Bug 1220628 (CVE-2021-46941) - VUL-0: CVE-2021-46941: kernel: usb: dwc3: core: do core softreset when switch mode
Summary: VUL-0: CVE-2021-46941: kernel: usb: dwc3: core: do core softreset when switch...
Status: RESOLVED FIXED
Alias: CVE-2021-46941
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/395348/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-46941:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-29 09:18 UTC by SMASH SMASH
Modified: 2024-07-02 06:22 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-02-29 09:18:56 UTC 
In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: core: Do core softreset when switch mode


According to the programming guide, to switch mode for DRD controller,
the driver needs to do the following.

To switch from device to host:
1. Reset controller with GCTL.CoreSoftReset
2. Set GCTL.PrtCapDir(host mode)
3. Reset the host with USBCMD.HCRESET
4. Then follow up with the initializing host registers sequence

To switch from host to device:
1. Reset controller with GCTL.CoreSoftReset
2. Set GCTL.PrtCapDir(device mode)
3. Reset the device with DCTL.CSftRst
4. Then follow up with the initializing registers sequence

Currently we're missing step 1) to do GCTL.CoreSoftReset and step 3) of
switching from host to device. John Stult reported a lockup issue seen
with HiKey960 platform without these steps[1]. Similar issue is observed
with Ferry's testing platform[2].

So, apply the required steps along with some fixes to Yu Chen's and John
Stultz's version. The main fixes to their versions are the missing wait
for clocks synchronization before clearing GCTL.CoreSoftReset and only
apply DCTL.CSftRst when switching from host to device.

[1] https://lore.kernel.org/linux-usb/20210108015115.27920-1-john.stultz@linaro.org/
[2] https://lore.kernel.org/linux-usb/0ba7a6ba-e6a7-9cd4-0695-64fc927e01f1@gmail.com/

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46941
https://www.cve.org/CVERecord?id=CVE-2021-46941
https://bugzilla.redhat.com/show_bug.cgi?id=2266492
https://lore.kernel.org/linux-cve-announce/20240227184057.2368370-6-gregkh@linuxfoundation.org/T/#u

Patch:
https://git.kernel.org/stable/c/f88359e1588b85cf0e8209ab7d6620085f3441d9
Comment 1 Andrea Mattiazzo 2024-02-29 09:20:22 UTC 
Tracking as affected:
-cve/linux-4.12
-cve/linux-5.3
Comment 6 Oliver Neukum 2024-03-27 09:56:48 UTC 
(In reply to Andrea Mattiazzo from comment #1)
> Tracking as affected:
> -cve/linux-4.12

Patch submitted

> -cve/linux-5.3

By the new rules the score is not high enough to submit this to 

linux-5.3-LTSS
Comment 29 Maintenance Automation 2024-05-14 16:30:13 UTC 
SUSE-SU-2024:1648-1: An update that solves 193 vulnerabilities, contains one feature and has 17 security fixes can now be installed.

