1222304 – (CVE-2024-26654) VUL-0: CVE-2024-26654: kernel: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs

Bug 1222304 (CVE-2024-26654) - VUL-0: CVE-2024-26654: kernel: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs

Summary: VUL-0: CVE-2024-26654: kernel: ALSA: sh: aica: reorder cleanup operations to ...

Status:	NEW

Alias:	CVE-2024-26654

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/399863/
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-26654:5.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-04-04 11:20 UTC by SMASH SMASH
Modified:	2024-07-03 08:53 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-04-04 11:20:29 UTC

In the Linux kernel, the following vulnerability has been resolved:

ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs

The dreamcastcard->timer could schedule the spu_dma_work and the
spu_dma_work could also arm the dreamcastcard->timer.

When the snd_pcm_substream is closing, the aica_channel will be
deallocated. But it could still be dereferenced in the worker
thread. The reason is that del_timer() will return directly
regardless of whether the timer handler is running or not and
the worker could be rescheduled in the timer handler. As a result,
the UAF bug will happen. The racy situation is shown below:

      (Thread 1)                 |      (Thread 2)
snd_aicapcm_pcm_close()          |
 ...                             |  run_spu_dma() //worker
                                 |    mod_timer()
  flush_work()                   |
  del_timer()                    |  aica_period_elapsed() //timer
  kfree(dreamcastcard->channel)  |    schedule_work()
                                 |  run_spu_dma() //worker
  ...                            |    dreamcastcard->channel-> //USE

In order to mitigate this bug and other possible corner cases,
call mod_timer() conditionally in run_spu_dma(), then implement
PCM sync_stop op to cancel both the timer and worker. The sync_stop
op will be called from PCM core appropriately when needed.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26654
https://www.cve.org/CVERecord?id=CVE-2024-26654
https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457
https://bugzilla.redhat.com/show_bug.cgi?id=2272446
https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04
https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046
https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3
https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901

Comment 12 Maintenance Automation 2024-04-17 08:30:28 UTC

SUSE-SU-2024:1322-1: An update that solves 149 vulnerabilities, contains four features and has 29 security fixes can now be installed.

Category: security (important)
Bug References: 1194869, 1200465, 1205316, 1207948, 1209635, 1209657, 1212514, 1213456, 1214852, 1215221, 1215322, 1217339, 1217959, 1217987, 1217988, 1217989, 1218321, 1218336, 1218479, 1218562, 1218643, 1218777, 1219169, 1219170, 1219264, 1219834, 1220114, 1220176, 1220237, 1220251, 1220320, 1220325, 1220328, 1220337, 1220340, 1220365, 1220366, 1220398, 1220411, 1220413, 1220433, 1220439, 1220443, 1220445, 1220466, 1220469, 1220478, 1220482, 1220484, 1220486, 1220487, 1220492, 1220703, 1220735, 1220736, 1220775, 1220790, 1220797, 1220831, 1220833, 1220836, 1220839, 1220840, 1220843, 1220845, 1220848, 1220870, 1220871, 1220872, 1220878, 1220879, 1220883, 1220885, 1220887, 1220898, 1220917, 1220918, 1220920, 1220921, 1220926, 1220927, 1220929, 1220930, 1220931, 1220932, 1220933, 1220937, 1220938, 1220940, 1220954, 1220955, 1220959, 1220960, 1220961, 1220965, 1220969, 1220978, 1220979, 1220981, 1220982, 1220983, 1220985, 1220986, 1220987, 1220989, 1220990, 1221009, 1221012, 1221015, 1221022, 1221039, 1221040, 1221044, 1221045, 1221046, 1221048, 1221055, 1221056, 1221058, 1221060, 1221061, 1221062, 1221066, 1221067, 1221068, 1221069, 1221070, 1221071, 1221077, 1221082, 1221090, 1221097, 1221156, 1221252, 1221273, 1221274, 1221276, 1221277, 1221291, 1221293, 1221298, 1221337, 1221338, 1221375, 1221379, 1221551, 1221553, 1221613, 1221614, 1221616, 1221618, 1221631, 1221633, 1221713, 1221725, 1221777, 1221814, 1221816, 1221830, 1221951, 1222033, 1222056, 1222060, 1222070, 1222073, 1222117, 1222274, 1222291, 1222300, 1222304, 1222317, 1222331, 1222355, 1222356, 1222360, 1222366, 1222373, 1222619
CVE References: CVE-2021-46925, CVE-2021-46926, CVE-2021-46927, CVE-2021-46929, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46934, CVE-2021-46936, CVE-2021-47082, CVE-2021-47083, CVE-2021-47087, CVE-2021-47091, CVE-2021-47093, CVE-2021-47094, CVE-2021-47095, CVE-2021-47096, CVE-2021-47097, CVE-2021-47098, CVE-2021-47099, CVE-2021-47100, CVE-2021-47101, CVE-2021-47102, CVE-2021-47104, CVE-2021-47105, CVE-2021-47107, CVE-2021-47108, CVE-2022-4744, CVE-2022-48626, CVE-2022-48627, CVE-2022-48628, CVE-2022-48629, CVE-2022-48630, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-4881, CVE-2023-52447, CVE-2023-52450, CVE-2023-52453, CVE-2023-52454, CVE-2023-52462, CVE-2023-52463, CVE-2023-52467, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52481, CVE-2023-52482, CVE-2023-52484, CVE-2023-52486, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52497, CVE-2023-52500, CVE-2023-52501, CVE-2023-52502, CVE-2023-52504, CVE-2023-52507, CVE-2023-52508, CVE-2023-52509, CVE-2023-52510, CVE-2023-52511, CVE-2023-52513, CVE-2023-52515, CVE-2023-52517, CVE-2023-52518, CVE-2023-52519, CVE-2023-52520, CVE-2023-52523, CVE-2023-52524, CVE-2023-52525, CVE-2023-52528, CVE-2023-52529, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52559, CVE-2023-52563, CVE-2023-52564, CVE-2023-52566, CVE-2023-52567, CVE-2023-52569, CVE-2023-52574, CVE-2023-52575, CVE-2023-52576, CVE-2023-52582, CVE-2023-52583, CVE-2023-52587, CVE-2023-52591, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52605, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52612, CVE-2023-52615, CVE-2023-52617, CVE-2023-52619, CVE-2023-52621, CVE-2023-52623, CVE-2023-52628, CVE-2023-52632, CVE-2023-52637, CVE-2023-52639, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-0841, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-25739, CVE-2024-25742, CVE-2024-26599, CVE-2024-26600, CVE-2024-26602, CVE-2024-26607, CVE-2024-26612, CVE-2024-26614, CVE-2024-26620, CVE-2024-26627, CVE-2024-26629, CVE-2024-26642, CVE-2024-26645, CVE-2024-26646, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26664, CVE-2024-26667, CVE-2024-26670, CVE-2024-26695, CVE-2024-26717
Jira References: PED-5759, PED-7167, PED-7618, PED-7619
Maintenance Incident: [SUSE:Maintenance:33361](https://smelt.suse.de/incident/33361/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-source-rt-5.14.21-150500.13.43.1, kernel-syms-rt-5.14.21-150500.13.43.1, kernel-livepatch-SLE15-SP5-RT_Update_12-1-150500.11.5.1
SUSE Linux Enterprise Micro 5.5 (src):
 kernel-source-rt-5.14.21-150500.13.43.1
SUSE Linux Enterprise Live Patching 15-SP5 (src):
 kernel-livepatch-SLE15-SP5-RT_Update_12-1-150500.11.5.1
SUSE Real Time Module 15-SP5 (src):
 kernel-source-rt-5.14.21-150500.13.43.1, kernel-syms-rt-5.14.21-150500.13.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Maintenance Automation 2024-04-18 12:30:30 UTC

SUSE-SU-2024:1332-1: An update that solves 135 vulnerabilities, contains three features and has 29 security fixes can now be installed.

