1222662 – (CVE-2021-47182) VUL-0: CVE-2021-47182: kernel: scsi: core: Fix scsi_mode_sense() buffer length handling

Bug 1222662 (CVE-2021-47182) - VUL-0: CVE-2021-47182: kernel: scsi: core: Fix scsi_mode_sense() buffer length handling

Summary: VUL-0: CVE-2021-47182: kernel: scsi: core: Fix scsi_mode_sense() buffer lengt...

Status:	IN_PROGRESS

Alias:	CVE-2021-47182

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Martin Wilck
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/401330/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-47182:5.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-04-11 07:52 UTC by SMASH SMASH
Modified:	2024-06-13 13:32 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-04-11 07:52:21 UTC

In the Linux kernel, the following vulnerability has been resolved:

scsi: core: Fix scsi_mode_sense() buffer length handling

Several problems exist with scsi_mode_sense() buffer length handling:

 1) The allocation length field of the MODE SENSE(10) command is 16-bits,
    occupying bytes 7 and 8 of the CDB. With this command, access to mode
    pages larger than 255 bytes is thus possible. However, the CDB
    allocation length field is set by assigning len to byte 8 only, thus
    truncating buffer length larger than 255.

 2) If scsi_mode_sense() is called with len smaller than 8 with
    sdev->use_10_for_ms set, or smaller than 4 otherwise, the buffer length
    is increased to 8 and 4 respectively, and the buffer is zero filled
    with these increased values, thus corrupting the memory following the
    buffer.

Fix these 2 problems by using put_unaligned_be16() to set the allocation
length field of MODE SENSE(10) CDB and by returning an error when len is
too small.

Furthermore, if len is larger than 255B, always try MODE SENSE(10) first,
even if the device driver did not set sdev->use_10_for_ms. In case of
invalid opcode error for MODE SENSE(10), access to mode pages larger than
255 bytes are not retried using MODE SENSE(6). To avoid buffer length
overflows for the MODE_SENSE(10) case, check that len is smaller than 65535
bytes.

While at it, also fix the folowing:

 * Use get_unaligned_be16() to retrieve the mode data length and block
   descriptor length fields of the mode sense reply header instead of using
   an open coded calculation.

 * Fix the kdoc dbd argument explanation: the DBD bit stands for Disable
   Block Descriptor, which is the opposite of what the dbd argument
   description was.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47182
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47182.mbox
https://git.kernel.org/stable/c/e15de347faf4a9f494cbd4e9a623d343dc1b5851
https://git.kernel.org/stable/c/17b49bcbf8351d3dbe57204468ac34f033ed60bc
https://www.cve.org/CVERecord?id=CVE-2021-47182

Comment 2 Hannes Reinecke 2024-04-12 12:31:26 UTC

Martin, can you have a look here?

Comment 3 Martin Wilck 2024-04-12 16:13:12 UTC

Upstream 5.16 and stable/5.15.y

As Michal noted, included in cve/linux-5.14-LTSS

SLE12-SP5 tbd

For cve/linux-5.3, it can be backported with minor changes; in particular, 5.3 is missing commit 8793613de913 ("scsi: core: Fixup calling convention for scsi_mode_sense()").

Callers of scsi_mode_sense() in cve/linux-5.3:

*** scsi/scsi_transport_sas.c:
sas_read_port_mode_page[1237]  res = scsi_mode_sense(sdev, 1, 0x19, buffer, BUF_SIZE, 30*HZ, 3,   // BUF_SIZE = 64

*** scsi/sd.c:
cache_type_store[198]          if (scsi_mode_sense(sdp, 0x08, 8, buffer, sizeof(buffer), SD_TIMEOUT,   // sizeof(buffer) = 64

sd_do_mode_sense[2581]         return scsi_mode_sense(sdp, dbd, modepage, buffer, len,   // see below
sd_read_app_tag_own[2839]      res = scsi_mode_sense(sdp, 1, 0x0a, buffer, 36, SD_TIMEOUT,    // allocated size is 512

*** scsi/sr.c:
get_capabilities[925]          rc = scsi_mode_sense(cd->device, 0, 0x2a, buffer, ms_len,    // ms_len = 128


Callers of sd_do_mode_sense():

*** drivers/scsi/sd.c:
sd_read_write_protect_flag[2605] res = sd_do_mode_sense(sdp, 0, 0x3F, buffer, 192, &data, NULL);
sd_read_write_protect_flag[2612] res = sd_do_mode_sense(sdp, 0, 0x3F, buffer, 4, &data, NULL);
sd_read_write_protect_flag[2621] res = sd_do_mode_sense(sdp, 0, 0, buffer, 4, &data, NULL);
sd_read_write_protect_flag[2627] res = sd_do_mode_sense(sdp, 0, 0x3F, buffer, 255,
sd_read_cache_type[2689]       res = sd_do_mode_sense(sdp, dbd, modepage, buffer, first_len,   // first_len is either 4 or 192
sd_read_cache_type[2721]       res = sd_do_mode_sense(sdp, dbd, modepage, buffer, len,   // 3 <= len < 512 bytes

The size of the allocated buffer in sd_read_write_protect_flag() an dsd_read_cache_type() (passed from sd_revalidate_disk() in both callers) is 512 bytes (SD_BUF_SIZE).

Except for the last caller, the buffer length is always hard-coded in the kernel, and is always between 4 and 255. The allocated size of the passed buffers is always large enough to hold the amount of data requested.

