Bug 1220187 (CVE-2024-26585) - VUL-0: CVE-2024-26585: kernel-source,kernel-source-azure,kernel-source-rt: tls: race condition between tx work scheduling and socket close
Summary: VUL-0: CVE-2024-26585: kernel-source,kernel-source-azure,kernel-source-rt: tl...
Status: RESOLVED FIXED
Alias: CVE-2024-26585
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/394739/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-26585:7.0:(AV:...
Keywords:
Depends on:
Blocks: 1220211
  Show dependency treegraph
 
Reported: 2024-02-22 09:04 UTC by SMASH SMASH
Modified: 2024-06-25 18:10 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-02-22 09:04:23 UTC 
In the Linux kernel, the following vulnerability has been resolved:

tls: fix race between tx work scheduling and socket close

Similarly to previous commit, the submitting thread (recvmsg/sendmsg)
may exit as soon as the async crypto handler calls complete().
Reorder scheduling the work before calling complete().
This seems more logical in the first place, as it's
the inverse order of what the submitting thread will do.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26585
https://www.cve.org/CVERecord?id=CVE-2024-26585
https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb
Comment 1 Carlos López 2024-02-22 09:11:38 UTC 
Affected:
 - cve/linux-5.3
 - cve/linux-5.14
 - SLE15-SP6
 - stable
Comment 6 Michal Kubeček 2024-03-05 02:35:41 UTC 
introduced      a42055e8d2c3    4.20-rc1
fixed           e01e3934a1b2    6.8-rc5

The offending commit has been backported into SLE15-SP1-LTSS and SLE12-SP5
(but not other 4.12 based branches).

The fix has been submitted to all relevant branches:

stable          6.7.6
SLE15-SP6       98f57ea554d3
cve/linux-5.14  1306bffd3f2f
cve/linux-5.3   72079991ab5c
SLE12-SP5       2d824bed7271
SLE15-SP1-LTSS  efdc94cf47ad

Reassigning back to security team.
Comment 25 Maintenance Automation 2024-03-12 20:30:09 UTC 
SUSE-SU-2024:0855-1: An update that solves 50 vulnerabilities, contains one feature and has 23 security fixes can now be installed.

Category: security (important)
Bug References: 1194869, 1206453, 1209412, 1216776, 1217927, 1218195, 1218216, 1218450, 1218527, 1218562, 1218663, 1218915, 1219126, 1219127, 1219141, 1219146, 1219295, 1219443, 1219653, 1219827, 1219835, 1219839, 1219840, 1219934, 1220003, 1220009, 1220021, 1220030, 1220106, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220251, 1220253, 1220254, 1220255, 1220257, 1220267, 1220277, 1220317, 1220325, 1220326, 1220328, 1220330, 1220335, 1220344, 1220348, 1220350, 1220364, 1220392, 1220393, 1220398, 1220409, 1220433, 1220444, 1220457, 1220459, 1220469, 1220649, 1220735, 1220736, 1220796, 1220825, 1220845, 1220848, 1220917, 1220930, 1220931, 1220933
CVE References: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2021-46934, CVE-2021-47083, CVE-2022-48627, CVE-2022-48628, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52462, CVE-2023-52463, CVE-2023-52464, CVE-2023-52467, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52530, CVE-2023-52531, CVE-2023-52559, CVE-2023-6270, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-25744, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26607, CVE-2024-26622
Jira References: PED-7618
Sources used:
openSUSE Leap 15.5 (src): kernel-syms-azure-5.14.21-150500.33.37.1, kernel-source-azure-5.14.21-150500.33.37.1
Public Cloud Module 15-SP5 (src): kernel-syms-azure-5.14.21-150500.33.37.1, kernel-source-azure-5.14.21-150500.33.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Maintenance Automation 2024-03-13 08:30:11 UTC 
SUSE-SU-2024:0858-1: An update that solves 39 vulnerabilities, contains one feature and has 23 security fixes can now be installed.