Category: security (important)
Bug References: 1084332, 1141539, 1184509, 1186060, 1190317, 1190576, 1192145, 1194516, 1203935, 1209657, 1211592, 1212514, 1213456, 1217339, 1217987, 1217988, 1217989, 1218220, 1218336, 1218479, 1218562, 1219104, 1219169, 1219170, 1219618, 1219623, 1219847, 1220320, 1220366, 1220394, 1220411, 1220416, 1220418, 1220422, 1220442, 1220445, 1220505, 1220521, 1220528, 1220536, 1220538, 1220554, 1220572, 1220580, 1220611, 1220625, 1220628, 1220637, 1220640, 1220662, 1220687, 1220692, 1220703, 1220706, 1220739, 1220742, 1220743, 1220745, 1220751, 1220768, 1220769, 1220777, 1220790, 1220794, 1220829, 1220836, 1220843, 1220846, 1220850, 1220871, 1220927, 1220960, 1220985, 1220987, 1221044, 1221046, 1221048, 1221058, 1221060, 1221061, 1221077, 1221082, 1221088, 1221162, 1221277, 1221293, 1221337, 1221532, 1221541, 1221548, 1221575, 1221605, 1221608, 1221617, 1221791, 1221816, 1221825, 1221830, 1221862, 1221934, 1221949, 1221952, 1221953, 1221965, 1221966, 1221967, 1221969, 1221972, 1221973, 1221977, 1221979, 1221988, 1221991, 1221993, 1221994, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222117, 1222294, 1222300, 1222357, 1222379, 1222422, 1222428, 1222449, 1222503, 1222559, 1222585, 1222609, 1222610, 1222613, 1222618, 1222619, 1222624, 1222630, 1222632, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222677, 1222706, 1222720, 1222765, 1222770, 1222772, 1222787, 1222790, 1222812, 1222836, 1222869, 1222876, 1222878, 1222881, 1222883, 1222888, 1222952, 1222961, 1222975, 1222976, 1223016, 1223035, 1223049, 1223051, 1223057, 1223058, 1223060, 1223187, 1223189, 1223198, 1223203, 1223315, 1223432, 1223509, 1223512, 1223513, 1223516, 1223518, 1223626, 1223627, 1223664, 1223686, 1223693, 1223712, 1223715, 1223735, 1223744, 1223745, 1223770, 1223781, 1223819, 1223824, 1223827, 1223837, 1223842, 1223843, 1223844, 1223883, 1223885, 1223921, 1223941, 1223952, 1223953, 1223954
CVE References: CVE-2019-25160, CVE-2020-36312, CVE-2021-23134, CVE-2021-46904, CVE-2021-46905, CVE-2021-46907, CVE-2021-46909, CVE-2021-46938, CVE-2021-46939, CVE-2021-46941, CVE-2021-46950, CVE-2021-46958, CVE-2021-46960, CVE-2021-46963, CVE-2021-46964, CVE-2021-46966, CVE-2021-46975, CVE-2021-46981, CVE-2021-46988, CVE-2021-46990, CVE-2021-46998, CVE-2021-47006, CVE-2021-47015, CVE-2021-47024, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47055, CVE-2021-47056, CVE-2021-47060, CVE-2021-47061, CVE-2021-47063, CVE-2021-47068, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47100, CVE-2021-47101, CVE-2021-47104, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47138, CVE-2021-47141, CVE-2021-47142, CVE-2021-