Bug 1220630 (CVE-2021-47014) - VUL-0: CVE-2021-47014: kernel: net/sched: act_ct: wild memory access when clearing fragments
Summary: VUL-0: CVE-2021-47014: kernel: net/sched: act_ct: wild memory access when cle...
Status: RESOLVED FIXED
Alias: CVE-2021-47014
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/395463/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-47014:6.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-29 09:29 UTC by SMASH SMASH
Modified: 2024-07-03 12:02 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-02-29 09:29:15 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net/sched: act_ct: fix wild memory access when clearing fragments

while testing re-assembly/re-fragmentation using act_ct, it's possible to
observe a crash like the following one:

 KASAN: maybe wild-memory-access in range [0x0001000000000448-0x000100000000044f]
 CPU: 50 PID: 0 Comm: swapper/50 Tainted: G S                5.12.0-rc7+ #424
 Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017
 RIP: 0010:inet_frag_rbtree_purge+0x50/0xc0
 Code: 00 fc ff df 48 89 c3 31 ed 48 89 df e8 a9 7a 38 ff 4c 89 fe 48 89 df 49 89 c6 e8 5b 3a 38 ff 48 8d 7b 40 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 75 59 48 8d bb d0 00 00 00 4c 8b 6b 40 48 89 f8 48
 RSP: 0018:ffff888c31449db8 EFLAGS: 00010203
 RAX: 0000200000000089 RBX: 000100000000040e RCX: ffffffff989eb960
 RDX: 0000000000000140 RSI: ffffffff97cfb977 RDI: 000100000000044e
 RBP: 0000000000000900 R08: 0000000000000000 R09: ffffed1186289350
 R10: 0000000000000003 R11: ffffed1186289350 R12: dffffc0000000000
 R13: 000100000000040e R14: 0000000000000000 R15: ffff888155e02160
 FS:  0000000000000000(0000) GS:ffff888c31440000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00005600cb70a5b8 CR3: 0000000a2c014005 CR4: 00000000003706e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 Call Trace:
  <IRQ>
  inet_frag_destroy+0xa9/0x150
  call_timer_fn+0x2d/0x180
  run_timer_softirq+0x4fe/0xe70
  __do_softirq+0x197/0x5a0
  irq_exit_rcu+0x1de/0x200
  sysvec_apic_timer_interrupt+0x6b/0x80
  </IRQ>

when act_ct temporarily stores an IP fragment, restoring the skb qdisc cb
results in putting random data in FRAG_CB(), and this causes those "wild"
memory accesses later, when the rbtree is purged. Never overwrite the skb
cb in case tcf_ct_handle_fragments() returns -EINPROGRESS.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47014
https://git.kernel.org/stable/c/0648941f4c8bbf8b4b6c0b270889ae7aa769b921
https://git.kernel.org/stable/c/f77bd544a6bbe69aa50d9ed09f13494cf36ff806
https://www.cve.org/CVERecord?id=CVE-2021-47014
https://bugzilla.redhat.com/show_bug.cgi?id=2266738
Comment 1 Carlos López 2024-02-29 09:30:59 UTC 
Already fixed in affected branches (SLE15-SP3, cve/linux-5.14, SLE15-SP6, stable and master). Closing.
Comment 6 Maintenance Automation 2024-04-29 16:30:45 UTC 
SUSE-SU-2024:1465-1: An update that solves 145 vulnerabilities, contains five features and has five security fixes can now be installed.

