Bug 1220649 (CVE-2023-52475) - VUL-0: CVE-2023-52475: kernel: Input: powermate: fix use-after-free in powermate_config_complete
Summary: VUL-0: CVE-2023-52475: kernel: Input: powermate: fix use-after-free in powerm...
Status: RESOLVED FIXED
Alias: CVE-2023-52475
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/395792/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-52475:6.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-29 10:17 UTC by SMASH SMASH
Modified: 2024-07-02 06:36 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-02-29 10:17:27 UTC 
In the Linux kernel, the following vulnerability has been resolved:

Input: powermate - fix use-after-free in powermate_config_complete

syzbot has found a use-after-free bug [1] in the powermate driver. This
happens when the device is disconnected, which leads to a memory free from
the powermate_device struct.  When an asynchronous control message
completes after the kfree and its callback is invoked, the lock does not
exist anymore and hence the bug.

Use usb_kill_urb() on pm->config to cancel any in-progress requests upon
device disconnection.

[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52475
https://www.cve.org/CVERecord?id=CVE-2023-52475
https://git.kernel.org/stable/c/2efe67c581a2a6122b328d4bb6f21b3f36f40d46
https://git.kernel.org/stable/c/5aa514100aaf59868d745196258269a16737c7bd
https://git.kernel.org/stable/c/5c15c60e7be615f05a45cd905093a54b11f461bc
https://git.kernel.org/stable/c/67cace72606baf1758fd60feb358f4c6be92e1cc
https://git.kernel.org/stable/c/6a4a396386404e62fb59bc3bde48871a64a82b4f
https://git.kernel.org/stable/c/8677575c4f39d65bf0d719b5d20e8042e550ccb9
https://git.kernel.org/stable/c/cd2fbfd8b922b7fdd50732e47d797754ab59cb06
https://git.kernel.org/stable/c/e528b1b9d60743e0b26224e3fe7aa74c24b8b2f8
Comment 1 Thomas Leroy 2024-02-29 10:26:46 UTC 
SLE15-SP6, cve/linux-5.14 and stable already fix. All other branches look affected,
Comment 3 Takashi Iwai 2024-03-01 19:17:49 UTC 
The fix backported to cve/linux-5.3, cve/linux-4.12, cve/linux-4.4 and cve/linux-3.0 branches.

Reassigned back to security team.
Comment 23 Maintenance Automation 2024-03-12 20:30:15 UTC 
SUSE-SU-2024:0855-1: An update that solves 50 vulnerabilities, contains one feature and has 23 security fixes can now be installed.

Category: security (important)
Bug References: 1194869, 1206453, 1209412, 1216776, 1217927, 1218195, 1218216, 1218450, 1218527, 1218562, 1218663, 1218915, 1219126, 1219127, 1219141, 1219146, 1219295, 1219443, 1219653, 1219827, 1219835, 1219839, 1219840, 1219934, 1220003, 1220009, 1220021, 1220030, 1220106, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220251, 1220253, 1220254, 1220255, 1220257, 1220267, 1220277, 1220317, 1220325, 1220326, 1220328, 1220330, 1220335, 1220344, 1220348, 1220350, 1220364, 1220392, 1220393, 1220398, 1220409, 1220433, 1220444, 1220457, 1220459, 1220469, 1220649, 1220735, 1220736, 1220796, 1220825, 1220845, 1220848, 1220917, 1220930, 1220931, 1220933
CVE References: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2021-46934, CVE-2021-47083, CVE-2022-48627, CVE-2022-48628, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52462, CVE-2023-52463, CVE-2023-52464, CVE-2023-52467, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52530, CVE-2023-52531, CVE-2023-52559, CVE-2023-6270, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-25744, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26607, CVE-2024-26622
Jira References: PED-7618
Sources used:
openSUSE Leap 15.5 (src): kernel-syms-azure-5.14.21-150500.33.37.1, kernel-source-azure-5.14.21-150500.33.37.1
Public Cloud Module 15-SP5 (src): kernel-syms-azure-5.14.21-150500.33.37.1, kernel-source-azure-5.14.21-150500.33.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Maintenance Automation 2024-03-13 08:30:14 UTC 
SUSE-SU-2024:0858-1: An update that solves 39 vulnerabilities, contains one feature and has 23 security fixes can now be installed.