47143, CVE-2021-47146, CVE-2021-47149, CVE-2021-47150, CVE-2021-47153, CVE-2021-47159, CVE-2021-47161, CVE-2021-47162, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47171, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47188, CVE-2021-47189, CVE-2021-47198, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47207, CVE-2021-47211, CVE-2021-47216, CVE-2021-47217, CVE-2022-0487, CVE-2022-48619, CVE-2022-48626, CVE-2022-48636, CVE-2022-48650, CVE-2022-48651, CVE-2022-48667, CVE-2022-48668, CVE-2022-48687, CVE-2022-48688, CVE-2022-48695, CVE-2022-48701, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52486, CVE-2023-52488, CVE-2023-52509, CVE-2023-52515, CVE-2023-52524, CVE-2023-52528, CVE-2023-52575, CVE-2023-52583, CVE-2023-52587, CVE-2023-52590, CVE-2023-52591, CVE-2023-52595, CVE-2023-52598, CVE-2023-52607, CVE-2023-52614, CVE-2023-52620, CVE-2023-52628, CVE-2023-52635, CVE-2023-52639, CVE-2023-52644, CVE-2023-52646, CVE-2023-52650, CVE-2023-52652, CVE-2023-52653, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-24855, CVE-2024-24861, CVE-2024-26614, CVE-2024-26642, CVE-2024-26651, CVE-2024-26671, CVE-2024-26675, CVE-2024-26689, CVE-2024-26704, CVE-2024-26733, CVE-2024-26739, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26754, CVE-2024-26763, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26793, CVE-2024-26805, CVE-2024-26816, CVE-2024-26817, CVE-2024-26839, CVE-2024-26840, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857, CVE-2024-26859, CVE-2024-26878, CVE-2024-26883, CVE-2024-26884, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26907, CVE-2024-26922, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26948, CVE-2024-26993, CVE-2024-27013, CVE-2024-27014, CVE-2024-27043, CVE-2024-27046, CVE-2024-27054, CVE-2024-27072, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27078, CVE-2024-27388
Jira References: PED-5759
Maintenance Incident: [SUSE:Maintenance:33233](https://smelt.suse.de/incident/33233/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_55-1-8.11.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.212.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-source-4.12.14-122.212.1, kernel-syms-4.12.14-122.212.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-source-4.12.14-122.212.1, kernel-syms-4.12.14-122.212.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-source-4.12.14-122.212.1, kernel-syms-4.12.14-122.212.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Maintenance Automation 2024-05-14 16:31:05 UTC 
SUSE-SU-2024:1646-1: An update that solves 187 vulnerabilities, contains one feature and has 16 security fixes can now be installed.