Category: security (important)
Bug References: 1192145, 1209657, 1218336, 1218447, 1218479, 1218562, 1219170, 1219264, 1220320, 1220340, 1220366, 1220400, 1220411, 1220413, 1220414, 1220425, 1220426, 1220429, 1220432, 1220442, 1220445, 1220465, 1220468, 1220475, 1220484, 1220486, 1220487, 1220516, 1220521, 1220528, 1220529, 1220532, 1220536, 1220554, 1220556, 1220557, 1220560, 1220561, 1220566, 1220575, 1220580, 1220583, 1220611, 1220615, 1220621, 1220625, 1220630, 1220631, 1220638, 1220639, 1220640, 1220662, 1220663, 1220669, 1220670, 1220677, 1220678, 1220685, 1220687, 1220688, 1220692, 1220697, 1220703, 1220706, 1220733, 1220734, 1220739, 1220743, 1220749, 1220751, 1220753, 1220758, 1220759, 1220764, 1220768, 1220769, 1220777, 1220779, 1220785, 1220790, 1220794, 1220824, 1220829, 1220836, 1220846, 1220850, 1220861, 1220871, 1220883, 1220946, 1220954, 1220969, 1220979, 1220982, 1220985, 1220987, 1221015, 1221044, 1221058, 1221061, 1221077, 1221088, 1221276, 1221293, 1221532, 1221534, 1221541, 1221548, 1221552, 1221575, 1221605, 1221606, 1221608, 1221830, 1221931, 1221932, 1221934, 1221935, 1221949, 1221952, 1221965, 1221966, 1221969, 1221973, 1221974, 1221978, 1221989, 1221990, 1221991, 1221992, 1221993, 1221994, 1221996, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222003, 1222004, 1222117, 1222422, 1222585, 1222619, 1222660, 1222664, 1222669, 1222706, 1222878
CVE References: CVE-2020-36780, CVE-2020-36781, CVE-2020-36782, CVE-2020-36783, CVE-2021-46908, CVE-2021-46909, CVE-2021-46911, CVE-2021-46914, CVE-2021-46917, CVE-2021-46918, CVE-2021-46919, CVE-2021-46920, CVE-2021-46921, CVE-2021-46922, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46938, CVE-2021-46939, CVE-2021-46943, CVE-2021-46944, CVE-2021-46950, CVE-2021-46951, CVE-2021-46956, CVE-2021-46958, CVE-2021-46959, CVE-2021-46960, CVE-2021-46961, CVE-2021-46962, CVE-2021-46963, CVE-2021-46971, CVE-2021-46976, CVE-2021-46980, CVE-2021-46981, CVE-2021-46983, CVE-2021-46984, CVE-2021-46988, CVE-2021-46990, CVE-2021-46991, CVE-2021-46992, CVE-2021-46998, CVE-2021-47000, CVE-2021-47001, CVE-2021-47003, CVE-2021-47006, CVE-2021-47009, CVE-2021-47014, CVE-2021-47015, CVE-2021-47017, CVE-2021-47020, CVE-2021-47026, CVE-2021-47034, CVE-2021-47035, CVE-2021-47038, CVE-2021-47044, CVE-2021-47045, CVE-2021-47046, CVE-2021-47049, CVE-2021-47051, CVE-2021-47055, CVE-2021-47056, CVE-2021-47058, CVE-2021-47063, CVE-2021-47065, CVE-2021-47068, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47077, CVE-2021-47082, CVE-2021-47087, CVE-2021-47095, CVE-2021-47097, CVE-2021-47100, CVE-2021-47101, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47120, CVE-2021-47130, CVE-2021-47136, CVE-2021-47137, CVE-2021-47138, CVE-2021-47139, CVE-2021-47141, CVE-2021-47142, CVE-2021-47144, CVE-2021-47150, CVE-2021-47153, CVE-2021-47160, CVE-2021-47161, CVE-2021-47164, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47170, CVE-2021-47171, CVE-2021-47172, CVE-2021-47173, CVE-2021-47174, CVE-2021-47175, CVE-2021-47176, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2021-47202, CVE-2022-48626, CVE-2023-0160, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52492, CVE-2023-52500, CVE-2023-52508, CVE-2023-52509, CVE-2023-52572, CVE-2023-52575, CVE-2023-52583, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52628, CVE-2023-6270, CVE-2023-6531, CVE-2023-7042, CVE-2023-7192, CVE-2024-22099, CVE-2024-26600, CVE-2024-26614, CVE-2024-26642, CVE-2024-26704, CVE-2024-26733
Jira References: PED-5759, SLE-13706, SLE-15131, SLE-15172, SLE-15176
Maintenance Incident: [SUSE:Maintenance:33363](https://smelt.suse.de/incident/33363/)
Sources used:
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-source-rt-5.3.18-150300.166.1
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-source-rt-5.3.18-150300.166.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-source-rt-5.3.18-150300.166.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Maintenance Automation 2024-05-03 08:31:08 UTC 
SUSE-SU-2024:1489-1: An update that solves 157 vulnerabilities, contains five features and has four security fixes can now be installed.