Category: security (important)
Bug References: 1194869, 1206453, 1209412, 1213456, 1216776, 1217927, 1218195, 1218216, 1218450, 1218527, 1218663, 1218915, 1219126, 1219127, 1219141, 1219146, 1219295, 1219443, 1219653, 1219827, 1219835, 1219839, 1219840, 1219934, 1220003, 1220009, 1220021, 1220030, 1220106, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220251, 1220253, 1220254, 1220255, 1220257, 1220267, 1220277, 1220317, 1220326, 1220328, 1220330, 1220335, 1220344, 1220348, 1220350, 1220364, 1220392, 1220393, 1220398, 1220409, 1220444, 1220457, 1220459, 1220649, 1220796, 1220825
CVE References: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2023-28746, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52463, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-25744, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26622
Jira References: PED-7618
Sources used:
openSUSE Leap 15.5 (src): kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1, kernel-syms-5.14.21-150500.55.52.1, kernel-source-5.14.21-150500.55.52.1, kernel-obs-qa-5.14.21-150500.55.52.1, kernel-obs-build-5.14.21-150500.55.52.1, kernel-livepatch-SLE15-SP5_Update_11-1-150500.11.3.1
SUSE Linux Enterprise Micro 5.5 (src): kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1
Basesystem Module 15-SP5 (src): kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1, kernel-source-5.14.21-150500.55.52.1
Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.52.1, kernel-syms-5.14.21-150500.55.52.1, kernel-obs-build-5.14.21-150500.55.52.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_11-1-150500.11.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Maintenance Automation 2024-03-13 08:30:26 UTC 
SUSE-SU-2024:0857-1: An update that solves 67 vulnerabilities and has four security fixes can now be installed.

Category: security (important)
Bug References: 1200599, 1207653, 1212514, 1213456, 1216223, 1218195, 1218689, 1218915, 1219127, 1219128, 1219146, 1219295, 1219653, 1219827, 1219835, 1219915, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220253, 1220255, 1220328, 1220330, 1220344, 1220398, 1220409, 1220416, 1220418, 1220421, 1220436, 1220444, 1220459, 1220469, 1220482, 1220526, 1220538, 1220570, 1220572, 1220599, 1220627, 1220641, 1220649, 1220660, 1220689, 1220700, 1220735, 1220736, 1220737, 1220742, 1220745, 1220767, 1220796, 1220825, 1220826, 1220831, 1220845, 1220860, 1220863, 1220870, 1220917, 1220918, 1220930, 1220931, 1220932, 1221039, 1221040
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46904, CVE-2021-46905, CVE-2021-46906, CVE-2021-46915, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46934, CVE-2021-46953, CVE-2021-46964, CVE-2021-46966, CVE-2021-46968, CVE-2021-46974, CVE-2021-46989, CVE-2021-47005, CVE-2021-47012, CVE-2021-47013, CVE-2021-47054, CVE-2021-47060, CVE-2021-47061, CVE-2021-47069, CVE-2021-47076, CVE-2021-47078, CVE-2021-47083, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-51042, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52463, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52569, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2023-6817, CVE-2024-0340, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26593, CVE-2024-26595, CVE-2024-26602, CVE-2024-26607, CVE-2024-26622
Sources used:
openSUSE Leap 15.3 (src): kernel-obs-qa-5.3.18-150300.59.153.1, kernel-livepatch-SLE15-SP3_Update_42-1-150300.7.3.2, kernel-syms-5.3.18-150300.59.153.1, kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_42-1-150300.7.3.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-syms-5.3.18-150300.59.153.1, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-syms-5.3.18-150300.59.153.1, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-syms-5.3.18-150300.59.153.1, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Enterprise Storage 7.1 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2, kernel-source-5.3.18-150300.59.153.2, kernel-syms-5.3.18-150300.59.153.1, kernel-obs-build-5.3.18-150300.59.153.2
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Maintenance Automation 2024-03-13 08:30:45 UTC 
SUSE-SU-2024:0856-1: An update that solves 67 vulnerabilities and has seven security fixes can now be installed.