The last caller (sd_read_cache_type[2721]) is the only one that allows an allocation length that doesn't fit in a single byte. The buffer length is taken from drive's response to the first MODE SENSE command. AFAICS, the buffer overflow (2) in the commit description can't happen, as 512 bytes are allocated, and the code never fetches more.  But scsi_mode_sense() may truncate the data because of (1), and thus possibly retrieve broken data. This means that the kernel can misdetect the caching parameters of the drive; I don't think any worse can happen (no endless loop while parsing the data, for example). This can only happen for drives that use MODE SENSE (10) and return more than 255 bytes for mode pages 6, 8, or 3f, respectively.

An actual exploit would require that an attacker modifies the firmware of the (real or virtual) SCSI disk.

I wonder if it makes sense to dispute this CVE on these grounds. I have never attempted to do this so far. The code analysis above is specific to 5.3, other kernels may of course have different callers; proving that this is harmless throughout kernel history is probably more work than doing the backport.

What do you think?

Comment 5 Martin Wilck 2024-04-19 20:39:52 UTC

Backport pushed to my SLE12-SP3-TD and SLE12-SP5 for-next branches.

Nothing to do for active branches, SLE15-SP6 has it anyway, 5.14 based branches will get it from cve-linux-5.14-LTSS. The 5.3 based LTSS branches don't need it because of the low score (although the patch could be easily applied there, too; I can do it if anyone deems it necessary).

Comment 8 Maintenance Automation 2024-05-03 08:30:45 UTC

SUSE-SU-2024:1490-1: An update that solves 183 vulnerabilities, contains three features and has 38 security fixes can now be installed.

Category: security (important)
Bug References: 1177529, 1192145, 1194869, 1200465, 1205316, 1207948, 1209635, 1209657, 1212514, 1213456, 1214852, 1215221, 1215322, 1217339, 1217829, 1217959, 1217987, 1217988, 1217989, 1218321, 1218336, 1218479, 1218643, 1218777, 1219126, 1219169, 1219170, 1219264, 1219834, 1220114, 1220176, 1220237, 1220251, 1220320, 1220337, 1220340, 1220365, 1220366, 1220398, 1220411, 1220413, 1220439, 1220443, 1220445, 1220466, 1220478, 1220482, 1220484, 1220486, 1220487, 1220492, 1220703, 1220775, 1220790, 1220797, 1220831, 1220833, 1220836, 1220839, 1220840, 1220843, 1220870, 1220871, 1220872, 1220878, 1220879, 1220883, 1220885, 1220887, 1220898, 1220901, 1220915, 1220918, 1220920, 1220921, 1220926, 1220927, 1220929, 1220932, 1220935, 1220937, 1220938, 1220940, 1220954, 1220955, 1220959, 1220960, 1220961, 1220965, 1220969, 1220978, 1220979, 1220981, 1220982, 1220983, 1220985, 1220986, 1220987, 1220989, 1220990, 1221009, 1221012, 1221015, 1221022, 1221039, 1221040, 1221044, 1221045, 1221046, 1221048, 1221055, 1221056, 1221058, 1221060, 1221061, 1221062, 1221066, 1221067, 1221068, 1221069, 1221070, 1221071, 1221077, 1221082, 1221090, 1221097, 1221156, 1221162, 1221252, 1221273, 1221274, 1221276, 1221277, 1221291, 1221293, 1221298, 1221337, 1221338, 1221375, 1221379, 1221551, 1221553, 1221613, 1221614, 1221616, 1221618, 1221631, 1221633, 1221713, 1221725, 1221777, 1221791, 1221814, 1221816, 1221830, 1221951, 1222011, 1222033, 1222051, 1222056, 1222060, 1222070, 1222073, 1222117, 1222247, 1222266, 1222274, 1222291, 1222300, 1222304, 1222317, 1222331, 1222355, 1222356, 1222360, 1222366, 1222373, 1222416, 1222422, 1222427, 1222428, 1222431, 1222437, 1222445, 1222449, 1222503, 1222520, 1222536, 1222549, 1222550, 1222557, 1222585, 1222586, 1222596, 1222609, 1222610, 1222619, 1222630, 1222632, 1222660, 1222662, 1222664, 1222669, 1222677, 1222678, 1222680, 1222706, 1222720, 1222724, 1222726, 1222727, 1222764, 1222772, 1222781, 1222784, 1222798, 1222801, 1222952, 1223030, 1223067, 1223068
CVE References: CVE-2021-46925, CVE-2021-46926, CVE-2021-46927, CVE-2021-46929, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46936, CVE-2021-47082, CVE-2021-47087, CVE-2021-47091, CVE-2021-47093, CVE-2021-47094, CVE-2021-47095, CVE-2021-47096, CVE-2021-47097, CVE-2021-47098, CVE-2021-47099, CVE-2021-47100, CVE-2021-47101, CVE-2021-47102, CVE-2021-47104, CVE-2021-47105, CVE-2021-47107, CVE-2021-47108, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2022-4744, CVE-2022-48626, CVE-2022-48629, CVE-2022-48630, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-4881, CVE-2023-52447, CVE-2023-52450, CVE-2023-52453, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52481, CVE-2023-52484, CVE-2023-52486, CVE-2023-52488, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52497, CVE-2023-52500, CVE-2023-52501, CVE-2023-52502, CVE-2023-52503, CVE-2023-52504, CVE-2023-52507, CVE-2023-52508, CVE-2023-52509, CVE-2023-52510, CVE-2023-52511, CVE-2023-52513, CVE-2023-52515, CVE-2023-52517, CVE-2023-52518, CVE-2023-52519, CVE-2023-52520, CVE-2023-52523, CVE-2023-52524, CVE-2023-52525, CVE-2023-52528, CVE-2023-52529, CVE-2023-52532, CVE-2023-52561, CVE-2023-52563, CVE-2023-52564, CVE-2023-52566, CVE-2023-52567, CVE-2023-52569, CVE-2023-52574, CVE-2023-52575, CVE-2023-52576, CVE-2023-52582, CVE-2023-52583, CVE-2023-52587, CVE-2023-52591, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52605, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52612, CVE-2023-52615, CVE-2023-52617, CVE-2023-52619, CVE-2023-52621, CVE-2023-52623, CVE-2023-52627, CVE-2023-52628, CVE-2023-52632, CVE-2023-52636, CVE-2023-52637, CVE-2023-52639, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-0841, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-23850, CVE-2024-25739, CVE-2024-25742, CVE-2024-26599, CVE-2024-26600, CVE-2024-26602, CVE-2024-26612, CVE-2024-26614, CVE-2024-26620, CVE-2024-26627, CVE-2024-26629, CVE-2024-26642, CVE-2024-26645, CVE-2024-26646, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26660, CVE-2024-26664, CVE-2024-26667, CVE-2024-26670, CVE-2024-26680, CVE-2024-26681, CVE-2024-26684, CVE-2024-26685, CVE-2024-26689, CVE-2024-26695, CVE-2024-26696, CVE-2024-26697, CVE-2024-26704, CVE-2024-26717, CVE-2024-26718, CVE-2024-26722, CVE-2024-26727, CVE-2024-26733, CVE-2024-26736, CVE-2024-26737, CVE-2024-26743, CVE-2024-26744, CVE-2024-26745, CVE-2024-26747, CVE-2024-26749, CVE-2024-26751, CVE-2024-26754, CVE-2024-26760, CVE-2024-26763, CVE-2024-26766, CVE-2024-26769, CVE-2024-26771, CVE-2024-26776, CVE-2024-26779, CVE-2024-26787, CVE-2024-26790, CVE-2024-26793, CVE-2024-26798, CVE-2024-26805, CVE-2024-26807, CVE-2024-26848
Jira References: PED-5759, PED-7167, PED-7619
Maintenance Incident: [SUSE:Maintenance:33538](https://smelt.suse.de/incident/33538/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-source-azure-5.14.21-150500.33.48.1, kernel-syms-azure-5.14.21-150500.33.48.1
Public Cloud Module 15-SP5 (src):
 kernel-source-azure-5.14.21-150500.33.48.1, kernel-syms-azure-5.14.21-150500.33.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Maintenance Automation 2024-05-14 16:30:26 UTC