Category: security (important)
Bug References: 1194869, 1200465, 1205316, 1207948, 1209635, 1209657, 1212514, 1213456, 1214852, 1215221, 1215322, 1217339, 1217959, 1217987, 1217988, 1217989, 1218321, 1218336, 1218479, 1218643, 1218777, 1219169, 1219170, 1219264, 1219834, 1220114, 1220176, 1220237, 1220251, 1220320, 1220337, 1220340, 1220365, 1220366, 1220398, 1220411, 1220413, 1220439, 1220443, 1220445, 1220466, 1220478, 1220482, 1220484, 1220486, 1220487, 1220492, 1220703, 1220775, 1220790, 1220797, 1220831, 1220833, 1220836, 1220839, 1220840, 1220843, 1220870, 1220871, 1220872, 1220878, 1220879, 1220883, 1220885, 1220887, 1220898, 1220918, 1220920, 1220921, 1220926, 1220927, 1220929, 1220932, 1220937, 1220938, 1220940, 1220954, 1220955, 1220959, 1220960, 1220961, 1220965, 1220969, 1220978, 1220979, 1220981, 1220982, 1220983, 1220985, 1220986, 1220987, 1220989, 1220990, 1221009, 1221012, 1221015, 1221022, 1221039, 1221040, 1221044, 1221045, 1221046, 1221048, 1221055, 1221056, 1221058, 1221060, 1221061, 1221062, 1221066, 1221067, 1221068, 1221069, 1221070, 1221071, 1221077, 1221082, 1221090, 1221097, 1221156, 1221252, 1221273, 1221274, 1221276, 1221277, 1221291, 1221293, 1221298, 1221337, 1221338, 1221375, 1221379, 1221551, 1221553, 1221613, 1221614, 1221616, 1221618, 1221631, 1221633, 1221713, 1221777, 1221814, 1221816, 1221830, 1221951, 1222033, 1222056, 1222060, 1222070, 1222073, 1222117, 1222274, 1222291, 1222300, 1222304, 1222317, 1222331, 1222355, 1222356, 1222360, 1222366, 1222373, 1222619
CVE References: CVE-2021-46925, CVE-2021-46926, CVE-2021-46927, CVE-2021-46929, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46936, CVE-2021-47082, CVE-2021-47087, CVE-2021-47091, CVE-2021-47093, CVE-2021-47094, CVE-2021-47095, CVE-2021-47096, CVE-2021-47097, CVE-2021-47098, CVE-2021-47099, CVE-2021-47100, CVE-2021-47101, CVE-2021-47102, CVE-2021-47104, CVE-2021-47105, CVE-2021-47107, CVE-2021-47108, CVE-2022-4744, CVE-2022-48626, CVE-2022-48629, CVE-2022-48630, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-4881, CVE-2023-52447, CVE-2023-52450, CVE-2023-52453, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52481, CVE-2023-52484, CVE-2023-52486, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52497, CVE-2023-52500, CVE-2023-52501, CVE-2023-52502, CVE-2023-52504, CVE-2023-52507, CVE-2023-52508, CVE-2023-52509, CVE-2023-52510, CVE-2023-52511, CVE-2023-52513, CVE-2023-52515, CVE-2023-52517, CVE-2023-52518, CVE-2023-52519, CVE-2023-52520, CVE-2023-52523, CVE-2023-52524, CVE-2023-52525, CVE-2023-52528, CVE-2023-52529, CVE-2023-52532, CVE-2023-52563, CVE-2023-52564, CVE-2023-52566, CVE-2023-52567, CVE-2023-52569, CVE-2023-52574, CVE-2023-52575, CVE-2023-52576, CVE-2023-52582, CVE-2023-52583, CVE-2023-52587, CVE-2023-52591, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52605, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52612, CVE-2023-52615, CVE-2023-52617, CVE-2023-52619, CVE-2023-52621, CVE-2023-52623, CVE-2023-52628, CVE-2023-52632, CVE-2023-52637, CVE-2023-52639, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-0841, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-25739, CVE-2024-26599, CVE-2024-26600, CVE-2024-26602, CVE-2024-26612, CVE-2024-26614, CVE-2024-26620, CVE-2024-26627, CVE-2024-26629, CVE-2024-26642, CVE-2024-26645, CVE-2024-26646, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26664, CVE-2024-26667, CVE-2024-26670, CVE-2024-26695, CVE-2024-26717
Jira References: PED-5759, PED-7167, PED-7619
Maintenance Incident: [SUSE:Maintenance:33353](https://smelt.suse.de/incident/33353/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-syms-azure-5.14.21-150500.33.42.1, kernel-source-azure-5.14.21-150500.33.42.1
Public Cloud Module 15-SP5 (src):
 kernel-syms-azure-5.14.21-150500.33.42.1, kernel-source-azure-5.14.21-150500.33.42.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Maintenance Automation 2024-04-18 16:30:22 UTC

SUSE-SU-2024:1322-2: An update that solves 149 vulnerabilities, contains four features and has 29 security fixes can now be installed.