Category: security (important)
Bug References: 1155518, 1184436, 1185988, 1186286, 1200599, 1207653, 1212514, 1213456, 1216223, 1218195, 1218689, 1218915, 1219127, 1219128, 1219146, 1219295, 1219653, 1219827, 1219835, 1219915, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220253, 1220255, 1220328, 1220330, 1220344, 1220398, 1220409, 1220416, 1220418, 1220421, 1220436, 1220444, 1220459, 1220469, 1220482, 1220526, 1220538, 1220570, 1220572, 1220599, 1220627, 1220641, 1220649, 1220660, 1220700, 1220735, 1220736, 1220737, 1220742, 1220745, 1220767, 1220796, 1220825, 1220826, 1220831, 1220845, 1220860, 1220863, 1220870, 1220917, 1220918, 1220930, 1220931, 1220932, 1221039, 1221040
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46904, CVE-2021-46905, CVE-2021-46906, CVE-2021-46915, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46934, CVE-2021-46953, CVE-2021-46964, CVE-2021-46966, CVE-2021-46968, CVE-2021-46974, CVE-2021-46989, CVE-2021-47005, CVE-2021-47012, CVE-2021-47013, CVE-2021-47054, CVE-2021-47060, CVE-2021-47061, CVE-2021-47069, CVE-2021-47076, CVE-2021-47078, CVE-2021-47083, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-51042, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52463, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52569, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2023-6817, CVE-2024-0340, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26593, CVE-2024-26595, CVE-2024-26602, CVE-2024-26607, CVE-2024-26622
Sources used:
SUSE Linux Enterprise Micro 5.1 (src): kernel-source-rt-5.3.18-150300.161.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-source-rt-5.3.18-150300.161.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-source-rt-5.3.18-150300.161.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Maintenance Automation 2024-03-14 20:30:14 UTC 
SUSE-SU-2024:0900-1: An update that solves 49 vulnerabilities and has five security fixes can now be installed.

Category: security (important)
Bug References: 1211515, 1213456, 1214064, 1218195, 1218216, 1218562, 1218915, 1219073, 1219126, 1219127, 1219146, 1219295, 1219633, 1219653, 1219827, 1219835, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220251, 1220253, 1220254, 1220255, 1220257, 1220326, 1220328, 1220330, 1220335, 1220344, 1220350, 1220364, 1220398, 1220409, 1220433, 1220444, 1220457, 1220459, 1220469, 1220649, 1220735, 1220736, 1220796, 1220797, 1220825, 1220845, 1220917, 1220930, 1220931, 1220933
CVE References: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2021-46934, CVE-2021-47083, CVE-2022-48627, CVE-2023-28746, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52463, CVE-2023-52464, CVE-2023-52467, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52484, CVE-2023-52530, CVE-2023-52531, CVE-2023-52559, CVE-2023-6270, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26607, CVE-2024-26622
Sources used:
openSUSE Leap 15.4 (src): kernel-syms-5.14.21-150400.24.111.1, kernel-source-5.14.21-150400.24.111.1, kernel-obs-build-5.14.21-150400.24.111.1, kernel-livepatch-SLE15-SP4_Update_24-1-150400.9.3.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-obs-qa-5.14.21-150400.24.111.1
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
openSUSE Leap Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_24-1-150400.9.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): kernel-source-5.14.21-150400.24.111.1, kernel-obs-build-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): kernel-source-5.14.21-150400.24.111.1, kernel-obs-build-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): kernel-source-5.14.21-150400.24.111.1, kernel-obs-build-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): kernel-source-5.14.21-150400.24.111.1, kernel-obs-build-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): kernel-source-5.14.21-150400.24.111.1, kernel-obs-build-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1
SUSE Manager Proxy 4.3 (src): kernel-source-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Manager Retail Branch Server 4.3 (src): kernel-source-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1
SUSE Manager Server 4.3 (src): kernel-source-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Maintenance Automation 2024-03-15 16:30:11 UTC 
SUSE-SU-2024:0910-1: An update that solves 39 vulnerabilities, contains one feature and has 23 security fixes can now be installed.

