Bug 1217946 (CVE-2023-6610) - VUL-0: CVE-2023-6610: kernel: OOB Access in smb2_dump_detail
Summary: VUL-0: CVE-2023-6610: kernel: OOB Access in smb2_dump_detail
Status: RESOLVED FIXED
Alias: CVE-2023-6610
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/387412/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-6610:6.1:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-12-11 13:07 UTC by SMASH SMASH
Modified: 2024-06-25 18:02 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2023-12-11 13:07:47 UTC 
An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

References:
https://bugzilla.kernel.org/show_bug.cgi?id=218219
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6610
Comment 5 Paulo Alcantara 2023-12-18 14:09:55 UTC 
FYI, I posted a patch[1] to fix this CVE.

It was already applied to maintainer's for-next branch and I'm waiting for some potential feedbacks before backporting it.

[1] https://lore.kernel.org/r/20231216041005.7948-2-pc@manguebit.com
Comment 6 Oscar Salvador 2024-01-08 18:48:36 UTC 
(In reply to Paulo Alcantara from comment #5)
> FYI, I posted a patch[1] to fix this CVE.
> 
> It was already applied to maintainer's for-next branch and I'm waiting for
> some potential feedbacks before backporting it.
> 
> [1] https://lore.kernel.org/r/20231216041005.7948-2-pc@manguebit.com

What is the status on this one? It seems we need it for the next MU [1]

[1] https://confluence.suse.com/display/maintenancesecurity/2024-01-16+Kernel+update
Comment 7 Paulo Alcantara 2024-01-09 14:40:52 UTC 
(In reply to Oscar Salvador from comment #6)
> (In reply to Paulo Alcantara from comment #5)
> > FYI, I posted a patch[1] to fix this CVE.
> > 
> > It was already applied to maintainer's for-next branch and I'm waiting for
> > some potential feedbacks before backporting it.
> > 
> > [1] https://lore.kernel.org/r/20231216041005.7948-2-pc@manguebit.com
> 
> What is the status on this one? It seems we need it for the next MU [1]
> 
> [1]
> https://confluence.suse.com/display/maintenancesecurity/2024-01-
> 16+Kernel+update

I've backported the fix to all affected branches and some of them have been merged already.
Comment 8 Paulo Alcantara 2024-01-09 14:46:39 UTC 
For SLE15-SP5 I'd expect the fix to be automatically merged from SLE15-SP4, according to kerncvs.  But if that isn't the case, then please let me know and then I can backport it to SLE15-SP5.
Comment 16 Paulo Alcantara 2024-01-10 18:51:27 UTC 
Reassign to security team to close it.
Comment 31 Maintenance Automation 2024-01-16 16:30:07 UTC 
SUSE-SU-2024:0129-1: An update that solves 10 vulnerabilities, contains three features and has 31 security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1183045, 1193285, 1211162, 1211226, 1212584, 1214747, 1214823, 1215237, 1215696, 1215885, 1216057, 1216559, 1216776, 1217036, 1217217, 1217250, 1217602, 1217692, 1217790, 1217801, 1217933, 1217938, 1217946, 1217947, 1217980, 1217981, 1217982, 1218056, 1218139, 1218184, 1218234, 1218253, 1218258, 1218335, 1218357, 1218447, 1218515, 1218559, 1218569, 1218659
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6531, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6931, CVE-2023-6932
Jira References: PED-3459, PED-5021, PED-7322
Sources used:
SUSE Real Time Module 15-SP4 (src): kernel-syms-rt-5.14.21-150400.15.65.1, kernel-source-rt-5.14.21-150400.15.65.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_17-1-150400.1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Maintenance Automation 2024-01-16 16:30:13 UTC 
SUSE-SU-2024:0120-1: An update that solves eight vulnerabilities, contains one feature and has one security fix can now be installed.