Category: security (important)
Bug References: 1194869, 1200465, 1205316, 1207948, 1209635, 1209657, 1212514, 1213456, 1214852, 1215221, 1215322, 1217339, 1217959, 1217987, 1217988, 1217989, 1218321, 1218336, 1218479, 1218562, 1218643, 1218777, 1219169, 1219170, 1219264, 1219834, 1220114, 1220176, 1220237, 1220251, 1220320, 1220325, 1220328, 1220337, 1220340, 1220365, 1220366, 1220398, 1220411, 1220413, 1220433, 1220439, 1220443, 1220445, 1220466, 1220469, 1220478, 1220482, 1220484, 1220486, 1220487, 1220492, 1220703, 1220735, 1220736, 1220775, 1220790, 1220797, 1220831, 1220833, 1220836, 1220839, 1220840, 1220843, 1220845, 1220848, 1220870, 1220871, 1220872, 1220878, 1220879, 1220883, 1220885, 1220887, 1220898, 1220917, 1220918, 1220920, 1220921, 1220926, 1220927, 1220929, 1220930, 1220931, 1220932, 1220933, 1220937, 1220938, 1220940, 1220954, 1220955, 1220959, 1220960, 1220961, 1220965, 1220969, 1220978, 1220979, 1220981, 1220982, 1220983, 1220985, 1220986, 1220987, 1220989, 1220990, 1221009, 1221012, 1221015, 1221022, 1221039, 1221040, 1221044, 1221045, 1221046, 1221048, 1221055, 1221056, 1221058, 1221060, 1221061, 1221062, 1221066, 1221067, 1221068, 1221069, 1221070, 1221071, 1221077, 1221082, 1221090, 1221097, 1221156, 1221252, 1221273, 1221274, 1221276, 1221277, 1221291, 1221293, 1221298, 1221337, 1221338, 1221375, 1221379, 1221551, 1221553, 1221613, 1221614, 1221616, 1221618, 1221631, 1221633, 1221713, 1221725, 1221777, 1221814, 1221816, 1221830, 1221951, 1222033, 1222056, 1222060, 1222070, 1222073, 1222117, 1222274, 1222291, 1222300, 1222304, 1222317, 1222331, 1222355, 1222356, 1222360, 1222366, 1222373, 1222619
CVE References: CVE-2021-46925, CVE-2021-46926, CVE-2021-46927, CVE-2021-46929, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46934, CVE-2021-46936, CVE-2021-47082, CVE-2021-47083, CVE-2021-47087, CVE-2021-47091, CVE-2021-47093, CVE-2021-47094, CVE-2021-47095, CVE-2021-47096, CVE-2021-47097, CVE-2021-47098, CVE-2021-47099, CVE-2021-47100, CVE-2021-47101, CVE-2021-47102, CVE-2021-47104, CVE-2021-47105, CVE-2021-47107, CVE-2021-47108, CVE-2022-4744, CVE-2022-48626, CVE-2022-48627, CVE-2022-48628, CVE-2022-48629, CVE-2022-48630, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-4881, CVE-2023-52447, CVE-2023-52450, CVE-2023-52453, CVE-2023-52454, CVE-2023-52462, CVE-2023-52463, CVE-2023-52467, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52481, CVE-2023-52482, CVE-2023-52484, CVE-2023-52486, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52497, CVE-2023-52500, CVE-2023-52501, CVE-2023-52502, CVE-2023-52504, CVE-2023-52507, CVE-2023-52508, CVE-2023-52509, CVE-2023-52510, CVE-2023-52511, CVE-2023-52513, CVE-2023-52515, CVE-2023-52517, CVE-2023-52518, CVE-2023-52519, CVE-2023-52520, CVE-2023-52523, CVE-2023-52524, CVE-2023-52525, CVE-2023-52528, CVE-2023-52529, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52559, CVE-2023-52563, CVE-2023-52564, CVE-2023-52566, CVE-2023-52567, CVE-2023-52569, CVE-2023-52574, CVE-2023-52575, CVE-2023-52576, CVE-2023-52582, CVE-2023-52583, CVE-2023-52587, CVE-2023-52591, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52605, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52612, CVE-2023-52615, CVE-2023-52617, CVE-2023-52619, CVE-2023-52621, CVE-2023-52623, CVE-2023-52628, CVE-2023-52632, CVE-2023-52637, CVE-2023-52639, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-0841, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-25739, CVE-2024-25742, CVE-2024-26599, CVE-2024-26600, CVE-2024-26602, CVE-2024-26607, CVE-2024-26612, CVE-2024-26614, CVE-2024-26620, CVE-2024-26627, CVE-2024-26629, CVE-2024-26642, CVE-2024-26645, CVE-2024-26646, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26664, CVE-2024-26667, CVE-2024-26670, CVE-2024-26695, CVE-2024-26717
Jira References: PED-5759, PED-7167, PED-7618, PED-7619
Maintenance Incident: [SUSE:Maintenance:33361](https://smelt.suse.de/incident/33361/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-source-rt-5.14.21-150500.13.43.1, kernel-syms-rt-5.14.21-150500.13.43.1, kernel-livepatch-SLE15-SP5-RT_Update_12-1-150500.11.5.1
SUSE Linux Enterprise Micro 5.5 (src):
 kernel-source-rt-5.14.21-150500.13.43.1
SUSE Linux Enterprise Live Patching 15-SP5 (src):
 kernel-livepatch-SLE15-SP5-RT_Update_12-1-150500.11.5.1
SUSE Real Time Module 15-SP5 (src):
 kernel-source-rt-5.14.21-150500.13.43.1, kernel-syms-rt-5.14.21-150500.13.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Maintenance Automation 2024-04-18 16:30:59 UTC

SUSE-SU-2024:1332-2: An update that solves 135 vulnerabilities, contains three features and has 29 security fixes can now be installed.

Category: security (important)
Bug References: 1194869, 1200465, 1205316, 1207948, 1209635, 1209657, 1212514, 1213456, 1214852, 1215221, 1215322, 1217339, 1217959, 1217987, 1217988, 1217989, 1218321, 1218336, 1218479, 1218643, 1218777, 1219169, 1219170, 1219264, 1219834, 1220114, 1220176, 1220237, 1220251, 1220320, 1220337, 1220340, 1220365, 1220366, 1220398, 1220411, 1220413, 1220439, 1220443, 1220445, 1220466, 1220478, 1220482, 1220484, 1220486, 1220487, 1220492, 1220703, 1220775, 1220790, 1220797, 1220831, 1220833, 1220836, 1220839, 1220840, 1220843, 1220870, 1220871, 1220872, 1220878, 1220879, 1220883, 1220885, 1220887, 1220898, 1220918, 1220920, 1220921, 1220926, 1220927, 1220929, 1220932, 1220937, 1220938, 1220940, 1220954, 1220955, 1220959, 1220960, 1220961, 1220965, 1220969, 1220978, 1220979, 1220981, 1220982, 1220983, 1220985, 1220986, 1220987, 1220989, 1220990, 1221009, 1221012, 1221015, 1221022, 1221039, 1221040, 1221044, 1221045, 1221046, 1221048, 1221055, 1221056, 1221058, 1221060, 1221061, 1221062, 1221066, 1221067, 1221068, 1221069, 1221070, 1221071, 1221077, 1221082, 1221090, 1221097, 1221156, 1221252, 1221273, 1221274, 1221276, 1221277, 1221291, 1221293, 1221298, 1221337, 1221338, 1221375, 1221379, 1221551, 1221553, 1221613, 1221614, 1221616, 1221618, 1221631, 1221633, 1221713, 1221777, 1221814, 1221816, 1221830, 1221951, 1222033, 1222056, 1222060, 1222070, 1222073, 1222117, 1222274, 1222291, 1222300, 1222304, 1222317, 1222331, 1222355, 1222356, 1222360, 1222366, 1222373, 1222619
CVE References: CVE-2021-46925, CVE-2021-46926, CVE-2021-46927, CVE-2021-46929, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46936, CVE-2021-47082, CVE-2021-47087, CVE-2021-47091, CVE-2021-47093, CVE-2021-47094, CVE-2021-47095, CVE-2021-47096, CVE-2021-47097, CVE-2021-47098, CVE-2021-47099, CVE-2021-47100, CVE-2021-47101, CVE-2021-47102, CVE-2021-47104, CVE-2021-47105, CVE-2021-47107, CVE-2021-47108, CVE-2022-4744, CVE-2022-48626, CVE-2022-48629, CVE-2022-48630, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-4881, CVE-2023-52447, CVE-2023-52450, CVE-2023-52453, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52481, CVE-2023-52484, CVE-2023-52486, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52497, CVE-2023-52500, CVE-2023-52501, CVE-2023-52502, CVE-2023-52504, CVE-2023-52507, CVE-2023-52508, CVE-2023-52509, CVE-2023-52510, CVE-2023-52511, CVE-2023-52513, CVE-2023-52515, CVE-2023-52517, CVE-2023-52518, CVE-2023-52519, CVE-2023-52520, CVE-2023-52523, CVE-2023-52524, CVE-2023-52525, CVE-2023-52528, CVE-2023-52529, CVE-2023-52532, CVE-2023-52563, CVE-2023-52564, CVE-2023-52566, CVE-2023-52567, CVE-2023-52569, CVE-2023-52574, CVE-2023-52575, CVE-2023-52576, CVE-2023-52582, CVE-2023-52583, CVE-2023-52587, CVE-2023-52591, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52605, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52612, CVE-2023-52615, CVE-2023-52617, CVE-2023-52619, CVE-2023-52621, CVE-2023-52623, CVE-2023-52628, CVE-2023-52632, CVE-2023-52637, CVE-2023-52639, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-0841, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-25739, CVE-2024-26599, CVE-2024-26600, CVE-2024-26602, CVE-2024-26612, CVE-2024-26614, CVE-2024-26620, CVE-2024-26627, CVE-2024-26629, CVE-2024-26642, CVE-2024-26645, CVE-2024-26646, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26664, CVE-2024-26667, CVE-2024-26670, CVE-2024-26695, CVE-2024-26717
Jira References: PED-5759, PED-7167, PED-7619
Maintenance Incident: [SUSE:Maintenance:33353](https://smelt.suse.de/incident/33353/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-syms-azure-5.14.21-150500.33.42.1, kernel-source-azure-5.14.21-150500.33.42.1
Public Cloud Module 15-SP5 (src):
 kernel-syms-azure-5.14.21-150500.33.42.1, kernel-source-azure-5.14.21-150500.33.42.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Maintenance Automation 2024-04-29 16:30:30 UTC

SUSE-SU-2024:1466-1: An update that solves 149 vulnerabilities, contains four features and has 31 security fixes can now be installed.