SUSE-SU-2024:1648-1: An update that solves 193 vulnerabilities, contains one feature and has 17 security fixes can now be installed.

Category: security (important)
Bug References: 1084332, 1141539, 1184509, 1186060, 1190317, 1190576, 1192145, 1194516, 1203935, 1209657, 1211592, 1212514, 1213456, 1217339, 1217987, 1217988, 1217989, 1218220, 1218336, 1218479, 1218562, 1219104, 1219169, 1219170, 1219618, 1219623, 1219847, 1220320, 1220366, 1220394, 1220411, 1220416, 1220418, 1220422, 1220442, 1220445, 1220505, 1220521, 1220528, 1220536, 1220538, 1220554, 1220572, 1220580, 1220611, 1220625, 1220628, 1220637, 1220640, 1220662, 1220687, 1220692, 1220703, 1220706, 1220739, 1220742, 1220743, 1220745, 1220751, 1220768, 1220769, 1220777, 1220790, 1220794, 1220829, 1220836, 1220843, 1220846, 1220850, 1220871, 1220927, 1220960, 1220985, 1220987, 1221044, 1221046, 1221048, 1221058, 1221060, 1221061, 1221077, 1221082, 1221088, 1221162, 1221277, 1221293, 1221337, 1221532, 1221541, 1221548, 1221575, 1221605, 1221608, 1221617, 1221791, 1221816, 1221825, 1221830, 1221862, 1221934, 1221949, 1221952, 1221953, 1221965, 1221966, 1221967, 1221969, 1221972, 1221973, 1221977, 1221979, 1221988, 1221991, 1221993, 1221994, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222117, 1222294, 1222300, 1222357, 1222379, 1222422, 1222428, 1222449, 1222503, 1222559, 1222585, 1222609, 1222610, 1222613, 1222618, 1222619, 1222624, 1222630, 1222632, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222677, 1222706, 1222720, 1222765, 1222770, 1222772, 1222787, 1222790, 1222812, 1222836, 1222869, 1222876, 1222878, 1222881, 1222883, 1222888, 1222952, 1222961, 1222975, 1222976, 1223016, 1223035, 1223049, 1223051, 1223057, 1223058, 1223060, 1223187, 1223189, 1223198, 1223203, 1223315, 1223432, 1223509, 1223512, 1223513, 1223516, 1223518, 1223626, 1223627, 1223664, 1223686, 1223693, 1223712, 1223715, 1223735, 1223744, 1223745, 1223770, 1223781, 1223819, 1223824, 1223827, 1223837, 1223842, 1223843, 1223844, 1223883, 1223885, 1223921, 1223941, 1223952, 1223953, 1223954
CVE References: CVE-2019-25160, CVE-2020-36312, CVE-2021-23134, CVE-2021-46904, CVE-2021-46905, CVE-2021-46907, CVE-2021-46909, CVE-2021-46938, CVE-2021-46939, CVE-2021-46941, CVE-2021-46950, CVE-2021-46958, CVE-2021-46960, CVE-2021-46963, CVE-2021-46964, CVE-2021-46966, CVE-2021-46975, CVE-2021-46981, CVE-2021-46988, CVE-2021-46990, CVE-2021-46998, CVE-2021-47006, CVE-2021-47015, CVE-2021-47024, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47055, CVE-2021-47056, CVE-2021-47060, CVE-2021-47061, CVE-2021-47063, CVE-2021-47068, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47100, CVE-2021-47101, CVE-2021-47104, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47138, CVE-2021-47141, CVE-2021-47142, CVE-2021-47143, CVE-2021-47146, CVE-2021-47149, CVE-2021-47150, CVE-2021-47153, CVE-2021-47159, CVE-2021-47161, CVE-2021-47162, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47171, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47188, CVE-2021-47189, CVE-2021-47198, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47207, CVE-2021-47211, CVE-2021-47216, CVE-2021-47217, CVE-2022-0487, CVE-2022-48619, CVE-2022-48626, CVE-2022-48636, CVE-2022-48650, CVE-2022-48651, CVE-2022-48667, CVE-2022-48668, CVE-2022-48687, CVE-2022-48688, CVE-2022-48695, CVE-2022-48701, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52486, CVE-2023-52488, CVE-2023-52509, CVE-2023-52515, CVE-2023-52524, CVE-2023-52528, CVE-2023-52575, CVE-2023-52583, CVE-2023-52587, CVE-2023-52590, CVE-2023-52591, CVE-2023-52595, CVE-2023-52598, CVE-2023-52607, CVE-2023-52614, CVE-2023-52620, CVE-2023-52628, CVE-2023-52635, CVE-2023-52639, CVE-2023-52644, CVE-2023-52646, CVE-2023-52650, CVE-2023-52652, CVE-2023-52653, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-24855, CVE-2024-24861, CVE-2024-26614, CVE-2024-26642, CVE-2024-26651, CVE-2024-26671, CVE-2024-26675, CVE-2024-26689, CVE-2024-26704, CVE-2024-26733, CVE-2024-26739, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26754, CVE-2024-26763, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26793, CVE-2024-26805, CVE-2024-26816, CVE-2024-26817, CVE-2024-26839, CVE-2024-26840, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857, CVE-2024-26859, CVE-2024-26878, CVE-2024-26883, CVE-2024-26884, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26907, CVE-2024-26922, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26948, CVE-2024-26993, CVE-2024-27013, CVE-2024-27014, CVE-2024-27043, CVE-2024-27046, CVE-2024-27054, CVE-2024-27072, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27078, CVE-2024-27388
Jira References: PED-5759
Maintenance Incident: [SUSE:Maintenance:33233](https://smelt.suse.de/incident/33233/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_55-1-8.11.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.212.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-source-4.12.14-122.212.1, kernel-syms-4.12.14-122.212.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-source-4.12.14-122.212.1, kernel-syms-4.12.14-122.212.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-source-4.12.14-122.212.1, kernel-syms-4.12.14-122.212.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Maintenance Automation 2024-05-14 16:30:48 UTC