Category: security (important)
Bug References: 1194869, 1206453, 1209412, 1213456, 1216776, 1217927, 1218195, 1218216, 1218450, 1218527, 1218663, 1218915, 1219126, 1219127, 1219141, 1219146, 1219295, 1219443, 1219653, 1219827, 1219835, 1219839, 1219840, 1219934, 1220003, 1220009, 1220021, 1220030, 1220106, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220251, 1220253, 1220254, 1220255, 1220257, 1220267, 1220277, 1220317, 1220326, 1220328, 1220330, 1220335, 1220344, 1220348, 1220350, 1220364, 1220392, 1220393, 1220398, 1220409, 1220444, 1220457, 1220459, 1220649, 1220796, 1220825
CVE References: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2023-28746, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52463, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-25744, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26622
Jira References: PED-7618
Sources used:
openSUSE Leap 15.5 (src): kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1, kernel-syms-5.14.21-150500.55.52.1, kernel-source-5.14.21-150500.55.52.1, kernel-obs-qa-5.14.21-150500.55.52.1, kernel-obs-build-5.14.21-150500.55.52.1, kernel-livepatch-SLE15-SP5_Update_11-1-150500.11.3.1
SUSE Linux Enterprise Micro 5.5 (src): kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1
Basesystem Module 15-SP5 (src): kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1, kernel-source-5.14.21-150500.55.52.1
Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.52.1, kernel-syms-5.14.21-150500.55.52.1, kernel-obs-build-5.14.21-150500.55.52.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_11-1-150500.11.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Maintenance Automation 2024-03-13 08:30:21 UTC 
SUSE-SU-2024:0857-1: An update that solves 67 vulnerabilities and has four security fixes can now be installed.

Category: security (important)
Bug References: 1200599, 1207653, 1212514, 1213456, 1216223, 1218195, 1218689, 1218915, 1219127, 1219128, 1219146, 1219295, 1219653, 1219827, 1219835, 1219915, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220253, 1220255, 1220328, 1220330, 1220344, 1220398, 1220409, 1220416, 1220418, 1220421, 1220436, 1220444, 1220459, 1220469, 1220482, 1220526, 1220538, 1220570, 1220572, 1220599, 1220627, 1220641, 1220649, 1220660, 1220689, 1220700, 1220735, 1220736, 1220737, 1220742, 1220745, 1220767, 1220796, 1220825, 1220826, 1220831, 1220845, 1220860, 1220863, 1220870, 1220917, 1220918, 1220930, 1220931, 1220932, 1221039, 1221040
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46904, CVE-2021-46905, CVE-2021-46906, CVE-2021-46915, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46934, CVE-2021-46953, CVE-2021-46964, CVE-2021-46966, CVE-2021-46968, CVE-2021-46974, CVE-2021-46989, CVE-2021-47005, CVE-2021-47012, CVE-2021-47013, CVE-2021-47054, CVE-2021-47060, CVE-2021-47061, CVE-2021-47069, CVE-2021-47076, CVE-2021-47078, CVE-2021-47083, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-51042, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52463, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52569, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2023-6817, CVE-2024-0340, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26593, CVE-2024-26595, CVE-2024-26602, CVE-2024-26607, CVE-2024-26622
Sources used:
openSUSE Leap 15.3 (src): kernel-obs-qa-5.3.18-150300.59.153.1, kernel-livepatch-SLE15-SP3_Update_42-1-150300.7.3.2, kernel-syms-5.3.18-150300.59.153.1, kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_42-1-150300.7.3.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-syms-5.3.18-150300.59.153.1, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-syms-5.3.18-150300.59.153.1, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-syms-5.3.18-150300.59.153.1, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Enterprise Storage 7.1 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-syms-5.3.18-150300.59.153.1, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Maintenance Automation 2024-03-13 08:30:40 UTC 
SUSE-SU-2024:0856-1: An update that solves 67 vulnerabilities and has seven security fixes can now be installed.

Category: security (important)
Bug References: 1155518, 1184436, 1185988, 1186286, 1200599, 1207653, 1212514, 1213456, 1216223, 1218195, 1218689, 1218915, 1219127, 1219128, 1219146, 1219295, 1219653, 1219827, 1219835, 1219915, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220253, 1220255, 1220328, 1220330, 1220344, 1220398, 1220409, 1220416, 1220418, 1220421, 1220436, 1220444, 1220459, 1220469, 1220482, 1220526, 1220538, 1220570, 1220572, 1220599, 1220627, 1220641, 1220649, 1220660, 1220700, 1220735, 1220736, 1220737, 1220742, 1220745, 1220767, 1220796, 1220825, 1220826, 1220831, 1220845, 1220860, 1220863, 1220870, 1220917, 1220918, 1220930, 1220931, 1220932, 1221039, 1221040
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46904, CVE-2021-46905, CVE-2021-46906, CVE-2021-46915, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46934, CVE-2021-46953, CVE-2021-46964, CVE-2021-46966, CVE-2021-46968, CVE-2021-46974, CVE-2021-46989, CVE-2021-47005, CVE-2021-47012, CVE-2021-47013, CVE-2021-47054, CVE-2021-47060, CVE-2021-47061, CVE-2021-47069, CVE-2021-47076, CVE-2021-47078, CVE-2021-47083, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-51042, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52463, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52569, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2023-6817, CVE-2024-0340, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26593, CVE-2024-26595, CVE-2024-26602, CVE-2024-26607, CVE-2024-26622
Sources used:
SUSE Linux Enterprise Micro 5.1 (src): kernel-source-rt-5.3.18-150300.161.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-source-rt-5.3.18-150300.161.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-source-rt-5.3.18-150300.161.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Maintenance Automation 2024-03-14 20:30:11 UTC 
SUSE-SU-2024:0900-1: An update that solves 49 vulnerabilities and has five security fixes can now be installed.