Category: security (important)
Bug References: 1194869, 1200465, 1205316, 1207948, 1209635, 1209657, 1212514, 1213456, 1214852, 1215221, 1215322, 1217339, 1217829, 1217959, 1217987, 1217988, 1217989, 1218321, 1218336, 1218479, 1218562, 1218643, 1218777, 1219169, 1219170, 1219264, 1219834, 1220114, 1220176, 1220237, 1220251, 1220320, 1220325, 1220328, 1220337, 1220340, 1220365, 1220366, 1220398, 1220411, 1220413, 1220433, 1220439, 1220443, 1220445, 1220466, 1220469, 1220478, 1220482, 1220484, 1220486, 1220487, 1220492, 1220703, 1220735, 1220736, 1220775, 1220790, 1220797, 1220831, 1220833, 1220836, 1220839, 1220840, 1220843, 1220845, 1220848, 1220870, 1220871, 1220872, 1220878, 1220879, 1220883, 1220885, 1220887, 1220898, 1220917, 1220918, 1220920, 1220921, 1220926, 1220927, 1220929, 1220930, 1220931, 1220932, 1220933, 1220937, 1220938, 1220940, 1220954, 1220955, 1220959, 1220960, 1220961, 1220965, 1220969, 1220978, 1220979, 1220981, 1220982, 1220983, 1220985, 1220986, 1220987, 1220989, 1220990, 1221009, 1221012, 1221015, 1221022, 1221039, 1221040, 1221044, 1221045, 1221046, 1221048, 1221055, 1221056, 1221058, 1221060, 1221061, 1221062, 1221066, 1221067, 1221068, 1221069, 1221070, 1221071, 1221077, 1221082, 1221090, 1221097, 1221156, 1221252, 1221273, 1221274, 1221276, 1221277, 1221291, 1221293, 1221298, 1221337, 1221338, 1221375, 1221379, 1221551, 1221553, 1221613, 1221614, 1221616, 1221618, 1221631, 1221633, 1221713, 1221725, 1221777, 1221814, 1221816, 1221830, 1221951, 1222033, 1222056, 1222060, 1222070, 1222073, 1222117, 1222274, 1222291, 1222300, 1222304, 1222317, 1222331, 1222355, 1222356, 1222360, 1222366, 1222373, 1222619, 1222952
CVE References: CVE-2021-46925, CVE-2021-46926, CVE-2021-46927, CVE-2021-46929, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46934, CVE-2021-46936, CVE-2021-47082, CVE-2021-47083, CVE-2021-47087, CVE-2021-47091, CVE-2021-47093, CVE-2021-47094, CVE-2021-47095, CVE-2021-47096, CVE-2021-47097, CVE-2021-47098, CVE-2021-47099, CVE-2021-47100, CVE-2021-47101, CVE-2021-47102, CVE-2021-47104, CVE-2021-47105, CVE-2021-47107, CVE-2021-47108, CVE-2022-4744, CVE-2022-48626, CVE-2022-48627, CVE-2022-48628, CVE-2022-48629, CVE-2022-48630, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-4881, CVE-2023-52447, CVE-2023-52450, CVE-2023-52453, CVE-2023-52454, CVE-2023-52462, CVE-2023-52463, CVE-2023-52467, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52481, CVE-2023-52482, CVE-2023-52484, CVE-2023-52486, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52497, CVE-2023-52500, CVE-2023-52501, CVE-2023-52502, CVE-2023-52504, CVE-2023-52507, CVE-2023-52508, CVE-2023-52509, CVE-2023-52510, CVE-2023-52511, CVE-2023-52513, CVE-2023-52515, CVE-2023-52517, CVE-2023-52518, CVE-2023-52519, CVE-2023-52520, CVE-2023-52523, CVE-2023-52524, CVE-2023-52525, CVE-2023-52528, CVE-2023-52529, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52559, CVE-2023-52563, CVE-2023-52564, CVE-2023-52566, CVE-2023-52567, CVE-2023-52569, CVE-2023-52574, CVE-2023-52575, CVE-2023-52576, CVE-2023-52582, CVE-2023-52583, CVE-2023-52587, CVE-2023-52591, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52605, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52612, CVE-2023-52615, CVE-2023-52617, CVE-2023-52619, CVE-2023-52621, CVE-2023-52623, CVE-2023-52628, CVE-2023-52632, CVE-2023-52637, CVE-2023-52639, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-0841, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-25739, CVE-2024-25742, CVE-2024-26599, CVE-2024-26600, CVE-2024-26602, CVE-2024-26607, CVE-2024-26612, CVE-2024-26614, CVE-2024-26620, CVE-2024-26627, CVE-2024-26629, CVE-2024-26642, CVE-2024-26645, CVE-2024-26646, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26664, CVE-2024-26667, CVE-2024-26670, CVE-2024-26695, CVE-2024-26717
Jira References: PED-5759, PED-7167, PED-7618, PED-7619
Maintenance Incident: [SUSE:Maintenance:33466](https://smelt.suse.de/incident/33466/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-source-rt-5.14.21-150500.13.47.1, kernel-livepatch-SLE15-SP5-RT_Update_13-1-150500.11.3.1, kernel-syms-rt-5.14.21-150500.13.47.1
SUSE Linux Enterprise Micro 5.5 (src):
 kernel-source-rt-5.14.21-150500.13.47.1
SUSE Linux Enterprise Live Patching 15-SP5 (src):
 kernel-livepatch-SLE15-SP5-RT_Update_13-1-150500.11.3.1
SUSE Real Time Module 15-SP5 (src):
 kernel-source-rt-5.14.21-150500.13.47.1, kernel-syms-rt-5.14.21-150500.13.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Maintenance Automation 2024-04-30 16:30:44 UTC

SUSE-SU-2024:1480-1: An update that solves 150 vulnerabilities, contains four features and has 32 security fixes can now be installed.