Category: security (important)
Bug References: 1194869, 1206453, 1209412, 1213456, 1216776, 1217927, 1218195, 1218216, 1218450, 1218527, 1218663, 1218915, 1219126, 1219127, 1219141, 1219146, 1219295, 1219443, 1219653, 1219827, 1219835, 1219839, 1219840, 1219934, 1220003, 1220009, 1220021, 1220030, 1220106, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220251, 1220253, 1220254, 1220255, 1220257, 1220267, 1220277, 1220317, 1220326, 1220328, 1220330, 1220335, 1220344, 1220348, 1220350, 1220364, 1220392, 1220393, 1220398, 1220409, 1220444, 1220457, 1220459, 1220649, 1220796, 1220825
CVE References: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2023-28746, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52463, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-25744, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26622
Jira References: PED-7618
Sources used:
openSUSE Leap 15.5 (src): kernel-source-rt-5.14.21-150500.13.38.1, kernel-syms-rt-5.14.21-150500.13.38.1, kernel-livepatch-SLE15-SP5-RT_Update_11-1-150500.11.3.1
SUSE Linux Enterprise Micro 5.5 (src): kernel-source-rt-5.14.21-150500.13.38.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_11-1-150500.11.3.1
SUSE Real Time Module 15-SP5 (src): kernel-source-rt-5.14.21-150500.13.38.1, kernel-syms-rt-5.14.21-150500.13.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Maintenance Automation 2024-03-15 16:30:24 UTC 
SUSE-SU-2024:0900-2: An update that solves 49 vulnerabilities and has five security fixes can now be installed.

Category: security (important)
Bug References: 1211515, 1213456, 1214064, 1218195, 1218216, 1218562, 1218915, 1219073, 1219126, 1219127, 1219146, 1219295, 1219633, 1219653, 1219827, 1219835, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220251, 1220253, 1220254, 1220255, 1220257, 1220326, 1220328, 1220330, 1220335, 1220344, 1220350, 1220364, 1220398, 1220409, 1220433, 1220444, 1220457, 1220459, 1220469, 1220649, 1220735, 1220736, 1220796, 1220797, 1220825, 1220845, 1220917, 1220930, 1220931, 1220933
CVE References: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2021-46934, CVE-2021-47083, CVE-2022-48627, CVE-2023-28746, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52463, CVE-2023-52464, CVE-2023-52467, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52484, CVE-2023-52530, CVE-2023-52531, CVE-2023-52559, CVE-2023-6270, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26607, CVE-2024-26622
Sources used:
SUSE Manager Proxy 4.3 (src): kernel-source-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1
SUSE Manager Server 4.3 (src): kernel-source-5.14.21-150400.24.111.1, kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1, kernel-syms-5.14.21-150400.24.111.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Maintenance Automation 2024-03-22 12:30:11 UTC 
SUSE-SU-2024:0976-1: An update that solves 47 vulnerabilities and has nine security fixes can now be installed.