Category: security (important)
Bug References: 1141539, 1190317, 1190576, 1192145, 1194516, 1203935, 1209657, 1211592, 1217339, 1217987, 1217988, 1217989, 1218220, 1218336, 1218479, 1218562, 1219104, 1219169, 1219170, 1219618, 1219623, 1219847, 1220320, 1220366, 1220394, 1220411, 1220413, 1220416, 1220418, 1220442, 1220445, 1220521, 1220528, 1220536, 1220538, 1220554, 1220572, 1220580, 1220611, 1220625, 1220628, 1220637, 1220640, 1220662, 1220687, 1220692, 1220703, 1220706, 1220739, 1220742, 1220743, 1220745, 1220751, 1220768, 1220769, 1220777, 1220790, 1220794, 1220829, 1220836, 1220843, 1220846, 1220850, 1220871, 1220927, 1220960, 1220985, 1220987, 1221044, 1221046, 1221048, 1221058, 1221060, 1221061, 1221077, 1221082, 1221088, 1221162, 1221277, 1221293, 1221337, 1221532, 1221541, 1221548, 1221575, 1221605, 1221608, 1221617, 1221791, 1221816, 1221825, 1221830, 1221862, 1221934, 1221949, 1221952, 1221953, 1221965, 1221966, 1221967, 1221969, 1221972, 1221973, 1221977, 1221979, 1221988, 1221991, 1221993, 1221994, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222117, 1222294, 1222300, 1222357, 1222379, 1222422, 1222428, 1222449, 1222503, 1222559, 1222585, 1222609, 1222610, 1222613, 1222618, 1222619, 1222624, 1222630, 1222632, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222677, 1222706, 1222720, 1222765, 1222770, 1222772, 1222787, 1222790, 1222812, 1222836, 1222869, 1222876, 1222878, 1222881, 1222883, 1222888, 1222961, 1222975, 1222976, 1223016, 1223035, 1223049, 1223051, 1223057, 1223058, 1223060, 1223187, 1223189, 1223198, 1223203, 1223315, 1223432, 1223509, 1223512, 1223513, 1223516, 1223518, 1223626, 1223627, 1223664, 1223686, 1223693, 1223712, 1223715, 1223735, 1223744, 1223745, 1223770, 1223781, 1223819, 1223824, 1223827, 1223837, 1223842, 1223843, 1223844, 1223883, 1223885, 1223921, 1223941, 1223952, 1223953, 1223954
CVE References: CVE-2019-25160, CVE-2021-46904, CVE-2021-46905, CVE-2021-46909, CVE-2021-46938, CVE-2021-46939, CVE-2021-46941, CVE-2021-46950, CVE-2021-46958, CVE-2021-46960, CVE-2021-46963, CVE-2021-46964, CVE-2021-46966, CVE-2021-46981, CVE-2021-46988, CVE-2021-46990, CVE-2021-46998, CVE-2021-47006, CVE-2021-47015, CVE-2021-47024, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47055, CVE-2021-47056, CVE-2021-47060, CVE-2021-47061, CVE-2021-47063, CVE-2021-47068, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47100, CVE-2021-47101, CVE-2021-47104, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47138, CVE-2021-47141, CVE-2021-47142, CVE-2021-47143, CVE-2021-47146, CVE-2021-47149, CVE-2021-47150, CVE-2021-47153, CVE-2021-47159, CVE-2021-47161, CVE-2021-47162, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47171, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47188, CVE-2021-47189, CVE-2021-47198, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47207, CVE-2021-47211, CVE-2021-47216, CVE-2021-47217, CVE-2022-0487, CVE-2022-48619, CVE-2022-48626, CVE-2022-48636, CVE-2022-48650, CVE-2022-48651, CVE-2022-48667, CVE-2022-48668, CVE-2022-48687, CVE-2022-48688, CVE-2022-48695, CVE-2022-48701, CVE-2023-0160, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52486, CVE-2023-52488, CVE-2023-52509, CVE-2023-52515, CVE-2023-52524, CVE-2023-52528, CVE-2023-52575, CVE-2023-52583, CVE-2023-52587, CVE-2023-52590, CVE-2023-52591, CVE-2023-52595, CVE-2023-52598, CVE-2023-52607, CVE-2023-52614, CVE-2023-52620, CVE-2023-52628, CVE-2023-52635, CVE-2023-52639, CVE-2023-52644, CVE-2023-52646, CVE-2023-52650, CVE-2023-52652, CVE-2023-52653, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-24855, CVE-2024-24861, CVE-2024-26614, CVE-2024-26642, CVE-2024-26651, CVE-2024-26671, CVE-2024-26675, CVE-2024-26689, CVE-2024-26704, CVE-2024-26733, CVE-2024-26739, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26754, CVE-2024-26763, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26793, CVE-2024-26805, CVE-2024-26816, CVE-2024-26817, CVE-2024-26839, CVE-2024-26840, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857, CVE-2024-26859, CVE-2024-26878, CVE-2024-26883, CVE-2024-26884, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26907, CVE-2024-26922, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26948, CVE-2024-26993, CVE-2024-27013, CVE-2024-27014, CVE-2024-27043, CVE-2024-27046, CVE-2024-27054, CVE-2024-27072, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27078, CVE-2024-27388
Jira References: PED-5759
Maintenance Incident: [SUSE:Maintenance:33362](https://smelt.suse.de/incident/33362/)
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src):
 kernel-source-rt-4.12.14-10.182.1, kernel-syms-rt-4.12.14-10.182.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Maintenance Automation 2024-05-14 16:32:42 UTC 
SUSE-SU-2024:1643-1: An update that solves 201 vulnerabilities, contains one feature and has 22 security fixes can now be installed.