Category: security (important)
Bug References: 1184942, 1186060, 1192145, 1194516, 1208995, 1209635, 1209657, 1212514, 1213456, 1217987, 1217988, 1217989, 1218336, 1218447, 1218479, 1218562, 1219170, 1219264, 1220320, 1220340, 1220366, 1220400, 1220411, 1220413, 1220414, 1220425, 1220426, 1220429, 1220432, 1220442, 1220445, 1220465, 1220468, 1220475, 1220484, 1220486, 1220487, 1220516, 1220521, 1220528, 1220529, 1220532, 1220554, 1220556, 1220557, 1220560, 1220561, 1220566, 1220575, 1220580, 1220583, 1220611, 1220615, 1220621, 1220625, 1220630, 1220631, 1220638, 1220639, 1220640, 1220641, 1220662, 1220663, 1220669, 1220670, 1220677, 1220678, 1220685, 1220687, 1220688, 1220692, 1220697, 1220703, 1220706, 1220733, 1220734, 1220739, 1220743, 1220745, 1220749, 1220751, 1220753, 1220758, 1220759, 1220764, 1220768, 1220769, 1220777, 1220779, 1220785, 1220790, 1220794, 1220824, 1220826, 1220829, 1220836, 1220846, 1220850, 1220861, 1220871, 1220883, 1220946, 1220954, 1220969, 1220979, 1220982, 1220985, 1220987, 1221015, 1221044, 1221058, 1221061, 1221077, 1221088, 1221276, 1221293, 1221532, 1221534, 1221541, 1221548, 1221552, 1221575, 1221605, 1221606, 1221608, 1221830, 1221931, 1221932, 1221934, 1221935, 1221949, 1221952, 1221965, 1221966, 1221969, 1221973, 1221974, 1221978, 1221989, 1221990, 1221991, 1221992, 1221993, 1221994, 1221996, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222003, 1222004, 1222117, 1222422, 1222585, 1222619, 1222660, 1222664, 1222669, 1222706
CVE References: CVE-2020-36780, CVE-2020-36781, CVE-2020-36782, CVE-2020-36783, CVE-2021-23134, CVE-2021-29155, CVE-2021-46908, CVE-2021-46909, CVE-2021-46911, CVE-2021-46914, CVE-2021-46917, CVE-2021-46918, CVE-2021-46919, CVE-2021-46920, CVE-2021-46921, CVE-2021-46922, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46938, CVE-2021-46939, CVE-2021-46943, CVE-2021-46944, CVE-2021-46950, CVE-2021-46951, CVE-2021-46956, CVE-2021-46958, CVE-2021-46959, CVE-2021-46960, CVE-2021-46961, CVE-2021-46962, CVE-2021-46963, CVE-2021-46971, CVE-2021-46976, CVE-2021-46980, CVE-2021-46981, CVE-2021-46983, CVE-2021-46984, CVE-2021-46988, CVE-2021-46990, CVE-2021-46991, CVE-2021-46992, CVE-2021-46998, CVE-2021-47000, CVE-2021-47001, CVE-2021-47003, CVE-2021-47006, CVE-2021-47009, CVE-2021-47013, CVE-2021-47014, CVE-2021-47015, CVE-2021-47017, CVE-2021-47020, CVE-2021-47026, CVE-2021-47034, CVE-2021-47035, CVE-2021-47038, CVE-2021-47044, CVE-2021-47045, CVE-2021-47046, CVE-2021-47049, CVE-2021-47051, CVE-2021-47055, CVE-2021-47056, CVE-2021-47058, CVE-2021-47061, CVE-2021-47063, CVE-2021-47065, CVE-2021-47068, CVE-2021-47069, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47077, CVE-2021-47082, CVE-2021-47087, CVE-2021-47095, CVE-2021-47097, CVE-2021-47100, CVE-2021-47101, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47120, CVE-2021-47130, CVE-2021-47136, CVE-2021-47137, CVE-2021-47138, CVE-2021-47139, CVE-2021-47141, CVE-2021-47142, CVE-2021-47144, CVE-2021-47150, CVE-2021-47153, CVE-2021-47160, CVE-2021-47161, CVE-2021-47164, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47170, CVE-2021-47171, CVE-2021-47172, CVE-2021-47173, CVE-2021-47174, CVE-2021-47175, CVE-2021-47176, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2022-0487, CVE-2022-4744, CVE-2022-48626, CVE-2023-0160, CVE-2023-1192, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52492, CVE-2023-52500, CVE-2023-52508, CVE-2023-52509, CVE-2023-52572, CVE-2023-52575, CVE-2023-52583, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52628, CVE-2023-6270, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-22099, CVE-2024-26600, CVE-2024-26614, CVE-2024-26642, CVE-2024-26704, CVE-2024-26733
Jira References: PED-5759, SLE-13706, SLE-15131, SLE-15172, SLE-15176
Maintenance Incident: [SUSE:Maintenance:33221](https://smelt.suse.de/incident/33221/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Enterprise Storage 7.1 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
openSUSE Leap 15.3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-livepatch-SLE15-SP3_Update_43-1-150300.7.3.5, kernel-obs-build-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5, kernel-source-5.3.18-150300.59.158.1, kernel-obs-qa-5.3.18-150300.59.158.1
SUSE Linux Enterprise Live Patching 15-SP3 (src):
 kernel-livepatch-SLE15-SP3_Update_43-1-150300.7.3.5
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Maintenance Automation 2024-05-03 08:37:36 UTC 
SUSE-SU-2024:1489-1: An update that solves 157 vulnerabilities, contains five features and has four security fixes can now be installed.

Category: security (important)
Bug References: 1184942, 1186060, 1192145, 1194516, 1208995, 1209635, 1209657, 1212514, 1213456, 1217987, 1217988, 1217989, 1218336, 1218447, 1218479, 1218562, 1219170, 1219264, 1220320, 1220340, 1220366, 1220400, 1220411, 1220413, 1220414, 1220425, 1220426, 1220429, 1220432, 1220442, 1220445, 1220465, 1220468, 1220475, 1220484, 1220486, 1220487, 1220516, 1220521, 1220528, 1220529, 1220532, 1220554, 1220556, 1220557, 1220560, 1220561, 1220566, 1220575, 1220580, 1220583, 1220611, 1220615, 1220621, 1220625, 1220630, 1220631, 1220638, 1220639, 1220640, 1220641, 1220662, 1220663, 1220669, 1220670, 1220677, 1220678, 1220685, 1220687, 1220688, 1220692, 1220697, 1220703, 1220706, 1220733, 1220734, 1220739, 1220743, 1220745, 1220749, 1220751, 1220753, 1220758, 1220759, 1220764, 1220768, 1220769, 1220777, 1220779, 1220785, 1220790, 1220794, 1220824, 1220826, 1220829, 1220836, 1220846, 1220850, 1220861, 1220871, 1220883, 1220946, 1220954, 1220969, 1220979, 1220982, 1220985, 1220987, 1221015, 1221044, 1221058, 1221061, 1221077, 1221088, 1221276, 1221293, 1221532, 1221534, 1221541, 1221548, 1221552, 1221575, 1221605, 1221606, 1221608, 1221830, 1221931, 1221932, 1221934, 1221935, 1221949, 1221952, 1221965, 1221966, 1221969, 1221973, 1221974, 1221978, 1221989, 1221990, 1221991, 1221992, 1221993, 1221994, 1221996, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222003, 1222004, 1222117, 1222422, 1222585, 1222619, 1222660, 1222664, 1222669, 1222706