SUSE-SU-2024:1647-1: An update that solves 87 vulnerabilities and has 12 security fixes can now be installed.

Category: security (important)
Bug References: 1190576, 1192145, 1192354, 1192837, 1193629, 1203906, 1203935, 1204614, 1206881, 1209657, 1215221, 1216223, 1218336, 1218479, 1218562, 1219104, 1219126, 1219169, 1219170, 1219264, 1220342, 1220703, 1220761, 1220883, 1221044, 1221061, 1221088, 1221293, 1221299, 1221612, 1221830, 1222117, 1222422, 1222430, 1222435, 1222482, 1222503, 1222536, 1222559, 1222585, 1222618, 1222624, 1222660, 1222662, 1222664, 1222666, 1222671, 1222703, 1222704, 1222706, 1222709, 1222721, 1222726, 1222773, 1222776, 1222785, 1222787, 1222790, 1222791, 1222792, 1222796, 1222824, 1222829, 1222832, 1222836, 1222838, 1222866, 1222867, 1222869, 1222876, 1222878, 1222879, 1222881, 1222883, 1222888, 1222894, 1222901, 1223016, 1223187, 1223380, 1223474, 1223475, 1223477, 1223479, 1223482, 1223484, 1223487, 1223503, 1223505, 1223509, 1223513, 1223516, 1223517, 1223518, 1223519, 1223522, 1223523, 1223705, 1223824
CVE References: CVE-2021-47047, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47187, CVE-2021-47188, CVE-2021-47189, CVE-2021-47191, CVE-2021-47192, CVE-2021-47193, CVE-2021-47194, CVE-2021-47195, CVE-2021-47196, CVE-2021-47197, CVE-2021-47198, CVE-2021-47199, CVE-2021-47200, CVE-2021-47201, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47206, CVE-2021-47207, CVE-2021-47209, CVE-2021-47210, CVE-2021-47211, CVE-2021-47212, CVE-2021-47215, CVE-2021-47216, CVE-2021-47217, CVE-2021-47218, CVE-2021-47219, CVE-2022-48631, CVE-2022-48637, CVE-2022-48638, CVE-2022-48647, CVE-2022-48648, CVE-2022-48650, CVE-2022-48651, CVE-2022-48653, CVE-2022-48654, CVE-2022-48655, CVE-2022-48656, CVE-2022-48657, CVE-2022-48660, CVE-2022-48662, CVE-2022-48663, CVE-2022-48667, CVE-2022-48668, CVE-2023-0160, CVE-2023-52476, CVE-2023-52500, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52616, CVE-2023-52628, CVE-2023-7042, CVE-2023-7192, CVE-2024-0841, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-23850, CVE-2024-26601, CVE-2024-26610, CVE-2024-26614, CVE-2024-26642, CVE-2024-26687, CVE-2024-26688, CVE-2024-26689, CVE-2024-26704, CVE-2024-26727, CVE-2024-26733, CVE-2024-26739, CVE-2024-26764, CVE-2024-26766, CVE-2024-26773, CVE-2024-26792, CVE-2024-26816, CVE-2024-26898, CVE-2024-26903, CVE-2024-27043, CVE-2024-27389
Maintenance Incident: [SUSE:Maintenance:33807](https://smelt.suse.de/incident/33807/)
Sources used:
SUSE Linux Enterprise Micro for Rancher 5.4 (src):
 kernel-source-rt-5.14.21-150400.15.79.1
SUSE Linux Enterprise Micro 5.4 (src):
 kernel-source-rt-5.14.21-150400.15.79.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src):
 kernel-source-rt-5.14.21-150400.15.79.1
SUSE Linux Enterprise Micro 5.3 (src):
 kernel-source-rt-5.14.21-150400.15.79.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Maintenance Automation 2024-05-14 16:31:16 UTC