Category: security (important)
Bug References: 1211515, 1213456, 1214064, 1218195, 1218216, 1218562, 1218915, 1219073, 1219126, 1219127, 1219146, 1219295, 1219633, 1219653, 1219827, 1219835, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220251, 1220253, 1220254, 1220255, 1220257, 1220326, 1220328, 1220330, 1220335, 1220344, 1220350, 1220364, 1220398, 1220409, 1220433, 1220444, 1220457, 1220459, 1220469, 1220649, 1220735, 1220736, 1220796, 1220797, 1220825, 1220845, 1220917, 1220930, 1220931, 1220933
CVE References: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2021-46934, CVE-2021-47083, CVE-2022-48627, CVE-2023-28746, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52463, CVE-2023-52464, CVE-2023-52467, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52484, CVE-2023-52530, CVE-2023-52531, CVE-2023-52559, CVE-2023-6270, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26607, CVE-2024-26622
Sources used:
openSUSE Leap 15.4 (src): kernel-syms-5.14.21-150400.24.111.1, kernel-source-5.14.21-150400.24.111.1, kernel-obs-build-5.14.21-150400.24.111.1, kernel-livepatch-SLE15-SP4_Update_24-1-150400.9.3.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-obs-qa-5.14.21-150400.24.111.1
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
openSUSE Leap Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_24-1-150400.9.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): kernel-source-5.14.21-150400.24.111.1, kernel-obs-build-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): kernel-source-5.14.21-150400.24.111.1, kernel-obs-build-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): kernel-source-5.14.21-150400.24.111.1, kernel-obs-build-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): kernel-source-5.14.21-150400.24.111.1, kernel-obs-build-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): kernel-source-5.14.21-150400.24.111.1, kernel-obs-build-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1
SUSE Manager Proxy 4.3 (src): kernel-source-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Manager Retail Branch Server 4.3 (src): kernel-source-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Manager Server 4.3 (src): kernel-source-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Maintenance Automation 2024-03-15 16:30:09 UTC 
SUSE-SU-2024:0910-1: An update that solves 39 vulnerabilities, contains one feature and has 23 security fixes can now be installed.

Category: security (important)
Bug References: 1194869, 1206453, 1209412, 1213456, 1216776, 1217927, 1218195, 1218216, 1218450, 1218527, 1218663, 1218915, 1219126, 1219127, 1219141, 1219146, 1219295, 1219443, 1219653, 1219827, 1219835, 1219839, 1219840, 1219934, 1220003, 1220009, 1220021, 1220030, 1220106, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220251, 1220253, 1220254, 1220255, 1220257, 1220267, 1220277, 1220317, 1220326, 1220328, 1220330, 1220335, 1220344, 1220348, 1220350, 1220364, 1220392, 1220393, 1220398, 1220409, 1220444, 1220457, 1220459, 1220649, 1220796, 1220825
CVE References: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2023-28746, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52463, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-25744, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26622
Jira References: PED-7618
Sources used:
openSUSE Leap 15.5 (src): kernel-source-rt-5.14.21-150500.13.38.1, kernel-syms-rt-5.14.21-150500.13.38.1, kernel-livepatch-SLE15-SP5-RT_Update_11-1-150500.11.3.1
SUSE Linux Enterprise Micro 5.5 (src): kernel-source-rt-5.14.21-150500.13.38.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_11-1-150500.11.3.1
SUSE Real Time Module 15-SP5 (src): kernel-source-rt-5.14.21-150500.13.38.1, kernel-syms-rt-5.14.21-150500.13.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Maintenance Automation 2024-03-15 16:30:20 UTC 
SUSE-SU-2024:0900-2: An update that solves 49 vulnerabilities and has five security fixes can now be installed.