Category: security (important)
Bug References: 1194869, 1200465, 1205316, 1207948, 1209635, 1209657, 1212514, 1213456, 1214852, 1215221, 1215322, 1217339, 1217829, 1217959, 1217987, 1217988, 1217989, 1218321, 1218336, 1218479, 1218562, 1218643, 1218777, 1219169, 1219170, 1219264, 1219443, 1219834, 1220114, 1220176, 1220237, 1220251, 1220320, 1220325, 1220328, 1220337, 1220340, 1220365, 1220366, 1220393, 1220398, 1220411, 1220413, 1220433, 1220439, 1220443, 1220445, 1220466, 1220469, 1220478, 1220482, 1220484, 1220486, 1220487, 1220492, 1220703, 1220735, 1220736, 1220775, 1220790, 1220797, 1220831, 1220833, 1220836, 1220839, 1220840, 1220843, 1220845, 1220848, 1220870, 1220871, 1220872, 1220878, 1220879, 1220883, 1220885, 1220887, 1220898, 1220917, 1220918, 1220920, 1220921, 1220926, 1220927, 1220929, 1220930, 1220931, 1220932, 1220933, 1220937, 1220938, 1220940, 1220954, 1220955, 1220959, 1220960, 1220961, 1220965, 1220969, 1220978, 1220979, 1220981, 1220982, 1220983, 1220985, 1220986, 1220987, 1220989, 1220990, 1221009, 1221012, 1221015, 1221022, 1221039, 1221040, 1221044, 1221045, 1221046, 1221048, 1221055, 1221056, 1221058, 1221060, 1221061, 1221062, 1221066, 1221067, 1221068, 1221069, 1221070, 1221071, 1221077, 1221082, 1221090, 1221097, 1221156, 1221252, 1221273, 1221274, 1221276, 1221277, 1221291, 1221293, 1221298, 1221337, 1221338, 1221375, 1221379, 1221551, 1221553, 1221613, 1221614, 1221616, 1221618, 1221631, 1221633, 1221713, 1221725, 1221777, 1221814, 1221816, 1221830, 1221951, 1222033, 1222056, 1222060, 1222070, 1222073, 1222117, 1222274, 1222291, 1222300, 1222304, 1222317, 1222331, 1222355, 1222356, 1222360, 1222366, 1222373, 1222619, 1222952
CVE References: CVE-2021-46925, CVE-2021-46926, CVE-2021-46927, CVE-2021-46929, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46934, CVE-2021-46936, CVE-2021-47082, CVE-2021-47083, CVE-2021-47087, CVE-2021-47091, CVE-2021-47093, CVE-2021-47094, CVE-2021-47095, CVE-2021-47096, CVE-2021-47097, CVE-2021-47098, CVE-2021-47099, CVE-2021-47100, CVE-2021-47101, CVE-2021-47102, CVE-2021-47104, CVE-2021-47105, CVE-2021-47107, CVE-2021-47108, CVE-2022-4744, CVE-2022-48626, CVE-2022-48627, CVE-2022-48628, CVE-2022-48629, CVE-2022-48630, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-4881, CVE-2023-52447, CVE-2023-52450, CVE-2023-52453, CVE-2023-52454, CVE-2023-52462, CVE-2023-52463, CVE-2023-52467, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52481, CVE-2023-52482, CVE-2023-52484, CVE-2023-52486, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52497, CVE-2023-52500, CVE-2023-52501, CVE-2023-52502, CVE-2023-52504, CVE-2023-52507, CVE-2023-52508, CVE-2023-52509, CVE-2023-52510, CVE-2023-52511, CVE-2023-52513, CVE-2023-52515, CVE-2023-52517, CVE-2023-52518, CVE-2023-52519, CVE-2023-52520, CVE-2023-52523, CVE-2023-52524, CVE-2023-52525, CVE-2023-52528, CVE-2023-52529, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52559, CVE-2023-52563, CVE-2023-52564, CVE-2023-52566, CVE-2023-52567, CVE-2023-52569, CVE-2023-52574, CVE-2023-52575, CVE-2023-52576, CVE-2023-52582, CVE-2023-52583, CVE-2023-52587, CVE-2023-52591, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52605, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52612, CVE-2023-52615, CVE-2023-52617, CVE-2023-52619, CVE-2023-52621, CVE-2023-52623, CVE-2023-52628, CVE-2023-52632, CVE-2023-52637, CVE-2023-52639, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-0841, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-25739, CVE-2024-25742, CVE-2024-25743, CVE-2024-26599, CVE-2024-26600, CVE-2024-26602, CVE-2024-26607, CVE-2024-26612, CVE-2024-26614, CVE-2024-26620, CVE-2024-26627, CVE-2024-26629, CVE-2024-26642, CVE-2024-26645, CVE-2024-26646, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26664, CVE-2024-26667, CVE-2024-26670, CVE-2024-26695, CVE-2024-26717
Jira References: PED-5759, PED-7167, PED-7618, PED-7619
Maintenance Incident: [SUSE:Maintenance:33310](https://smelt.suse.de/incident/33310/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-default-base-5.14.21-150500.55.59.1.150500.6.25.7, kernel-livepatch-SLE15-SP5_Update_12-1-150500.11.7.1, kernel-syms-5.14.21-150500.55.59.1, kernel-obs-qa-5.14.21-150500.55.59.1, kernel-source-5.14.21-150500.55.59.1, kernel-obs-build-5.14.21-150500.55.59.1
SUSE Linux Enterprise Micro 5.5 (src):
 kernel-default-base-5.14.21-150500.55.59.1.150500.6.25.7
Basesystem Module 15-SP5 (src):
 kernel-default-base-5.14.21-150500.55.59.1.150500.6.25.7, kernel-source-5.14.21-150500.55.59.1
Development Tools Module 15-SP5 (src):
 kernel-syms-5.14.21-150500.55.59.1, kernel-source-5.14.21-150500.55.59.1, kernel-obs-build-5.14.21-150500.55.59.1
SUSE Linux Enterprise Live Patching 15-SP5 (src):
 kernel-livepatch-SLE15-SP5_Update_12-1-150500.11.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Takashi Iwai 2024-05-02 10:24:24 UTC

The architecture (sh) isn't enabled on any SLE releases, hence we are unaffected.
Reassigned back to security team.

Comment 23 Maintenance Automation 2024-05-03 08:30:36 UTC

SUSE-SU-2024:1490-1: An update that solves 183 vulnerabilities, contains three features and has 38 security fixes can now be installed.