SUSE-SU-2024:1646-1: An update that solves 187 vulnerabilities, contains one feature and has 16 security fixes can now be installed.

Category: security (important)
Bug References: 1141539, 1190317, 1190576, 1192145, 1194516, 1203935, 1209657, 1211592, 1217339, 1217987, 1217988, 1217989, 1218220, 1218336, 1218479, 1218562, 1219104, 1219169, 1219170, 1219618, 1219623, 1219847, 1220320, 1220366, 1220394, 1220411, 1220413, 1220416, 1220418, 1220442, 1220445, 1220521, 1220528, 1220536, 1220538, 1220554, 1220572, 1220580, 1220611, 1220625, 1220628, 1220637, 1220640, 1220662, 1220687, 1220692, 1220703, 1220706, 1220739, 1220742, 1220743, 1220745, 1220751, 1220768, 1220769, 1220777, 1220790, 1220794, 1220829, 1220836, 1220843, 1220846, 1220850, 1220871, 1220927, 1220960, 1220985, 1220987, 1221044, 1221046, 1221048, 1221058, 1221060, 1221061, 1221077, 1221082, 1221088, 1221162, 1221277, 1221293, 1221337, 1221532, 1221541, 1221548, 1221575, 1221605, 1221608, 1221617, 1221791, 1221816, 1221825, 1221830, 1221862, 1221934, 1221949, 1221952, 1221953, 1221965, 1221966, 1221967, 1221969, 1221972, 1221973, 1221977, 1221979, 1221988, 1221991, 1221993, 1221994, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222117, 1222294, 1222300, 1222357, 1222379, 1222422, 1222428, 1222449, 1222503, 1222559, 1222585, 1222609, 1222610, 1222613, 1222618, 1222619, 1222624, 1222630, 1222632, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222677, 1222706, 1222720, 1222765, 1222770, 1222772, 1222787, 1222790, 1222812, 1222836, 1222869, 1222876, 1222878, 1222881, 1222883, 1222888, 1222961, 1222975, 1222976, 1223016, 1223035, 1223049, 1223051, 1223057, 1223058, 1223060, 1223187, 1223189, 1223198, 1223203, 1223315, 1223432, 1223509, 1223512, 1223513, 1223516, 1223518, 1223626, 1223627, 1223664, 1223686, 1223693, 1223712, 1223715, 1223735, 1223744, 1223745, 1223770, 1223781, 1223819, 1223824, 1223827, 1223837, 1223842, 1223843, 1223844, 1223883, 1223885, 1223921, 1223941, 1223952, 1223953, 1223954
CVE References: CVE-2019-25160, CVE-2021-46904, CVE-2021-46905, CVE-2021-46909, CVE-2021-46938, CVE-2021-46939, CVE-2021-46941, CVE-2021-46950, CVE-2021-46958, CVE-2021-46960, CVE-2021-46963, CVE-2021-46964, CVE-2021-46966, CVE-2021-46981, CVE-2021-46988, CVE-2021-46990, CVE-2021-46998, CVE-2021-47006, CVE-2021-47015, CVE-2021-47024, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47055, CVE-2021-47056, CVE-2021-47060, CVE-2021-47061, CVE-2021-47063, CVE-2021-47068, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47100, CVE-2021-47101, CVE-2021-47104, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47138, CVE-2021-47141, CVE-2021-47142, CVE-2021-47143, CVE-2021-47146, CVE-2021-47149, CVE-2021-47150, CVE-2021-47153, CVE-2021-47159, CVE-2021-47161, CVE-2021-47162, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47171, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47188, CVE-2021-47189, CVE-2021-47198, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47207, CVE-2021-47211, CVE-2021-47216, CVE-2021-47217, CVE-2022-0487, CVE-2022-48619, CVE-2022-48626, CVE-2022-48636, CVE-2022-48650, CVE-2022-48651, CVE-2022-48667, CVE-2022-48668, CVE-2022-48687, CVE-2022-48688, CVE-2022-48695, CVE-2022-48701, CVE-2023-0160, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52486, CVE-2023-52488, CVE-2023-52509, CVE-2023-52515, CVE-2023-52524, CVE-2023-52528, CVE-2023-52575, CVE-2023-52583, CVE-2023-52587, CVE-2023-52590, CVE-2023-52591, CVE-2023-52595, CVE-2023-52598, CVE-2023-52607, CVE-2023-52614, CVE-2023-52620, CVE-2023-52628, CVE-2023-52635, CVE-2023-52639, CVE-2023-52644, CVE-2023-52646, CVE-2023-52650, CVE-2023-52652, CVE-2023-52653, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-24855, CVE-2024-24861, CVE-2024-26614, CVE-2024-26642, CVE-2024-26651, CVE-2024-26671, CVE-2024-26675, CVE-2024-26689, CVE-2024-26704, CVE-2024-26733, CVE-2024-26739, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26754, CVE-2024-26763, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26793, CVE-2024-26805, CVE-2024-26816, CVE-2024-26817, CVE-2024-26839, CVE-2024-26840, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857, CVE-2024-26859, CVE-2024-26878, CVE-2024-26883, CVE-2024-26884, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26907, CVE-2024-26922, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26948, CVE-2024-26993, CVE-2024-27013, CVE-2024-27014, CVE-2024-27043, CVE-2024-27046, CVE-2024-27054, CVE-2024-27072, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27078, CVE-2024-27388
Jira References: PED-5759
Maintenance Incident: [SUSE:Maintenance:33362](https://smelt.suse.de/incident/33362/)
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src):
 kernel-source-rt-4.12.14-10.182.1, kernel-syms-rt-4.12.14-10.182.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Maintenance Automation 2024-05-14 16:32:57 UTC