Category: security (important)
Bug References: 1211515, 1213456, 1214064, 1218195, 1218216, 1218562, 1218915, 1219073, 1219126, 1219127, 1219146, 1219295, 1219633, 1219653, 1219827, 1219835, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220251, 1220253, 1220254, 1220255, 1220257, 1220326, 1220328, 1220330, 1220335, 1220344, 1220350, 1220364, 1220398, 1220409, 1220433, 1220444, 1220457, 1220459, 1220469, 1220649, 1220735, 1220736, 1220796, 1220797, 1220825, 1220845, 1220917, 1220930, 1220931, 1220933
CVE References: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2021-46934, CVE-2021-47083, CVE-2022-48627, CVE-2023-28746, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52463, CVE-2023-52464, CVE-2023-52467, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52484, CVE-2023-52530, CVE-2023-52531, CVE-2023-52559, CVE-2023-6270, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26607, CVE-2024-26622
Sources used:
SUSE Manager Proxy 4.3 (src): kernel-source-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1
SUSE Manager Server 4.3 (src): kernel-source-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Maintenance Automation 2024-03-22 12:30:08 UTC 
SUSE-SU-2024:0976-1: An update that solves 47 vulnerabilities and has nine security fixes can now be installed.

Category: security (important)
Bug References: 1050549, 1186484, 1200599, 1212514, 1213456, 1218450, 1218527, 1218915, 1219127, 1219146, 1219295, 1219653, 1219827, 1219835, 1220187, 1220238, 1220240, 1220241, 1220250, 1220330, 1220340, 1220344, 1220409, 1220421, 1220436, 1220444, 1220459, 1220468, 1220482, 1220526, 1220570, 1220575, 1220599, 1220607, 1220613, 1220638, 1220641, 1220649, 1220700, 1220735, 1220767, 1220796, 1220825, 1220831, 1220845, 1220860, 1220861, 1220863, 1220870, 1220930, 1220931, 1220932, 1220957, 1221039, 1221040, 1221287
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52443, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:32929](https://smelt.suse.de/incident/32929/)
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src):
 kernel-source-rt-4.12.14-10.171.1, kernel-syms-rt-4.12.14-10.171.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Maintenance Automation 2024-03-22 12:30:18 UTC 
SUSE-SU-2024:0975-1: An update that solves 52 vulnerabilities and has seven security fixes can now be installed.

Category: security (important)
Bug References: 1050549, 1186484, 1200599, 1212514, 1213456, 1217987, 1217988, 1217989, 1218450, 1218527, 1218915, 1219127, 1219146, 1219295, 1219653, 1219827, 1219835, 1220187, 1220238, 1220240, 1220241, 1220250, 1220330, 1220340, 1220344, 1220409, 1220421, 1220436, 1220444, 1220459, 1220468, 1220482, 1220526, 1220570, 1220575, 1220599, 1220607, 1220613, 1220638, 1220641, 1220649, 1220700, 1220735, 1220767, 1220796, 1220825, 1220831, 1220845, 1220860, 1220861, 1220863, 1220870, 1220930, 1220931, 1220932, 1220957, 1221039, 1221040, 1221287
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-33200, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52443, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:32910](https://smelt.suse.de/incident/32910/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-source-azure-4.12.14-16.173.1, kernel-syms-azure-4.12.14-16.173.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-source-azure-4.12.14-16.173.1, kernel-syms-azure-4.12.14-16.173.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-source-azure-4.12.14-16.173.1, kernel-syms-azure-4.12.14-16.173.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Maintenance Automation 2024-03-22 12:32:03 UTC 
SUSE-SU-2024:0926-1: An update that solves 65 vulnerabilities and has six security fixes can now be installed.