Category: security (important)
Bug References: 1177529, 1192145, 1194869, 1200465, 1205316, 1207948, 1209635, 1209657, 1212514, 1213456, 1214852, 1215221, 1215322, 1217339, 1217829, 1217959, 1217987, 1217988, 1217989, 1218321, 1218336, 1218479, 1218643, 1218777, 1219126, 1219169, 1219170, 1219264, 1219834, 1220114, 1220176, 1220237, 1220251, 1220320, 1220337, 1220340, 1220365, 1220366, 1220398, 1220411, 1220413, 1220439, 1220443, 1220445, 1220466, 1220478, 1220482, 1220484, 1220486, 1220487, 1220492, 1220703, 1220775, 1220790, 1220797, 1220831, 1220833, 1220836, 1220839, 1220840, 1220843, 1220870, 1220871, 1220872, 1220878, 1220879, 1220883, 1220885, 1220887, 1220898, 1220901, 1220915, 1220918, 1220920, 1220921, 1220926, 1220927, 1220929, 1220932, 1220935, 1220937, 1220938, 1220940, 1220954, 1220955, 1220959, 1220960, 1220961, 1220965, 1220969, 1220978, 1220979, 1220981, 1220982, 1220983, 1220985, 1220986, 1220987, 1220989, 1220990, 1221009, 1221012, 1221015, 1221022, 1221039, 1221040, 1221044, 1221045, 1221046, 1221048, 1221055, 1221056, 1221058, 1221060, 1221061, 1221062, 1221066, 1221067, 1221068, 1221069, 1221070, 1221071, 1221077, 1221082, 1221090, 1221097, 1221156, 1221162, 1221252, 1221273, 1221274, 1221276, 1221277, 1221291, 1221293, 1221298, 1221337, 1221338, 1221375, 1221379, 1221551, 1221553, 1221613, 1221614, 1221616, 1221618, 1221631, 1221633, 1221713, 1221725, 1221777, 1221791, 1221814, 1221816, 1221830, 1221951, 1222011, 1222033, 1222051, 1222056, 1222060, 1222070, 1222073, 1222117, 1222247, 1222266, 1222274, 1222291, 1222300, 1222304, 1222317, 1222331, 1222355, 1222356, 1222360, 1222366, 1222373, 1222416, 1222422, 1222427, 1222428, 1222431, 1222437, 1222445, 1222449, 1222503, 1222520, 1222536, 1222549, 1222550, 1222557, 1222585, 1222586, 1222596, 1222609, 1222610, 1222619, 1222630, 1222632, 1222660, 1222662, 1222664, 1222669, 1222677, 1222678, 1222680, 1222706, 1222720, 1222724, 1222726, 1222727, 1222764, 1222772, 1222781, 1222784, 1222798, 1222801, 1222952, 1223030, 1223067, 1223068
CVE References: CVE-2021-46925, CVE-2021-46926, CVE-2021-46927, CVE-2021-46929, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46936, CVE-2021-47082, CVE-2021-47087, CVE-2021-47091, CVE-2021-47093, CVE-2021-47094, CVE-2021-47095, CVE-2021-47096, CVE-2021-47097, CVE-2021-47098, CVE-2021-47099, CVE-2021-47100, CVE-2021-47101, CVE-2021-47102, CVE-2021-47104, CVE-2021-47105, CVE-2021-47107, CVE-2021-47108, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2022-4744, CVE-2022-48626, CVE-2022-48629, CVE-2022-48630, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-4881, CVE-2023-52447, CVE-2023-52450, CVE-2023-52453, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52481, CVE-2023-52484, CVE-2023-52486, CVE-2023-52488, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52497, CVE-2023-52500, CVE-2023-52501, CVE-2023-52502, CVE-2023-52503, CVE-2023-52504, CVE-2023-52507, CVE-2023-52508, CVE-2023-52509, CVE-2023-52510, CVE-2023-52511, CVE-2023-52513, CVE-2023-52515, CVE-2023-52517, CVE-2023-52518, CVE-2023-52519, CVE-2023-52520, CVE-2023-52523, CVE-2023-52524, CVE-2023-52525, CVE-2023-52528, CVE-2023-52529, CVE-2023-52532, CVE-2023-52561, CVE-2023-52563, CVE-2023-52564, CVE-2023-52566, CVE-2023-52567, CVE-2023-52569, CVE-2023-52574, CVE-2023-52575, CVE-2023-52576, CVE-2023-52582, CVE-2023-52583, CVE-2023-52587, CVE-2023-52591, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52605, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52612, CVE-2023-52615, CVE-2023-52617, CVE-2023-52619, CVE-2023-52621, CVE-2023-52623, CVE-2023-52627, CVE-2023-52628, CVE-2023-52632, CVE-2023-52636, CVE-2023-52637, CVE-2023-52639, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-0841, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-23850, CVE-2024-25739, CVE-2024-25742, CVE-2024-26599, CVE-2024-26600, CVE-2024-26602, CVE-2024-26612, CVE-2024-26614, CVE-2024-26620, CVE-2024-26627, CVE-2024-26629, CVE-2024-26642, CVE-2024-26645, CVE-2024-26646, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26660, CVE-2024-26664, CVE-2024-26667, CVE-2024-26670, CVE-2024-26680, CVE-2024-26681, CVE-2024-26684, CVE-2024-26685, CVE-2024-26689, CVE-2024-26695, CVE-2024-26696, CVE-2024-26697, CVE-2024-26704, CVE-2024-26717, CVE-2024-26718, CVE-2024-26722, CVE-2024-26727, CVE-2024-26733, CVE-2024-26736, CVE-2024-26737, CVE-2024-26743, CVE-2024-26744, CVE-2024-26745, CVE-2024-26747, CVE-2024-26749, CVE-2024-26751, CVE-2024-26754, CVE-2024-26760, CVE-2024-26763, CVE-2024-26766, CVE-2024-26769, CVE-2024-26771, CVE-2024-26776, CVE-2024-26779, CVE-2024-26787, CVE-2024-26790, CVE-2024-26793, CVE-2024-26798, CVE-2024-26805, CVE-2024-26807, CVE-2024-26848
Jira References: PED-5759, PED-7167, PED-7619
Maintenance Incident: [SUSE:Maintenance:33538](https://smelt.suse.de/incident/33538/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-source-azure-5.14.21-150500.33.48.1, kernel-syms-azure-5.14.21-150500.33.48.1
Public Cloud Module 15-SP5 (src):
 kernel-source-azure-5.14.21-150500.33.48.1, kernel-syms-azure-5.14.21-150500.33.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 36 Maintenance Automation 2024-06-21 12:30:59 UTC

SUSE-SU-2024:2135-1: An update that solves 428 vulnerabilities, contains 15 features and has 78 security fixes can now be installed.