SUSE-SU-2024:1643-1: An update that solves 201 vulnerabilities, contains one feature and has 22 security fixes can now be installed.

Category: security (important)
Bug References: 1084332, 1141539, 1184509, 1186060, 1190317, 1190576, 1192145, 1194516, 1197894, 1203935, 1209657, 1211592, 1212514, 1213456, 1215221, 1217339, 1217987, 1217988, 1217989, 1218220, 1218336, 1218479, 1218562, 1218917, 1219104, 1219169, 1219170, 1219618, 1219623, 1219847, 1220320, 1220366, 1220394, 1220411, 1220413, 1220416, 1220418, 1220442, 1220445, 1220513, 1220521, 1220528, 1220536, 1220538, 1220554, 1220572, 1220580, 1220611, 1220625, 1220628, 1220637, 1220640, 1220662, 1220687, 1220692, 1220703, 1220706, 1220739, 1220742, 1220743, 1220745, 1220751, 1220768, 1220769, 1220777, 1220790, 1220794, 1220829, 1220836, 1220843, 1220846, 1220850, 1220871, 1220927, 1220960, 1220985, 1220987, 1221044, 1221046, 1221048, 1221058, 1221060, 1221061, 1221077, 1221082, 1221088, 1221162, 1221277, 1221293, 1221337, 1221532, 1221541, 1221543, 1221545, 1221548, 1221575, 1221605, 1221608, 1221617, 1221791, 1221816, 1221825, 1221830, 1221862, 1221934, 1221949, 1221952, 1221953, 1221965, 1221966, 1221967, 1221969, 1221972, 1221973, 1221977, 1221979, 1221988, 1221991, 1221993, 1221994, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222117, 1222294, 1222300, 1222357, 1222379, 1222422, 1222428, 1222449, 1222503, 1222559, 1222585, 1222609, 1222610, 1222613, 1222618, 1222619, 1222624, 1222630, 1222632, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222677, 1222706, 1222720, 1222765, 1222770, 1222772, 1222787, 1222790, 1222793, 1222812, 1222836, 1222869, 1222876, 1222878, 1222881, 1222883, 1222888, 1222952, 1222961, 1222975, 1222976, 1223016, 1223035, 1223049, 1223051, 1223057, 1223058, 1223060, 1223119, 1223187, 1223189, 1223198, 1223203, 1223315, 1223432, 1223509, 1223512, 1223513, 1223516, 1223518, 1223539, 1223540, 1223626, 1223627, 1223664, 1223686, 1223693, 1223712, 1223715, 1223735, 1223744, 1223745, 1223770, 1223781, 1223802, 1223819, 1223824, 1223827, 1223837, 1223842, 1223843, 1223844, 1223883, 1223885, 1223921, 1223923, 1223931, 1223941, 1223952, 1223953, 1223954, 1223969
CVE References: CVE-2019-25160, CVE-2020-36312, CVE-2021-23134, CVE-2021-46904, CVE-2021-46905, CVE-2021-46909, CVE-2021-46938, CVE-2021-46939, CVE-2021-46941, CVE-2021-46950, CVE-2021-46955, CVE-2021-46958, CVE-2021-46960, CVE-2021-46963, CVE-2021-46964, CVE-2021-46966, CVE-2021-46981, CVE-2021-46988, CVE-2021-46990, CVE-2021-46998, CVE-2021-47006, CVE-2021-47015, CVE-2021-47024, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47055, CVE-2021-47056, CVE-2021-47060, CVE-2021-47061, CVE-2021-47063, CVE-2021-47068, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47100, CVE-2021-47101, CVE-2021-47104, CVE-2021-47110, CVE-2021-47112, CVE-2021-47113, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47131, CVE-2021-47138, CVE-2021-47141, CVE-2021-47142, CVE-2021-47143, CVE-2021-47146, CVE-2021-47149, CVE-2021-47150, CVE-2021-47153, CVE-2021-47159, CVE-2021-47161, CVE-2021-47162, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47171, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47188, CVE-2021-47189, CVE-2021-47198, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47207, CVE-2021-47211, CVE-2021-47216, CVE-2021-47217, CVE-2022-0487, CVE-2022-48619, CVE-2022-48626, CVE-2022-48636, CVE-2022-48650, CVE-2022-48651, CVE-2022-48667, CVE-2022-48668, CVE-2022-48672, CVE-2022-48687, CVE-2022-48688, CVE-2022-48695, CVE-2022-48701, CVE-2022-48702, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-4881, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52486, CVE-2023-52488, CVE-2023-52509, CVE-2023-52515, CVE-2023-52524, CVE-2023-52528, CVE-2023-52575, CVE-2023-52583, CVE-2023-52587, CVE-2023-52590, CVE-2023-52591, CVE-2023-52595, CVE-2023-52598, CVE-2023-52607, CVE-2023-52614, CVE-2023-52620, CVE-2023-52628, CVE-2023-52635, CVE-2023-52639, CVE-2023-52644, CVE-2023-52646, CVE-2023-52650, CVE-2023-52652, CVE-2023-52653, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-0639, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-24855, CVE-2024-24861, CVE-2024-26614, CVE-2024-26642, CVE-2024-26651, CVE-2024-26671, CVE-2024-26675, CVE-2024-26689, CVE-2024-26704, CVE-2024-26733, CVE-2024-26739, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26754, CVE-2024-26763, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26791, CVE-2024-26793, CVE-2024-26805, CVE-2024-26816, CVE-2024-26817, CVE-2024-26839, CVE-2024-26840, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857, CVE-2024-26859, CVE-2024-26876, CVE-2024-26878, CVE-2024-26883, CVE-2024-26884, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26907, CVE-2024-26922, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26948, CVE-2024-26993, CVE-2024-27008, CVE-2024-27013, CVE-2024-27014, CVE-2024-27043, CVE-2024-27046, CVE-2024-27054, CVE-2024-27072, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27078, CVE-2024-27388
Jira References: PED-5759
Maintenance Incident: [SUSE:Maintenance:33343](https://smelt.suse.de/incident/33343/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.182.1, kernel-source-azure-4.12.14-16.182.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.182.1, kernel-source-azure-4.12.14-16.182.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.182.1, kernel-source-azure-4.12.14-16.182.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Maintenance Automation 2024-05-14 16:33:29 UTC