Category: security (important)
Bug References: 1179610, 1202095, 1215237, 1217250, 1217946, 1217947, 1218253, 1218258, 1218559
CVE References: CVE-2020-26555, CVE-2022-2586, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_47-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.168.1, kernel-source-4.12.14-150100.197.168.1, kernel-obs-build-4.12.14-150100.197.168.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.168.1, kernel-source-4.12.14-150100.197.168.1, kernel-obs-build-4.12.14-150100.197.168.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-syms-4.12.14-150100.197.168.1, kernel-source-4.12.14-150100.197.168.1, kernel-obs-build-4.12.14-150100.197.168.1
SUSE CaaS Platform 4.0 (src): kernel-syms-4.12.14-150100.197.168.1, kernel-source-4.12.14-150100.197.168.1, kernel-obs-build-4.12.14-150100.197.168.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Maintenance Automation 2024-01-16 16:30:18 UTC 
SUSE-SU-2024:0117-1: An update that solves eight vulnerabilities, contains two features and has 13 security fixes can now be installed.

Category: security (important)
Bug References: 1109837, 1179610, 1202095, 1211226, 1211439, 1214158, 1214479, 1215237, 1217036, 1217250, 1217801, 1217936, 1217946, 1217947, 1218057, 1218184, 1218253, 1218258, 1218362, 1218559, 1218622
CVE References: CVE-2020-26555, CVE-2022-2586, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021, PED-5023
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_52-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.189.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-4.12.14-122.189.1, kernel-syms-4.12.14-122.189.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-4.12.14-122.189.1, kernel-syms-4.12.14-122.189.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-4.12.14-122.189.1, kernel-syms-4.12.14-122.189.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Maintenance Automation 2024-01-16 16:30:25 UTC 
SUSE-SU-2024:0115-1: An update that solves 10 vulnerabilities, contains three features and has 40 security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1183045, 1211162, 1211226, 1212139, 1212584, 1214117, 1214747, 1214823, 1215237, 1215696, 1215885, 1215952, 1216032, 1216057, 1216559, 1216776, 1217036, 1217217, 1217250, 1217602, 1217692, 1217790, 1217801, 1217822, 1217927, 1217933, 1217938, 1217946, 1217947, 1217980, 1217981, 1217982, 1218056, 1218092, 1218139, 1218184, 1218229, 1218234, 1218253, 1218258, 1218335, 1218357, 1218397, 1218447, 1218461, 1218515, 1218559, 1218569, 1218643
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6531, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6931, CVE-2023-6932
Jira References: PED-3459, PED-5021, PED-7167
Sources used:
openSUSE Leap 15.5 (src): kernel-source-rt-5.14.21-150500.13.30.1, kernel-livepatch-SLE15-SP5-RT_Update_9-1-150500.11.3.1, kernel-syms-rt-5.14.21-150500.13.30.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_9-1-150500.11.3.1
SUSE Real Time Module 15-SP5 (src): kernel-source-rt-5.14.21-150500.13.30.1, kernel-syms-rt-5.14.21-150500.13.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Maintenance Automation 2024-01-17 12:36:27 UTC 
SUSE-SU-2024:0118-1: An update that solves eight vulnerabilities, contains two features and has 12 security fixes can now be installed.

Category: security (important)
Bug References: 1109837, 1179610, 1202095, 1211226, 1211439, 1214479, 1215237, 1217036, 1217250, 1217801, 1217936, 1217946, 1217947, 1218057, 1218184, 1218253, 1218258, 1218362, 1218559, 1218622
CVE References: CVE-2020-26555, CVE-2022-2586, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021, PED-5023
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-source-rt-4.12.14-10.157.1, kernel-syms-rt-4.12.14-10.157.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Maintenance Automation 2024-01-17 12:36:37 UTC 
SUSE-SU-2024:0113-1: An update that solves eight vulnerabilities, contains two features and has 13 security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1109837, 1179610, 1202095, 1211226, 1211439, 1214479, 1215237, 1217036, 1217250, 1217801, 1217936, 1217946, 1217947, 1218057, 1218184, 1218253, 1218258, 1218362, 1218559, 1218622
CVE References: CVE-2020-26555, CVE-2022-2586, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021, PED-5023
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-azure-4.12.14-16.163.1, kernel-syms-azure-4.12.14-16.163.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-azure-4.12.14-16.163.1, kernel-syms-azure-4.12.14-16.163.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-azure-4.12.14-16.163.1, kernel-syms-azure-4.12.14-16.163.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Maintenance Automation 2024-01-17 12:36:49 UTC 
SUSE-SU-2024:0110-1: An update that solves seven vulnerabilities, contains one feature and has six security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1211226, 1215237, 1215375, 1217250, 1217709, 1217946, 1217947, 1218105, 1218184, 1218253, 1218258, 1218559
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Maintenance Automation 2024-01-18 12:30:18 UTC 
SUSE-SU-2024:0141-1: An update that solves 10 vulnerabilities, contains three features and has 41 security fixes can now be installed.