Category: security (important)
Bug References: 1084332, 1141539, 1184509, 1186060, 1190317, 1190576, 1192145, 1194516, 1197894, 1203935, 1209657, 1211592, 1212514, 1213456, 1215221, 1217339, 1217987, 1217988, 1217989, 1218220, 1218336, 1218479, 1218562, 1218917, 1219104, 1219169, 1219170, 1219618, 1219623, 1219847, 1220320, 1220366, 1220394, 1220411, 1220413, 1220416, 1220418, 1220442, 1220445, 1220513, 1220521, 1220528, 1220536, 1220538, 1220554, 1220572, 1220580, 1220611, 1220625, 1220628, 1220637, 1220640, 1220662, 1220687, 1220692, 1220703, 1220706, 1220739, 1220742, 1220743, 1220745, 1220751, 1220768, 1220769, 1220777, 1220790, 1220794, 1220829, 1220836, 1220843, 1220846, 1220850, 1220871, 1220927, 1220960, 1220985, 1220987, 1221044, 1221046, 1221048, 1221058, 1221060, 1221061, 1221077, 1221082, 1221088, 1221162, 1221277, 1221293, 1221337, 1221532, 1221541, 1221543, 1221545, 1221548, 1221575, 1221605, 1221608, 1221617, 1221791, 1221816, 1221825, 1221830, 1221862, 1221934, 1221949, 1221952, 1221953, 1221965, 1221966, 1221967, 1221969, 1221972, 1221973, 1221977, 1221979, 1221988, 1221991, 1221993, 1221994, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222117, 1222294, 1222300, 1222357, 1222379, 1222422, 1222428, 1222449, 1222503, 1222559, 1222585, 1222609, 1222610, 1222613, 1222618, 1222619, 1222624, 1222630, 1222632, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222677, 1222706, 1222720, 1222765, 1222770, 1222772, 1222787, 1222790, 1222793, 1222812, 1222836, 1222869, 1222876, 1222878, 1222881, 1222883, 1222888, 1222952, 1222961, 1222975, 1222976, 1223016, 1223035, 1223049, 1223051, 1223057, 1223058, 1223060, 1223119, 1223187, 1223189, 1223198, 1223203, 1223315, 1223432, 1223509, 1223512, 1223513, 1223516, 1223518, 1223539, 1223540, 1223626, 1223627, 1223664, 1223686, 1223693, 1223712, 1223715, 1223735, 1223744, 1223745, 1223770, 1223781, 1223802, 1223819, 1223824, 1223827, 1223837, 1223842, 1223843, 1223844, 1223883, 1223885, 1223921, 1223923, 1223931, 1223941, 1223952, 1223953, 1223954, 1223969
CVE References: CVE-2019-25160, CVE-2020-36312, CVE-2021-23134, CVE-2021-46904, CVE-2021-46905, CVE-2021-46909, CVE-2021-46938, CVE-2021-46939, CVE-2021-46941, CVE-2021-46950, CVE-2021-46955, CVE-2021-46958, CVE-2021-46960, CVE-2021-46963, CVE-2021-46964, CVE-2021-46966, CVE-2021-46981, CVE-2021-46988, CVE-2021-46990, CVE-2021-46998, CVE-2021-47006, CVE-2021-47015, CVE-2021-47024, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47055, CVE-2021-47056, CVE-2021-47060, CVE-2021-47061, CVE-2021-47063, CVE-2021-47068, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47100, CVE-2021-47101, CVE-2021-47104, CVE-2021-47110, CVE-2021-47112, CVE-2021-47113, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47