SUSE-SU-2024:1641-1: An update that solves 90 vulnerabilities and has three security fixes can now be installed.

Category: security (important)
Bug References: 1192145, 1209657, 1215221, 1216223, 1218336, 1218479, 1218562, 1219104, 1219126, 1219169, 1219170, 1219264, 1220342, 1220703, 1220761, 1220883, 1221044, 1221061, 1221088, 1221293, 1221299, 1221612, 1221725, 1221830, 1222117, 1222422, 1222430, 1222435, 1222482, 1222503, 1222536, 1222559, 1222585, 1222618, 1222624, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222703, 1222704, 1222706, 1222709, 1222721, 1222726, 1222773, 1222776, 1222785, 1222787, 1222790, 1222791, 1222792, 1222796, 1222824, 1222829, 1222832, 1222836, 1222838, 1222866, 1222867, 1222869, 1222876, 1222878, 1222879, 1222881, 1222883, 1222888, 1222894, 1222901, 1223016, 1223187, 1223380, 1223474, 1223475, 1223477, 1223479, 1223482, 1223484, 1223487, 1223503, 1223505, 1223509, 1223513, 1223516, 1223517, 1223518, 1223519, 1223522, 1223523, 1223705, 1223824
CVE References: CVE-2021-47047, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47187, CVE-2021-47188, CVE-2021-47189, CVE-2021-47191, CVE-2021-47192, CVE-2021-47193, CVE-2021-47194, CVE-2021-47195, CVE-2021-47196, CVE-2021-47197, CVE-2021-47198, CVE-2021-47199, CVE-2021-47200, CVE-2021-47201, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47206, CVE-2021-47207, CVE-2021-47209, CVE-2021-47210, CVE-2021-47211, CVE-2021-47212, CVE-2021-47215, CVE-2021-47216, CVE-2021-47217, CVE-2021-47218, CVE-2021-47219, CVE-2022-48631, CVE-2022-48637, CVE-2022-48638, CVE-2022-48647, CVE-2022-48648, CVE-2022-48650, CVE-2022-48651, CVE-2022-48653, CVE-2022-48654, CVE-2022-48655, CVE-2022-48656, CVE-2022-48657, CVE-2022-48660, CVE-2022-48662, CVE-2022-48663, CVE-2022-48667, CVE-2022-48668, CVE-2023-0160, CVE-2023-4881, CVE-2023-52476, CVE-2023-52500, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52616, CVE-2023-52628, CVE-2023-6270, CVE-2023-7042, CVE-2023-7192, CVE-2024-0841, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-23850, CVE-2024-25742, CVE-2024-26601, CVE-2024-26610, CVE-2024-26614, CVE-2024-26642, CVE-2024-26687, CVE-2024-26688, CVE-2024-26689, CVE-2024-26704, CVE-2024-26727, CVE-2024-26733, CVE-2024-26739, CVE-2024-26764, CVE-2024-26766, CVE-2024-26773, CVE-2024-26792, CVE-2024-26816, CVE-2024-26898, CVE-2024-26903, CVE-2024-27043, CVE-2024-27389
Maintenance Incident: [SUSE:Maintenance:33706](https://smelt.suse.de/incident/33706/)
Sources used:
openSUSE Leap Micro 5.4 (src):
 kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src):
 kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1
SUSE Linux Enterprise Micro 5.3 (src):
 kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src):
 kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1
SUSE Linux Enterprise Micro 5.4 (src):
 kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1
SUSE Linux Enterprise Live Patching 15-SP4 (src):
 kernel-livepatch-SLE15-SP4_Update_26-1-150400.9.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src):
 kernel-syms-5.14.21-150400.24.119.1, kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1, kernel-obs-build-5.14.21-150400.24.119.1, kernel-source-5.14.21-150400.24.119.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src):
 kernel-syms-5.14.21-150400.24.119.1, kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1, kernel-obs-build-5.14.21-150400.24.119.1, kernel-source-5.14.21-150400.24.119.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src):
 kernel-syms-5.14.21-150400.24.119.1, kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1, kernel-obs-build-5.14.21-150400.24.119.1, kernel-source-5.14.21-150400.24.119.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src):
 kernel-syms-5.14.21-150400.24.119.1, kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1, kernel-obs-build-5.14.21-150400.24.119.1, kernel-source-5.14.21-150400.24.119.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src):
 kernel-syms-5.14.21-150400.24.119.1, kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1, kernel-obs-build-5.14.21-150400.24.119.1, kernel-source-5.14.21-150400.24.119.1
SUSE Manager Proxy 4.3 (src):
 kernel-syms-5.14.21-150400.24.119.1, kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1, kernel-source-5.14.21-150400.24.119.1
SUSE Manager Retail Branch Server 4.3 (src):
 kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1, kernel-source-5.14.21-150400.24.119.1
SUSE Manager Server 4.3 (src):
 kernel-syms-5.14.21-150400.24.119.1, kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1, kernel-source-5.14.21-150400.24.119.1
openSUSE Leap 15.4 (src):
 kernel-livepatch-SLE15-SP4_Update_26-1-150400.9.3.1, kernel-obs-build-5.14.21-150400.24.119.1, kernel-source-5.14.21-150400.24.119.1, kernel-syms-5.14.21-150400.24.119.1, kernel-obs-qa-5.14.21-150400.24.119.1, kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1
openSUSE Leap Micro 5.3 (src):
 kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Maintenance Automation 2024-05-15 12:30:19 UTC