Category: security (important)
Bug References: 1108281, 1179610, 1183045, 1211162, 1211226, 1212139, 1212584, 1214117, 1214747, 1214823, 1215237, 1215696, 1215885, 1215952, 1216032, 1216057, 1216559, 1216776, 1217036, 1217217, 1217250, 1217602, 1217692, 1217790, 1217801, 1217822, 1217927, 1217933, 1217938, 1217946, 1217947, 1217980, 1217981, 1217982, 1218056, 1218092, 1218139, 1218184, 1218229, 1218234, 1218253, 1218258, 1218335, 1218357, 1218397, 1218447, 1218461, 1218515, 1218559, 1218569, 1218643
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6531, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6931, CVE-2023-6932
Jira References: PED-3459, PED-5021, PED-7167
Sources used:
openSUSE Leap 15.5 (src): kernel-syms-azure-5.14.21-150500.33.29.1, kernel-source-azure-5.14.21-150500.33.29.1
Public Cloud Module 15-SP5 (src): kernel-syms-azure-5.14.21-150500.33.29.1, kernel-source-azure-5.14.21-150500.33.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Maintenance Automation 2024-01-18 16:30:03 UTC 
SUSE-SU-2024:0154-1: An update that solves seven vulnerabilities, contains one feature and has two security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1215237, 1217250, 1217709, 1217946, 1217947, 1218253, 1218258, 1218559
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_44-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.175.1, kernel-default-base-5.3.18-150200.24.175.1.150200.9.89.1, kernel-syms-5.3.18-150200.24.175.1, kernel-source-5.3.18-150200.24.175.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.175.1, kernel-default-base-5.3.18-150200.24.175.1.150200.9.89.1, kernel-syms-5.3.18-150200.24.175.1, kernel-source-5.3.18-150200.24.175.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.175.1, kernel-default-base-5.3.18-150200.24.175.1.150200.9.89.1, kernel-syms-5.3.18-150200.24.175.1, kernel-source-5.3.18-150200.24.175.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Maintenance Automation 2024-01-18 16:30:07 UTC 
SUSE-SU-2024:0153-1: An update that solves seven vulnerabilities, contains one feature and has four security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1215237, 1215375, 1217250, 1217709, 1217946, 1217947, 1218105, 1218253, 1218258, 1218559
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932
Jira References: PED-5021
Sources used:
openSUSE Leap 15.3 (src): kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2, kernel-obs-qa-5.3.18-150300.59.147.1, kernel-livepatch-SLE15-SP3_Update_40-1-150300.7.3.2, kernel-syms-5.3.18-150300.59.147.1, kernel-source-5.3.18-150300.59.147.1, kernel-obs-build-5.3.18-150300.59.147.2
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_40-1-150300.7.3.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-syms-5.3.18-150300.59.147.1, kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2, kernel-source-5.3.18-150300.59.147.1, kernel-obs-build-5.3.18-150300.59.147.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-syms-5.3.18-150300.59.147.1, kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2, kernel-source-5.3.18-150300.59.147.1, kernel-obs-build-5.3.18-150300.59.147.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-syms-5.3.18-150300.59.147.1, kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2, kernel-source-5.3.18-150300.59.147.1, kernel-obs-build-5.3.18-150300.59.147.2
SUSE Enterprise Storage 7.1 (src): kernel-syms-5.3.18-150300.59.147.1, kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2, kernel-source-5.3.18-150300.59.147.1, kernel-obs-build-5.3.18-150300.59.147.2
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.147.2.150300.18.86.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Maintenance Automation 2024-01-18 20:30:09 UTC 
SUSE-SU-2024:0160-1: An update that solves 10 vulnerabilities, contains three features and has 42 security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1183045, 1211162, 1211226, 1212139, 1212584, 1214117, 1214158, 1214747, 1214823, 1215237, 1215696, 1215885, 1215952, 1216032, 1216057, 1216559, 1216776, 1217036, 1217217, 1217250, 1217602, 1217692, 1217790, 1217801, 1217822, 1217927, 1217933, 1217938, 1217946, 1217947, 1217980, 1217981, 1217982, 1218056, 1218092, 1218139, 1218184, 1218229, 1218234, 1218253, 1218258, 1218335, 1218357, 1218397, 1218447, 1218461, 1218515, 1218559, 1218569, 1218643, 1218738
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6531, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6931, CVE-2023-6932
Jira References: PED-3459, PED-5021, PED-7167
Sources used:
openSUSE Leap 15.5 (src): kernel-obs-build-5.14.21-150500.55.44.1, kernel-livepatch-SLE15-SP5_Update_9-1-150500.11.5.1, kernel-syms-5.14.21-150500.55.44.1, kernel-source-5.14.21-150500.55.44.1, kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2, kernel-obs-qa-5.14.21-150500.55.44.1
SUSE Linux Enterprise Micro 5.5 (src): kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2
Basesystem Module 15-SP5 (src): kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2, kernel-source-5.14.21-150500.55.44.1
Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.44.1, kernel-obs-build-5.14.21-150500.55.44.1, kernel-syms-5.14.21-150500.55.44.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_9-1-150500.11.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Maintenance Automation 2024-01-18 20:30:27 UTC 
SUSE-SU-2024:0156-1: An update that solves 10 vulnerabilities, contains three features and has 31 security fixes can now be installed.