Category: security (important)
Bug References: 1155518, 1184436, 1185988, 1186286, 1200599, 1212514, 1213456, 1218689, 1218915, 1219127, 1219128, 1219146, 1219295, 1219653, 1219827, 1219835, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220253, 1220255, 1220328, 1220330, 1220344, 1220398, 1220409, 1220416, 1220418, 1220421, 1220436, 1220444, 1220459, 1220469, 1220482, 1220526, 1220538, 1220570, 1220572, 1220599, 1220627, 1220641, 1220649, 1220660, 1220700, 1220735, 1220736, 1220737, 1220742, 1220745, 1220767, 1220796, 1220825, 1220826, 1220831, 1220845, 1220860, 1220863, 1220870, 1220917, 1220918, 1220930, 1220931, 1220932, 1221039, 1221040, 1221287
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46904, CVE-2021-46905, CVE-2021-46906, CVE-2021-46915, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46934, CVE-2021-46953, CVE-2021-46964, CVE-2021-46966, CVE-2021-46974, CVE-2021-46989, CVE-2021-47005, CVE-2021-47012, CVE-2021-47013, CVE-2021-47054, CVE-2021-47060, CVE-2021-47061, CVE-2021-47069, CVE-2021-47076, CVE-2021-47078, CVE-2021-47083, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-51042, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52463, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52569, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0340, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26593, CVE-2024-26595, CVE-2024-26602, CVE-2024-26607, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:32904](https://smelt.suse.de/incident/32904/)
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src):
 kernel-livepatch-SLE15-SP2_Update_46-1-150200.5.3.2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 kernel-obs-build-5.3.18-150200.24.183.1, kernel-syms-5.3.18-150200.24.183.1, kernel-source-5.3.18-150200.24.183.1, kernel-default-base-5.3.18-150200.24.183.1.150200.9.93.2
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 kernel-obs-build-5.3.18-150200.24.183.1, kernel-syms-5.3.18-150200.24.183.1, kernel-source-5.3.18-150200.24.183.1, kernel-default-base-5.3.18-150200.24.183.1.150200.9.93.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 kernel-obs-build-5.3.18-150200.24.183.1, kernel-syms-5.3.18-150200.24.183.1, kernel-source-5.3.18-150200.24.183.1, kernel-default-base-5.3.18-150200.24.183.1.150200.9.93.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Maintenance Automation 2024-03-22 12:32:20 UTC 
SUSE-SU-2024:0925-1: An update that solves 49 vulnerabilities and has seven security fixes can now be installed.

Category: security (important)
Bug References: 1050549, 1186484, 1200599, 1212514, 1213456, 1218450, 1218527, 1218915, 1219127, 1219146, 1219295, 1219653, 1219827, 1219835, 1220187, 1220238, 1220240, 1220241, 1220250, 1220330, 1220340, 1220344, 1220409, 1220421, 1220436, 1220444, 1220459, 1220468, 1220482, 1220526, 1220570, 1220575, 1220599, 1220607, 1220613, 1220638, 1220641, 1220649, 1220700, 1220735, 1220767, 1220796, 1220825, 1220831, 1220845, 1220860, 1220861, 1220863, 1220870, 1220930, 1220931, 1220932, 1220957, 1221039, 1221040, 1221287
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-33200, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52443, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600:, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:32885](https://smelt.suse.de/incident/32885/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_54-1-8.7.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.201.2
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-4.12.14-122.201.1, kernel-source-4.12.14-122.201.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-4.12.14-122.201.1, kernel-source-4.12.14-122.201.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-4.12.14-122.201.1, kernel-source-4.12.14-122.201.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Maintenance Automation 2024-03-22 16:30:06 UTC 
SUSE-SU-2024:0977-1: An update that solves 49 vulnerabilities and has five security fixes can now be installed.

Category: security (important)
Bug References: 1211515, 1213456, 1214064, 1218195, 1218216, 1218562, 1218915, 1219073, 1219126, 1219127, 1219146, 1219295, 1219633, 1219653, 1219827, 1219835, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220251, 1220253, 1220254, 1220255, 1220257, 1220326, 1220328, 1220330, 1220335, 1220344, 1220350, 1220364, 1220398, 1220409, 1220433, 1220444, 1220457, 1220459, 1220469, 1220649, 1220735, 1220736, 1220796, 1220797, 1220825, 1220845, 1220917, 1220930, 1220931, 1220933
CVE References: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2021-46934, CVE-2021-47083, CVE-2022-48627, CVE-2023-28746, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52463, CVE-2023-52464, CVE-2023-52467, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52484, CVE-2023-52530, CVE-2023-52531, CVE-2023-52559, CVE-2023-6270, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26607, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:33016](https://smelt.suse.de/incident/33016/)
Sources used:
SUSE Linux Enterprise Micro for Rancher 5.3 (src):
 kernel-source-rt-5.14.21-150400.15.71.1
SUSE Linux Enterprise Micro 5.3 (src):
 kernel-source-rt-5.14.21-150400.15.71.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src):
 kernel-source-rt-5.14.21-150400.15.71.1
SUSE Linux Enterprise Micro 5.4 (src):
 kernel-source-rt-5.14.21-150400.15.71.1
SUSE Linux Enterprise Live Patching 15-SP4 (src):
 kernel-livepatch-SLE15-SP4-RT_Update_19-1-150400.1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 53 Marcus Meissner 2024-06-13 07:52:58 UTC 
done