131, CVE-2021-47138, CVE-2021-47141, CVE-2021-47142, CVE-2021-47143, CVE-2021-47146, CVE-2021-47149, CVE-2021-47150, CVE-2021-47153, CVE-2021-47159, CVE-2021-47161, CVE-2021-47162, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47171, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47188, CVE-2021-47189, CVE-2021-47198, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47207, CVE-2021-47211, CVE-2021-47216, CVE-2021-47217, CVE-2022-0487, CVE-2022-48619, CVE-2022-48626, CVE-2022-48636, CVE-2022-48650, CVE-2022-48651, CVE-2022-48667, CVE-2022-48668, CVE-2022-48672, CVE-2022-48687, CVE-2022-48688, CVE-2022-48695, CVE-2022-48701, CVE-2022-48702, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-4881, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52486, CVE-2023-52488, CVE-2023-52509, CVE-2023-52515, CVE-2023-52524, CVE-2023-52528, CVE-2023-52575, CVE-2023-52583, CVE-2023-52587, CVE-2023-52590, CVE-2023-52591, CVE-2023-52595, CVE-2023-52598, CVE-2023-52607, CVE-2023-52614, CVE-2023-52620, CVE-2023-52628, CVE-2023-52635, CVE-2023-52639, CVE-2023-52644, CVE-2023-52646, CVE-2023-52650, CVE-2023-52652, CVE-2023-52653, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-0639, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-24855, CVE-2024-24861, CVE-2024-26614, CVE-2024-26642, CVE-2024-26651, CVE-2024-26671, CVE-2024-26675, CVE-2024-26689, CVE-2024-26704, CVE-2024-26733, CVE-2024-26739, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26754, CVE-2024-26763, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26791, CVE-2024-26793, CVE-2024-26805, CVE-2024-26816, CVE-2024-26817, CVE-2024-26839, CVE-2024-26840, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857, CVE-2024-26859, CVE-2024-26876, CVE-2024-26878, CVE-2024-26883, CVE-2024-26884, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26907, CVE-2024-26922, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26948, CVE-2024-26993, CVE-2024-27008, CVE-2024-27013, CVE-2024-27014, CVE-2024-27043, CVE-2024-27046, CVE-2024-27054, CVE-2024-27072, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27078, CVE-2024-27388
Jira References: PED-5759
Maintenance Incident: [SUSE:Maintenance:33343](https://smelt.suse.de/incident/33343/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.182.1, kernel-source-azure-4.12.14-16.182.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.182.1, kernel-source-azure-4.12.14-16.182.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.182.1, kernel-source-azure-4.12.14-16.182.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Maintenance Automation 2024-05-21 16:30:18 UTC 
SUSE-SU-2024:1648-2: An update that solves 193 vulnerabilities, contains one feature and has 17 security fixes can now be installed.

