.14-150100.197.165.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Maintenance Automation 2023-12-15 12:30:08 UTC 
SUSE-SU-2023:4883-1: An update that solves seven vulnerabilities, contains two features and has 18 security fixes can now be installed.

Category: security (important)
Bug References: 1176950, 1190208, 1203496, 1205462, 1208787, 1210780, 1214037, 1214285, 1214408, 1214764, 1216031, 1216058, 1216259, 1216584, 1216759, 1216965, 1216976, 1217036, 1217087, 1217206, 1217519, 1217525, 1217603, 1217604, 1217607
CVE References: CVE-2023-0461, CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717
Jira References: PED-3184, PED-5021
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-azure-4.12.14-16.160.1, kernel-syms-azure-4.12.14-16.160.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-azure-4.12.14-16.160.1, kernel-syms-azure-4.12.14-16.160.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-azure-4.12.14-16.160.1, kernel-syms-azure-4.12.14-16.160.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Joey Lee 2024-01-02 07:23:54 UTC 
(In reply to Joey Lee from comment #10)
> Status update:
> 
> - cve/linux-3.0     [wait merge]
> - cve/linux-4.4     [wait merge]
> - cve/linux-4.12    [DONE]
> - cve/linux-5.3     [wait merge]
> - SLE15-SP4         [wait merge]
> - SLE15-SP5         [wait merge]

Status update:

- cve/linux-3.0     [DONE]
- cve/linux-4.4     [wait merge]
- cve/linux-4.12    [DONE]
- cve/linux-5.3     [DONE]
- SLE15-SP4         [DONE]
- SLE15-SP5         [DONE]
Comment 44 Joey Lee 2024-01-03 14:31:09 UTC 
(In reply to Joey Lee from comment #43)
> (In reply to Joey Lee from comment #10)
> > Status update:
> > 
> > - cve/linux-3.0     [wait merge]
> > - cve/linux-4.4     [wait merge]
> > - cve/linux-4.12    [DONE]
> > - cve/linux-5.3     [wait merge]
> > - SLE15-SP4         [wait merge]
> > - SLE15-SP5         [wait merge]
> 
> Status update:
> 
> - cve/linux-3.0     [DONE]
> - cve/linux-4.4     [wait merge]
> - cve/linux-4.12    [DONE]
> - cve/linux-5.3     [DONE]
> - SLE15-SP4         [DONE]
> - SLE15-SP5         [DONE]

Status update:

- cve/linux-3.0     [DONE]
- cve/linux-4.4     [DONE]
- cve/linux-4.12    [DONE]
- cve/linux-5.3     [DONE]
- SLE15-SP4         [DONE]
- SLE15-SP5         [DONE]

Reset assigner.
Comment 48 Maintenance Automation 2024-01-17 12:36:42 UTC 
SUSE-SU-2024:0112-1: An update that solves 13 vulnerabilities and has one security fix can now be installed.

Category: security (important)
Bug References: 1179610, 1205762, 1210778, 1212051, 1212703, 1215237, 1215858, 1215860, 1216046, 1216058, 1216976, 1217947, 1218253, 1218559
CVE References: CVE-2020-26555, CVE-2022-45887, CVE-2023-1206, CVE-2023-31085, CVE-2023-3111, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39197, CVE-2023-45863, CVE-2023-51779, CVE-2023-6606, CVE-2023-6932
Sources used:
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (src): kernel-source-3.0.101-108.150.1, kernel-syms-3.0.101-108.150.1
SUSE Linux Enterprise Server 11 SP4 (src): kernel-source-3.0.101-108.150.1, kernel-syms-3.0.101-108.150.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.