Category: security (important)
Bug References: 1050549, 1186484, 1200599, 1212514, 1213456, 1218450, 1218527, 1218915, 1219127, 1219146, 1219295, 1219653, 1219827, 1219835, 1220187, 1220238, 1220240, 1220241, 1220250, 1220330, 1220340, 1220344, 1220409, 1220421, 1220436, 1220444, 1220459, 1220468, 1220482, 1220526, 1220570, 1220575, 1220599, 1220607, 1220613, 1220638, 1220641, 1220649, 1220700, 1220735, 1220767, 1220796, 1220825, 1220831, 1220845, 1220860, 1220861, 1220863, 1220870, 1220930, 1220931, 1220932, 1220957, 1221039, 1221040, 1221287
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52443, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:32929](https://smelt.suse.de/incident/32929/)
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src):
 kernel-source-rt-4.12.14-10.171.1, kernel-syms-rt-4.12.14-10.171.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Maintenance Automation 2024-03-22 12:30:22 UTC 
SUSE-SU-2024:0975-1: An update that solves 52 vulnerabilities and has seven security fixes can now be installed.

Category: security (important)
Bug References: 1050549, 1186484, 1200599, 1212514, 1213456, 1217987, 1217988, 1217989, 1218450, 1218527, 1218915, 1219127, 1219146, 1219295, 1219653, 1219827, 1219835, 1220187, 1220238, 1220240, 1220241, 1220250, 1220330, 1220340, 1220344, 1220409, 1220421, 1220436, 1220444, 1220459, 1220468, 1220482, 1220526, 1220570, 1220575, 1220599, 1220607, 1220613, 1220638, 1220641, 1220649, 1220700, 1220735, 1220767, 1220796, 1220825, 1220831, 1220845, 1220860, 1220861, 1220863, 1220870, 1220930, 1220931, 1220932, 1220957, 1221039, 1221040, 1221287
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-33200, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52443, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:32910](https://smelt.suse.de/incident/32910/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-source-azure-4.12.14-16.173.1, kernel-syms-azure-4.12.14-16.173.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-source-azure-4.12.14-16.173.1, kernel-syms-azure-4.12.14-16.173.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-source-azure-4.12.14-16.173.1, kernel-syms-azure-4.12.14-16.173.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Maintenance Automation 2024-03-22 12:32:10 UTC 
SUSE-SU-2024:0926-1: An update that solves 65 vulnerabilities and has six security fixes can now be installed.

Category: security (important)
Bug References: 1155518, 1184436, 1185988, 1186286, 1200599, 1212514, 1213456, 1218689, 1218915, 1219127, 1219128, 1219146, 1219295, 1219653, 1219827, 1219835, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220253, 1220255, 1220328, 1220330, 1220344, 1220398, 1220409, 1220416, 1220418, 1220421, 1220436, 1220444, 1220459, 1220469, 1220482, 1220526, 1220538, 1220570, 1220572, 1220599, 1220627, 1220641, 1220649, 1220660, 1220700, 1220735, 1220736, 1220737, 1220742, 1220745, 1220767, 1220796, 1220825, 1220826, 1220831, 1220845, 1220860, 1220863, 1220870, 1220917, 1220918, 1220930, 1220931, 1220932, 1221039, 1221040, 1221287
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46904, CVE-2021-46905, CVE-2021-46906, CVE-2021-46915, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46934, CVE-2021-46953, CVE-2021-46964, CVE-2021-46966, CVE-2021-46974, CVE-2021-46989, CVE-2021-47005, CVE-2021-47012, CVE-2021-47013, CVE-2021-47054, CVE-2021-47060, CVE-2021-47061, CVE-2021-47069, CVE-2021-47076, CVE-2021-47078, CVE-2021-47083, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-51042, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52463, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52569, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0340, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26593, CVE-2024-26595, CVE-2024-26602, CVE-2024-26607, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:32904](https://smelt.suse.de/incident/32904/)
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src):
 kernel-livepatch-SLE15-SP2_Update_46-1-150200.5.3.2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 kernel-obs-build-5.3.18-150200.24.183.1, kernel-syms-5.3.18-150200.24.183.1, kernel-source-5.3.18-150200.24.183.1, kernel-default-base-5.3.18-150200.24.183.1.150200.9.93.2
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 kernel-obs-build-5.3.18-150200.24.183.1, kernel-syms-5.3.18-150200.24.183.1, kernel-source-5.3.18-150200.24.183.1, kernel-default-base-5.3.18-150200.24.183.1.150200.9.93.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 kernel-obs-build-5.3.18-150200.24.183.1, kernel-syms-5.3.18-150200.24.183.1, kernel-source-5.3.18-150200.24.183.1, kernel-default-base-5.3.18-150200.24.183.1.150200.9.93.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Maintenance Automation 2024-03-22 12:32:25 UTC 
SUSE-SU-2024:0925-1: An update that solves 49 vulnerabilities and has seven security fixes can now be installed.