Category: security (important)
Bug References: 1084332, 1141539, 1184509, 1186060, 1190317, 1190576, 1192145, 1194516, 1203935, 1209657, 1211592, 1212514, 1213456, 1217339, 1217987, 1217988, 1217989, 1218220, 1218336, 1218479, 1218562, 1219104, 1219169, 1219170, 1219618, 1219623, 1219847, 1220320, 1220366, 1220394, 1220411, 1220416, 1220418, 1220422, 1220442, 1220445, 1220505, 1220521, 1220528, 1220536, 1220538, 1220554, 1220572, 1220580, 1220611, 1220625, 1220628, 1220637, 1220640, 1220662, 1220687, 1220692, 1220703, 1220706, 1220739, 1220742, 1220743, 1220745, 1220751, 1220768, 1220769, 1220777, 1220790, 1220794, 1220829, 1220836, 1220843, 1220846, 1220850, 1220871, 1220927, 1220960, 1220985, 1220987, 1221044, 1221046, 1221048, 1221058, 1221060, 1221061, 1221077, 1221082, 1221088, 1221162, 1221277, 1221293, 1221337, 1221532, 1221541, 1221548, 1221575, 1221605, 1221608, 1221617, 1221791, 1221816, 1221825, 1221830, 1221862, 1221934, 1221949, 1221952, 1221953, 1221965, 1221966, 1221967, 1221969, 1221972, 1221973, 1221977, 1221979, 1221988, 1221991, 1221993, 1221994, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222117, 1222294, 1222300, 1222357, 1222379, 1222422, 1222428, 1222449, 1222503, 1222559, 1222585, 1222609, 1222610, 1222613, 1222618, 1222619, 1222624, 1222630, 1222632, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222677, 1222706, 1222720, 1222765, 1222770, 1222772, 1222787, 1222790, 1222812, 1222836, 1222869, 1222876, 1222878, 1222881, 1222883, 1222888, 1222952, 1222961, 1222975, 1222976, 1223016, 1223035, 1223049, 1223051, 1223057, 1223058, 1223060, 1223187, 1223189, 1223198, 1223203, 1223315, 1223432, 1223509, 1223512, 1223513, 1223516, 1223518, 1223626, 1223627, 1223664, 1223686, 1223693, 1223712, 1223715, 1223735, 1223744, 1223745, 1223770, 1223781, 1223819, 1223824, 1223827, 1223837, 1223842, 1223843, 1223844, 1223883, 1223885, 1223921, 1223941, 1223952, 1223953, 1223954
CVE References: CVE-2019-25160, CVE-2020-36312, CVE-2021-23134, CVE-2021-46904, CVE-2021-46905, CVE-2021-46907, CVE-2021-46909, CVE-2021-46938, CVE-2021-46939, CVE-2021-46941, CVE-2021-46950, CVE-2021-46958, CVE-2021-46960, CVE-2021-46963, CVE-2021-46964, CVE-2021-46966, CVE-2021-46975, CVE-2021-46981, CVE-2021-46988, CVE-2021-46990, CVE-2021-46998, CVE-2021-47006, CVE-2021-47015, CVE-2021-47024, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47055, CVE-2021-47056, CVE-2021-47060, CVE-2021-47061, CVE-2021-47063, CVE-2021-47068, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47100, CVE-2021-47101, CVE-2021-47104, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47138, CVE-2021-47141, CVE-2021-47142, CVE-2021-47143, CVE-2021-47146, CVE-2021-47149, CVE-2021-47150, CVE-2021-47153, CVE-2021-47159, CVE-2021-47161, CVE-2021-47162, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47171, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47188, CVE-2021-47189, CVE-2021-47198, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47207, CVE-2021-47211, CVE-2021-47216, CVE-2021-47217, CVE-2022-0487, CVE-2022-48619, CVE-2022-48626, CVE-2022-48636, CVE-2022-48650, CVE-2022-48651, CVE-2022-48667, CVE-2022-48668, CVE-2022-48687, CVE-2022-48688, CVE-2022-48695, CVE-2022-48701, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52486, CVE-2023-52488, CVE-2023-52509, CVE-2023-52515, CVE-2023-52524, CVE-2023-52528, CVE-2023-52575, CVE-2023-52583, CVE-2023-52587, CVE-2023-52590, CVE-2023-52591, CVE-2023-52595, CVE-2023-52598, CVE-2023-52607, CVE-2023-52614, CVE-2023-52620, CVE-2023-52628, CVE-2023-52635, CVE-2023-52639, CVE-2023-52644, CVE-2023-52646, CVE-2023-52650, CVE-2023-52652, CVE-2023-52653, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-24855, CVE-2024-24861, CVE-2024-26614, CVE-2024-26642, CVE-2024-26651, CVE-2024-26671, CVE-2024-26675, CVE-2024-26689, CVE-2024-26704, CVE-2024-26733, CVE-2024-26739, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26754, CVE-2024-26763, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26793, CVE-2024-26805, CVE-2024-26816, CVE-2024-26817, CVE-2024-26839, CVE-2024-26840, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857, CVE-2024-26859, CVE-2024-26878, CVE-2024-26883, CVE-2024-26884, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26907, CVE-2024-26922, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26948, CVE-2024-26993, CVE-2024-27013, CVE-2024-27014, CVE-2024-27043, CVE-2024-27046, CVE-2024-27054, CVE-2024-27072, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27078, CVE-2024-27388
Jira References: PED-5759
Maintenance Incident: [SUSE:Maintenance:33233](https://smelt.suse.de/incident/33233/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_55-1-8.11.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.212.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-source-4.12.14-122.212.1, kernel-syms-4.12.14-122.212.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-source-4.12.14-122.212.1, kernel-syms-4.12.14-122.212.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-source-4.12.14-122.212.1, kernel-syms-4.12.14-122.212.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Maintenance Automation 2024-05-30 16:30:16 UTC 
SUSE-SU-2024:1870-1: An update that solves 193 vulnerabilities, contains one feature and has 18 security fixes can now be installed.