CVE References: CVE-2020-36780, CVE-2020-36781, CVE-2020-36782, CVE-2020-36783, CVE-2021-23134, CVE-2021-29155, CVE-2021-46908, CVE-2021-46909, CVE-2021-46911, CVE-2021-46914, CVE-2021-46917, CVE-2021-46918, CVE-2021-46919, CVE-2021-46920, CVE-2021-46921, CVE-2021-46922, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46938, CVE-2021-46939, CVE-2021-46943, CVE-2021-46944, CVE-2021-46950, CVE-2021-46951, CVE-2021-46956, CVE-2021-46958, CVE-2021-46959, CVE-2021-46960, CVE-2021-46961, CVE-2021-46962, CVE-2021-46963, CVE-2021-46971, CVE-2021-46976, CVE-2021-46980, CVE-2021-46981, CVE-2021-46983, CVE-2021-46984, CVE-2021-46988, CVE-2021-46990, CVE-2021-46991, CVE-2021-46992, CVE-2021-46998, CVE-2021-47000, CVE-2021-47001, CVE-2021-47003, CVE-2021-47006, CVE-2021-47009, CVE-2021-47013, CVE-2021-47014, CVE-2021-47015, CVE-2021-47017, CVE-2021-47020, CVE-2021-47026, CVE-2021-47034, CVE-2021-47035, CVE-2021-47038, CVE-2021-47044, CVE-2021-47045, CVE-2021-47046, CVE-2021-47049, CVE-2021-47051, CVE-2021-47055, CVE-2021-47056, CVE-2021-47058, CVE-2021-47061, CVE-2021-47063, CVE-2021-47065, CVE-2021-47068, CVE-2021-47069, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47077, CVE-2021-47082, CVE-2021-47087, CVE-2021-47095, CVE-2021-47097, CVE-2021-47100, CVE-2021-47101, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47120, CVE-2021-47130, CVE-2021-47136, CVE-2021-47137, CVE-2021-47138, CVE-2021-47139, CVE-2021-47141, CVE-2021-47142, CVE-2021-47144, CVE-2021-47150, CVE-2021-47153, CVE-2021-47160, CVE-2021-47161, CVE-2021-47164, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47170, CVE-2021-47171, CVE-2021-47172, CVE-2021-47173, CVE-2021-47174, CVE-2021-47175, CVE-2021-47176, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2022-0487, CVE-2022-4744, CVE-2022-48626, CVE-2023-0160, CVE-2023-1192, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52492, CVE-2023-52500, CVE-2023-52508, CVE-2023-52509, CVE-2023-52572, CVE-2023-52575, CVE-2023-52583, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52628, CVE-2023-6270, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-22099, CVE-2024-26600, CVE-2024-26614, CVE-2024-26642, CVE-2024-26704, CVE-2024-26733
Jira References: PED-5759, SLE-13706, SLE-15131, SLE-15172, SLE-15176
Maintenance Incident: [SUSE:Maintenance:33221](https://smelt.suse.de/incident/33221/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Enterprise Storage 7.1 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
openSUSE Leap 15.3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-livepatch-SLE15-SP3_Update_43-1-150300.7.3.5, kernel-obs-build-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5, kernel-source-5.3.18-150300.59.158.1, kernel-obs-qa-5.3.18-150300.59.158.1
SUSE Linux Enterprise Live Patching 15-SP3 (src):
 kernel-livepatch-SLE15-SP3_Update_43-1-150300.7.3.5
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 kernel-syms-5.3.18-150300.59.158.1, kernel-obs-build-5.3.18-150300.59.158.1, kernel-source-5.3.18-150300.59.158.1, kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Carlos López 2024-07-03 12:02:20 UTC 
Done, closing.