Category: security (important)
Bug References: 1179610, 1183045, 1193285, 1211162, 1211226, 1212584, 1214747, 1214823, 1215237, 1215696, 1215885, 1216057, 1216559, 1216776, 1217036, 1217217, 1217250, 1217602, 1217692, 1217790, 1217801, 1217933, 1217938, 1217946, 1217947, 1217980, 1217981, 1217982, 1218056, 1218139, 1218184, 1218234, 1218253, 1218258, 1218335, 1218357, 1218447, 1218515, 1218559, 1218569, 1218659
CVE References: CVE-2020-26555, CVE-2023-51779, CVE-2023-6121, CVE-2023-6531, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6931, CVE-2023-6932
Jira References: PED-3459, PED-5021, PED-7322
Sources used:
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1, kernel-syms-5.14.21-150400.24.103.1
SUSE Linux Enterprise Real Time 15 SP4 (src): kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1, kernel-syms-5.14.21-150400.24.103.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1, kernel-syms-5.14.21-150400.24.103.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1, kernel-syms-5.14.21-150400.24.103.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1, kernel-syms-5.14.21-150400.24.103.1
SUSE Manager Proxy 4.3 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1
SUSE Manager Retail Branch Server 4.3 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1
SUSE Manager Server 4.3 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1
openSUSE Leap 15.4 (src): kernel-obs-qa-5.14.21-150400.24.103.1, kernel-source-5.14.21-150400.24.103.1, kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-livepatch-SLE15-SP4_Update_22-1-150400.9.3.1, kernel-syms-5.14.21-150400.24.103.1
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
openSUSE Leap Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_22-1-150400.9.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): kernel-obs-build-5.14.21-150400.24.103.1, kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1, kernel-source-5.14.21-150400.24.103.1, kernel-syms-5.14.21-150400.24.103.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 54 Maintenance Automation 2024-02-15 16:30:06 UTC 
SUSE-SU-2024:0484-1: An update that solves 15 vulnerabilities and has 15 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1108281, 1123986, 1141539, 1181674, 1206889, 1212152, 1216702, 1216989, 1217525, 1217946, 1217987, 1217988, 1217989, 1218689, 1218713, 1218730, 1218752, 1218757, 1218768, 1218836, 1218968, 1219022, 1219053, 1219120, 1219128, 1219412, 1219434, 1219445, 1219446
CVE References: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6610, CVE-2024-0340, CVE-2024-0775, CVE-2024-1086
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_53-1-8.5.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.194.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-4.12.14-122.194.1, kernel-source-4.12.14-122.194.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-4.12.14-122.194.1, kernel-source-4.12.14-122.194.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-4.12.14-122.194.1, kernel-source-4.12.14-122.194.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 57 Robert Frohl 2024-06-10 09:30:45 UTC 
done