Category: security (important)
Bug References: 1084332, 1141539, 1184509, 1186060, 1190317, 1190576, 1192145, 1194516, 1203935, 1209657, 1211592, 1212514, 1213456, 1217339, 1217987, 1217988, 1217989, 1218220, 1218336, 1218479, 1218562, 1219104, 1219169, 1219170, 1219618, 1219623, 1219847, 1220320, 1220366, 1220394, 1220411, 1220416, 1220418, 1220422, 1220442, 1220445, 1220505, 1220521, 1220528, 1220536, 1220538, 1220554, 1220572, 1220580, 1220611, 1220625, 1220628, 1220637, 1220640, 1220662, 1220687, 1220692, 1220703, 1220706, 1220739, 1220742, 1220743, 1220745, 1220751, 1220768, 1220769, 1220777, 1220790, 1220794, 1220829, 1220836, 1220843, 1220846, 1220850, 1220871, 1220927, 1220960, 1220985, 1220987, 1221044, 1221046, 1221048, 1221058, 1221060, 1221061, 1221077, 1221082, 1221088, 1221162, 1221277, 1221293, 1221337, 1221532, 1221541, 1221548, 1221575, 1221605, 1221608, 1221617, 1221791, 1221816, 1221825, 1221830, 1221862, 1221934, 1221949, 1221952, 1221953, 1221965, 1221966, 1221967, 1221969, 1221972, 1221973, 1221977, 1221979, 1221988, 1221991, 1221993, 1221994, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222117, 1222294, 1222300, 1222357, 1222379, 1222422, 1222428, 1222449, 1222503, 1222559, 1222585, 1222609, 1222610, 1222613, 1222618, 1222619, 1222624, 1222630, 1222632, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222677, 1222706, 1222720, 1222765, 1222770, 1222772, 1222787, 1222790, 1222812, 1222836, 1222869, 1222876, 1222878, 1222881, 1222883, 1222888, 1222952, 1222961, 1222975, 1222976, 1223016, 1223035, 1223049, 1223051, 1223057, 1223058, 1223060, 1223187, 1223189, 1223198, 1223203, 1223315, 1223432, 1223509, 1223512, 1223513, 1223516, 1223518, 1223626, 1223627, 1223664, 1223686, 1223693, 1223712, 1223715, 1223735, 1223744, 1223745, 1223770, 1223781, 1223819, 1223824, 1223827, 1223837, 1223842, 1223843, 1223844, 1223883, 1223885, 1223921, 1223941, 1223952, 1223953, 1223954, 1224785
CVE References: CVE-2019-25160, CVE-2020-36312, CVE-2021-23134, CVE-2021-46904, CVE-2021-46905, CVE-2021-46907, CVE-2021-46909, CVE-2021-46938, CVE-2021-46939, CVE-2021-46941, CVE-2021-46950, CVE-2021-46958, CVE-2021-46960, CVE-2021-46963, CVE-2021-46964, CVE-2021-46966, CVE-2021-46975, CVE-2021-46981, CVE-2021-46988, CVE-2021-46990, CVE-2021-46998, CVE-2021-47006, CVE-2021-47015, CVE-2021-47024, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47055, CVE-2021-47056, CVE-2021-47060, CVE-2021-47061, CVE-2021-47063, CVE-2021-47068, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47100, CVE-2021-47101, CVE-2021-47104, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47138, CVE-2021-47141, CVE-2021-47142, CVE-2021-47143, CVE-2021-47146, CVE-2021-47149, CVE-2021-47150, CVE-2021-47153, CVE-2021-47159, CVE-2021-47161, CVE-2021-47162, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47171, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47188, CVE-2021-47189, CVE-2021-47198, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47207, CVE-2021-47211, CVE-2021-47216, CVE-2021-47217, CVE-2022-0487, CVE-2022-48619, CVE-2022-48626, CVE-2022-48636, CVE-2022-48650, CVE-2022-48651, CVE-2022-48667, CVE-2022-48668, CVE-2022-48687, CVE-2022-48688, CVE-2022-48695, CVE-2022-48701, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52486, CVE-2023-52488, CVE-2023-52509, CVE-2023-52515, CVE-2023-52524, CVE-2023-52528, CVE-2023-52575, CVE-2023-52583, CVE-2023-52587, CVE-2023-52590, CVE-2023-52591, CVE-2023-52595, CVE-2023-52598, CVE-2023-52607, CVE-2023-52614, CVE-2023-52620, CVE-2023-52628, CVE-2023-52635, CVE-2023-52639, CVE-2023-52644, CVE-2023-52646, CVE-2023-52650, CVE-2023-52652, CVE-2023-52653, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-24855, CVE-2024-24861, CVE-2024-26614, CVE-2024-26642, CVE-2024-26651, CVE-2024-26671, CVE-2024-26675, CVE-2024-26689, CVE-2024-26704, CVE-2024-26733, CVE-2024-26739, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26754, CVE-2024-26763, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26793, CVE-2024-26805, CVE-2024-26816, CVE-2024-26817, CVE-2024-26839, CVE-2024-26840, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857, CVE-2024-26859, CVE-2024-26878, CVE-2024-26883, CVE-2024-26884, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26907, CVE-2024-26922, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26948, CVE-2024-26993, CVE-2024-27013, CVE-2024-27014, CVE-2024-27043, CVE-2024-27046, CVE-2024-27054, CVE-2024-27072, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27078, CVE-2024-27388
Jira References: PED-5759
Maintenance Incident: [SUSE:Maintenance:34082](https://smelt.suse.de/incident/34082/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_56-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.216.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-4.12.14-122.216.1, kernel-source-4.12.14-122.216.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-4.12.14-122.216.1, kernel-source-4.12.14-122.216.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-4.12.14-122.216.1, kernel-source-4.12.14-122.216.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.