Category: security (important)
Bug References: 1050549, 1186484, 1200599, 1212514, 1213456, 1218450, 1218527, 1218915, 1219127, 1219146, 1219295, 1219653, 1219827, 1219835, 1220187, 1220238, 1220240, 1220241, 1220250, 1220330, 1220340, 1220344, 1220409, 1220421, 1220436, 1220444, 1220459, 1220468, 1220482, 1220526, 1220570, 1220575, 1220599, 1220607, 1220613, 1220638, 1220641, 1220649, 1220700, 1220735, 1220767, 1220796, 1220825, 1220831, 1220845, 1220860, 1220861, 1220863, 1220870, 1220930, 1220931, 1220932, 1220957, 1221039, 1221040, 1221287
CVE References: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-33200, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52443, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600:, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:32885](https://smelt.suse.de/incident/32885/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_54-1-8.7.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.201.2
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-4.12.14-122.201.1, kernel-source-4.12.14-122.201.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-4.12.14-122.201.1, kernel-source-4.12.14-122.201.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-4.12.14-122.201.1, kernel-source-4.12.14-122.201.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Maintenance Automation 2024-03-22 16:30:10 UTC 
SUSE-SU-2024:0977-1: An update that solves 49 vulnerabilities and has five security fixes can now be installed.

Category: security (important)
Bug References: 1211515, 1213456, 1214064, 1218195, 1218216, 1218562, 1218915, 1219073, 1219126, 1219127, 1219146, 1219295, 1219633, 1219653, 1219827, 1219835, 1220009, 1220140, 1220187, 1220238, 1220240, 1220241, 1220243, 1220250, 1220251, 1220253, 1220254, 1220255, 1220257, 1220326, 1220328, 1220330, 1220335, 1220344, 1220350, 1220364, 1220398, 1220409, 1220433, 1220444, 1220457, 1220459, 1220469, 1220649, 1220735, 1220736, 1220796, 1220797, 1220825, 1220845, 1220917, 1220930, 1220931, 1220933
CVE References: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2021-46934, CVE-2021-47083, CVE-2022-48627, CVE-2023-28746, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52463, CVE-2023-52464, CVE-2023-52467, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52484, CVE-2023-52530, CVE-2023-52531, CVE-2023-52559, CVE-2023-6270, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26607, CVE-2024-26622
Maintenance Incident: [SUSE:Maintenance:33016](https://smelt.suse.de/incident/33016/)
Sources used:
SUSE Linux Enterprise Micro for Rancher 5.3 (src):
 kernel-source-rt-5.14.21-150400.15.71.1
SUSE Linux Enterprise Micro 5.3 (src):
 kernel-source-rt-5.14.21-150400.15.71.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src):
 kernel-source-rt-5.14.21-150400.15.71.1
SUSE Linux Enterprise Micro 5.4 (src):
 kernel-source-rt-5.14.21-150400.15.71.1
SUSE Linux Enterprise Live Patching 15-SP4 (src):
 kernel-livepatch-SLE15-SP4-RT_Update_19-1-150400.1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.