Category: security (important)
Bug References: 1012628, 1065729, 1181674, 1187716, 1193599, 1194869, 1207948, 1208593, 1209657, 1213573, 1214852, 1215199, 1216196, 1216358, 1216702, 1217169, 1217384, 1217408, 1217489, 1217750, 1217959, 1218205, 1218336, 1218447, 1218562, 1218779, 1218917, 1219104, 1219170, 1219596, 1219623, 1219834, 1220021, 1220045, 1220120, 1220148, 1220328, 1220342, 1220428, 1220430, 1220569, 1220587, 1220738, 1220783, 1220915, 1221044, 1221276, 1221293, 1221303, 1221375, 1221504, 1221612, 1221615, 1221635, 1221645, 1221649, 1221765, 1221777, 1221783, 1221816, 1221829, 1221830, 1221858, 1222115, 1222173, 1222264, 1222273, 1222294, 1222301, 1222303, 1222304, 1222307, 1222357, 1222366, 1222368, 1222371, 1222378, 1222379, 1222385, 1222422, 1222426, 1222428, 1222437, 1222445, 1222459, 1222464, 1222489, 1222522, 1222525, 1222527, 1222531, 1222532, 1222549, 1222550, 1222557, 1222559, 1222563, 1222585, 1222586, 1222596, 1222606, 1222608, 1222613, 1222615, 1222618, 1222622, 1222624, 1222627, 1222630, 1222635, 1222721, 1222727, 1222769, 1222771, 1222772, 1222775, 1222777, 1222780, 1222782, 1222793, 1222799, 1222801, 1222968, 1223007, 1223011, 1223015, 1223016, 1223020, 1223023, 1223024, 1223030, 1223033, 1223034, 1223035, 1223038, 1223039, 1223041, 1223045, 1223046, 1223051, 1223052, 1223058, 1223060, 1223061, 1223076, 1223077, 1223084, 1223111, 1223113, 1223138, 1223143, 1223187, 1223189, 1223190, 1223191, 1223198, 1223202, 1223285, 1223315, 1223338, 1223369, 1223380, 1223384, 1223390, 1223439, 1223462, 1223532, 1223539, 1223575, 1223590, 1223591, 1223592, 1223593, 1223625, 1223628, 1223629, 1223633, 1223634, 1223637, 1223641, 1223643, 1223649, 1223650, 1223651, 1223652, 1223653, 1223654, 1223655, 1223660, 1223661, 1223663, 1223664, 1223665, 1223666, 1223668, 1223669, 1223670, 1223671, 1223675, 1223677, 1223678, 1223686, 1223692, 1223693, 1223695, 1223696, 1223698, 1223705, 1223712, 1223718, 1223728, 1223732, 1223735, 1223739, 1223741, 1223744, 1223745, 1223747, 1223748, 1223749, 1223750, 1223752, 1223754, 1223757, 1223759, 1223761, 1223762, 1223774, 1223782, 1223787, 1223788, 1223789, 1223790, 1223802, 1223805, 1223810, 1223822, 1223827, 1223831, 1223834, 1223838, 1223869, 1223870, 1223871, 1223872, 1223874, 1223944, 1223945, 1223946, 1223991, 1224076, 1224096, 1224098, 1224099, 1224137, 1224166, 1224174, 1224177, 1224180, 1224181, 1224331, 1224348, 1224423, 1224429, 1224430, 1224432, 1224433, 1224437, 1224438, 1224442, 1224443, 1224445, 1224449, 1224477, 1224479, 1224480, 1224481, 1224482, 1224486, 1224487, 1224488, 1224491, 1224492, 1224493, 1224494, 1224495, 1224500, 1224501, 1224502, 1224504, 1224505, 1224506, 1224507, 1224508, 1224509, 1224511, 1224513, 1224517, 1224519, 1224521, 1224524, 1224525, 1224526, 1224530, 1224531, 1224534, 1224537, 1224541, 1224542, 1224543, 1224546, 1224550, 1224552, 1224553, 1224555, 1224557, 1224558, 1224559, 1224562, 1224565, 1224566, 1224567, 1224568, 1224569, 1224571, 1224573, 1224576, 1224577, 1224578, 1224579, 1224580, 1224581, 1224582, 1224585, 1224586, 1224587, 1224588, 1224592, 1224596, 1224598, 1224600, 1224601, 1224602, 1224603, 1224605, 1224607, 1224608, 1224609, 1224611, 1224613, 1224615, 1224617, 1224618, 1224620, 1224621, 1224622, 1224623, 1224624, 1224626, 1224627, 1224628, 1224629, 1224630, 1224632, 1224633, 1224634, 1224636, 1224637, 1224638, 1224639, 1224640, 1224643, 1224644, 1224645, 1224646, 1224647, 1224648, 1224649, 1224650, 1224651, 1224652, 1224653, 1224654, 1224657, 1224660, 1224663, 1224664, 1224665, 1224666, 1224667, 1224668, 1224671, 1224672, 1224674, 1224675, 1224676, 1224677, 1224678, 1224679, 1224680, 1224681, 1224682, 1224683, 1224685, 1224686, 1224687, 1224688, 1224692, 1224696, 1224697, 1224699, 1224701, 1224703, 1224704, 1224705, 1224706, 1224707, 1224709, 1224710, 1224712, 1224714, 1224716, 1224717, 1224718, 1224719, 1224720, 1224721, 1224722, 1224723, 1224725, 1224727, 1224728, 1224729, 1224730, 1224731, 1224732, 1224733, 1224736, 1224738, 1224739, 1224740, 1224741, 1224742, 1224747, 1224749, 1224763, 1224764, 1224765, 1224766, 1224790, 1224792, 1224793, 1224803, 1224804, 1224866, 1224936, 1224989, 1225007, 1225053, 1225133, 1225134, 1225136, 1225172, 1225502, 1225578, 1225579, 1225580, 1225593, 1225605, 1225607, 1225610, 1225616, 1225618, 1225640, 1225642, 1225692, 1225694, 1225695, 1225696, 1225698, 1225699, 1225704, 1225705, 1225708, 1225710, 1225712, 1225714, 1225715, 1225720, 1225722, 1225728, 1225734, 1225735, 1225736, 1225747, 1225748, 1225749, 1225750, 1225756, 1225765, 1225766, 1225769, 1225773, 1225775, 1225842, 1225945
CVE References: CVE-2023-0160, CVE-2023-47233, CVE-2023-52434, CVE-2023-52458, CVE-2023-52463, CVE-2023-52472, CVE-2023-52483, CVE-2023-52492, CVE-2023-52503, CVE-2023-52591, CVE-2023-52608, CVE-2023-52616, CVE-2023-52618, CVE-2023-52631, CVE-2023-52635, CVE-2023-52640, CVE-2023-52641, CVE-2023-52645, CVE-2023-52652, CVE-2023-52653, CVE-2023-52654, CVE-2023-52655, CVE-2023-52657, CVE-2023-52658, CVE-2023-52659, CVE-2023-52660, CVE-2023-52661, CVE-2023-52662, CVE-2023-52663, CVE-2023-52664, CVE-2023-52667, CVE-2023-52669, CVE-2023-52670, CVE-2023-52671, CVE-2023-52673, CVE-2023-52674, CVE-2023-52675, CVE-2023-52676, CVE-2023-52678, CVE-2023-52679, CVE-2023-52680, CVE-2023-52681, CVE-2023-52683, CVE-2023-52685, CVE-2023-52686, CVE-2023-52687, CVE-2023-52690, CVE-2023-52691, CVE-2023-52692, CVE-2023-52693, CVE-2023-52694, CVE-2023-52695, CVE-2023-52696, CVE-2023-52697, CVE-2023-52698, CVE-2023-52771, CVE-2023-52772, CVE-2023-52860, CVE-2023-52882, CVE-2023-6238, CVE-2023-6270, CVE-2023-6531, CVE-2023-7042, CVE-2024-0639, CVE-2024-21823, CVE-2024-22099, CVE-2024-23848, CVE-2024-24861, CVE-2024-25739, CVE-2024-26601, CVE-2024-26611, CVE-2024-26614, CVE-2024-26632, CVE-2024-26638, CVE-2024-26642, CVE-2024-26643, CVE-2024-26652, CVE-2024-26654, CVE-2024-26656, CVE-2024-26657, CVE-2024-26671, CVE-2024-26673, CVE-2024-26674, CVE-2024-26675, CVE-2024-26679, CVE-2024-26684, CVE-2024-26685, CVE-2024-26692, CVE-2024-26696, CVE-2024-26697, CVE-2024-26704, CVE-2024-26714, CVE-2024-26726, CVE-2024-26731, CVE-2024-26733, CVE-2024-26736, CVE-2024-26737, CVE-2024-26739, CVE-2024-26740, CVE-2024-26742, CVE-2024-26756, CVE-2024-26757, CVE-2024-26760, CVE-2024-267600, CVE-2024-26761, CVE-2024-26764, CVE-2024-26769, CVE-2024-26772, CVE-2024-26773, CVE-2024-26774, CVE-2024-26775, CVE-2024-26779, CVE-2024-26783, CVE-2024-26786, CVE-2024-26791, CVE-2024-26793, CVE-2024-26794, CVE-2024-26802, CVE-2024-26805, CVE-2024-26807, CVE-2024-26815, CVE-2024-26816, CVE-2024-26822, CVE-2024-26828, CVE-2024-26832, CVE-2024-26836, CVE-2024-26844, CVE-2024-26846, CVE-2024-26848, CVE-2024-26853, CVE-2024-26854, CVE-2024-26855, CVE-2024-26856, CVE-2024-26857, CVE-2024-26858, CVE-2024-26860, CVE-2024-26861, CVE-2024-26862, CVE-2024-26866, CVE-2024-26868, CVE-2024-26870, CVE-2024-26878, CVE-2024-26881, CVE-2024-26882, CVE-2024-26883, CVE-2024-26884, CVE-2024-26885, CVE-2024-26898, CVE-2024-26899, CVE-2024-26900, CVE-2024-26901, CVE-2024-26903, CVE-2024-26906, CVE-2024-26909, CVE-2024-26921, CVE-2024-26922, CVE-2024-26923, CVE-2024-26925, CVE-2024-26928, CVE-2024-26932, CVE-2024-26933, CVE-2024-26934, CVE-2024-26935, CVE-2024-26937, CVE-2024-26938, CVE-2024-26940, CVE-2024-26943, CVE-2024-26945, CVE-2024-26946, CVE-2024-26948, CVE-2024-26949, CVE-2024-26950, CVE-2024-26951, CVE-2024-26956, CVE-2024-26957, CVE-2024-26958, CVE-2024-26960, CVE-2024-26961, CVE-2024-26962, CVE-2024-26963, CVE-2024-26964, CVE-2024-26972, CVE-2024-26973, CVE-2024-26978, CVE-2024-26979, CVE-2024-26981, CVE-2024-26982, CVE-2024-26983, CVE-2024-26984, CVE-2024-26986, CVE-2024-26988, CVE-2024-26989, CVE-2024-26990, CVE-2024-26991, CVE-2024-26992, CVE-2024-26993, CVE-2024-26994, CVE-2024-26995, CVE-2024-26996, CVE-2024-26997, CVE-2024-26999, CVE-2024-27000, CVE-2024-27001, CVE-2024-27002, CVE-2024-27003, CVE-2024-27004, CVE-2024-27008, CVE-2024-27013, CVE-2024-27014, CVE-2024-27022, CVE-2024-27027, CVE-2024-27028, CVE-2024-27029, CVE-2024-27030, CVE-2024-27031, CVE-2024-27036, CVE-2024-27046, CVE-2024-27056, CVE-2024-27057, CVE-2024-27062, CVE-2024-27067, CVE-2024-27080, CVE-2024-27388, CVE-2024-27389, CVE-2024-27393, CVE-2024-27395, CVE-2024-27396, CVE-2024-27398, CVE-2024-27399, CVE-2024-27400, CVE-2024-27401, CVE-2024-27405, CVE-2024-27408, CVE-2024-27410, CVE-2024-27411, CVE-2024-27412, CVE-2024-27413, CVE-2024-27416, CVE-2024-27417, CVE-2024-27418, CVE-2024-27431, CVE-2024-27432, CVE-2024-27434, CVE-2024-27435, CVE-2024-27436, CVE-2024-35784, CVE-2024-35786, CVE-2024-35788, CVE-2024-35789, CVE-2024-35790, CVE-2024-35791, CVE-2024-35794, CVE-2024-35795, CVE-2024-35796, CVE-2024-35799, CVE-2024-35800, CVE-2024-35801, CVE-2024-35803, CVE-2024-35804, CVE-2024-35806, CVE-2024-35808, CVE-2024-35809, CVE-2024-35810, CVE-2024-35811, CVE-2024-35812, CVE-2024-35813, CVE-2024-35814, CVE-2024-35815, CVE-2024-35817, CVE-2024-35819, CVE-2024-35821, CVE-2024-35822, CVE-2024-35823, CVE-2024-35824, CVE-2024-35825, CVE-2024-35828, CVE-2024-35829, CVE-2024-35830, CVE-2024-35833, CVE-2024-35834, CVE-2024-35835, CVE-2024-35836, CVE-2024-35837, CVE-2024-35838, CVE-2024-35841, CVE-2024-35842, CVE-2024-35845, CVE-2024-35847, CVE-2024-35849, CVE-2024-35850, CVE-2024-35851, CVE-2024-35852, CVE-2024-35854, CVE-2024-35860, CVE-2024-35861, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35866, CVE-2024-35867, CVE-2024-35868, CVE-2024-35869, CVE-2024-35870, CVE-2024-35872, CVE-2024-35875, CVE-2024-35877, CVE-2024-35878, CVE-2024-35879, CVE-2024-35883, CVE-2024-35885, CVE-2024-35887, CVE-2024-35889, CVE-2024-35891, CVE-2024-35895, CVE-2024-35901, CVE-2024-35903, CVE-2024-35904, CVE-2024-35905, CVE-2024-35907, CVE-2024-35909, CVE-2024-35911, CVE-2024-35912, CVE-2024-35914, CVE-2024-35915, CVE-2024-35916, CVE-2024-35917, CVE-2024-35921, CVE-2024-35922, CVE-2024-35924, CVE-2024-35927, CVE-2024-35928, CVE-2024-35930, CVE-2024-35931, CVE-2024-35932, CVE-2024-35933, CVE-2024-35935, CVE-2024-35936, CVE-2024-35937, CVE-2024-35938, CVE-2024-35940, CVE-2024-35943, CVE-2024-35944, CVE-2024-35945, CVE-2024-35946, CVE-2024-35947, CVE-2024-35950, CVE-2024-35951, CVE-2024-35952, CVE-2024-35953, CVE-2024-35954, CVE-2024-35955, CVE-2024-35956, CVE-2024-35958, CVE-2024-35959, CVE-2024-35960, CVE-2024-35961, CVE-2024-35963, CVE-2024-35964, CVE-2024-35965, CVE-2024-35966, CVE-2024-35967, CVE-2024-35969, CVE-2024-35971, CVE-2024-35972, CVE-2024-35973, CVE-2024-35974, CVE-2024-35975, CVE-2024-35977, CVE-2024-35978, CVE-2024-35981, CVE-2024-35982, CVE-2024-35984, CVE-2024-35986, CVE-2024-35989, CVE-2024-35990, CVE-2024-35991, CVE-2024-35992, CVE-2024-35995, CVE-2024-35997, CVE-2024-35999, CVE-2024-36002, CVE-2024-36006, CVE-2024-36007, CVE-2024-36009, CVE-2024-36011, CVE-2024-36012, CVE-2024-36013, CVE-2024-36014, CVE-2024-36015, CVE-2024-36016, CVE-2024-36018, CVE-2024-36019, CVE-2024-36020, CVE-2024-36021, CVE-2024-36025, CVE-2024-36026, CVE-2024-36029, CVE-2024-36030, CVE-2024-36032, CVE-2024-36880, CVE-2024-36885, CVE-2024-36890, CVE-2024-36891, CVE-2024-36893, CVE-2024-36894, CVE-2024-36895, CVE-2024-36896, CVE-2024-36897, CVE-2024-36898, CVE-2024-36906, CVE-2024-36918, CVE-2024-36921, CVE-2024-36922, CVE-2024-36928, CVE-2024-36930, CVE-2024-36931, CVE-2024-36936, CVE-2024-36940, CVE-2024-36941, CVE-2024-36942, CVE-2024-36944, CVE-2024-36947, CVE-2024-36949, CVE-2024-36950, CVE-2024-36951, CVE-2024-36955, CVE-2024-36959
Jira References: PED-3184, PED-3311, PED-3535, PED-4486, PED-4593, PED-5062, PED-542, PED-5728, PED-5853, PED-6079, PED-6252, PED-7542, PED-7619, PED-8111, PED-8240
Maintenance Incident: [SUSE:Maintenance:34127](https://smelt.suse.de/incident/34127/)
Sources used:
openSUSE Leap 15.6 (src):
 kernel-syms-azure-6.4.0-150600.8.5.1, kernel-source-azure-6.4.0-150600.8.5.4
Public Cloud Module 15-SP6 (src):
 kernel-syms-azure-6.4.0-150600.8.5.1, kernel-source-azure-6.4.0-150600.8.5.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.