SUSE-SU-2024:1659-1: An update that solves 218 vulnerabilities, contains two features and has 29 security fixes can now be installed.

Category: security (important)
Bug References: 1177529, 1192145, 1211592, 1217408, 1218562, 1218917, 1219104, 1219126, 1219169, 1219170, 1219264, 1220342, 1220569, 1220761, 1220901, 1220915, 1220935, 1221042, 1221044, 1221080, 1221084, 1221088, 1221162, 1221299, 1221612, 1221617, 1221645, 1221791, 1221825, 1222011, 1222051, 1222247, 1222266, 1222294, 1222307, 1222357, 1222368, 1222379, 1222416, 1222422, 1222424, 1222427, 1222428, 1222430, 1222431, 1222435, 1222437, 1222445, 1222449, 1222482, 1222503, 1222520, 1222536, 1222549, 1222550, 1222557, 1222559, 1222585, 1222586, 1222596, 1222609, 1222610, 1222613, 1222615, 1222618, 1222624, 1222630, 1222632, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222677, 1222678, 1222680, 1222703, 1222704, 1222706, 1222709, 1222710, 1222720, 1222721, 1222724, 1222726, 1222727, 1222764, 1222772, 1222773, 1222776, 1222781, 1222784, 1222785, 1222787, 1222790, 1222791, 1222792, 1222796, 1222798, 1222801, 1222812, 1222824, 1222829, 1222832, 1222836, 1222838, 1222866, 1222867, 1222869, 1222876, 1222878, 1222879, 1222881, 1222883, 1222888, 1222894, 1222901, 1222968, 1223012, 1223014, 1223016, 1223024, 1223030, 1223033, 1223034, 1223035, 1223036, 1223037, 1223041, 1223042, 1223051, 1223052, 1223056, 1223057, 1223058, 1223060, 1223061, 1223065, 1223066, 1223067, 1223068, 1223076, 1223078, 1223111, 1223115, 1223118, 1223187, 1223189, 1223190, 1223191, 1223196, 1223197, 1223198, 1223275, 1223323, 1223369, 1223380, 1223473, 1223474, 1223475, 1223477, 1223478, 1223479, 1223481, 1223482, 1223484, 1223487, 1223490, 1223496, 1223498, 1223499, 1223501, 1223502, 1223503, 1223505, 1223509, 1223511, 1223512, 1223513, 1223516, 1223517, 1223518, 1223519, 1223520, 1223522, 1223523, 1223525, 1223539, 1223574, 1223595, 1223598, 1223634, 1223643, 1223644, 1223645, 1223646, 1223648, 1223655, 1223657, 1223660, 1223661, 1223663, 1223664, 1223668, 1223686, 1223693, 1223705, 1223714, 1223735, 1223745, 1223784, 1223785, 1223790, 1223816, 1223821, 1223822, 1223824, 1223827, 1223834, 1223875, 1223876, 1223877, 1223878, 1223879, 1223894, 1223921, 1223922, 1223923, 1223924, 1223929, 1223931, 1223932, 1223934, 1223941, 1223948, 1223949, 1223950, 1223951, 1223952, 1223953, 1223956, 1223957, 1223960, 1223962, 1223963, 1223964
CVE References: CVE-2021-47047, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47187, CVE-2021-47188, CVE-2021-47189, CVE-2021-47191, CVE-2021-47192, CVE-2021-47193, CVE-2021-47194, CVE-2021-47195, CVE-2021-47196, CVE-2021-47197, CVE-2021-47198, CVE-2021-47199, CVE-2021-47200, CVE-2021-47201, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47206, CVE-2021-47207, CVE-2021-47209, CVE-2021-47210, CVE-2021-47211, CVE-2021-47212, CVE-2021-47214, CVE-2021-47215, CVE-2021-47216, CVE-2021-47217, CVE-2021-47218, CVE-2021-47219, CVE-2022-48631, CVE-2022-48632, CVE-2022-48634, CVE-2022-48636, CVE-2022-48637, CVE-2022-48638, CVE-2022-48639, CVE-2022-48640, CVE-2022-48642, CVE-2022-48644, CVE-2022-48646, CVE-2022-48647, CVE-2022-48648, CVE-2022-48650, CVE-2022-48651, CVE-2022-48652, CVE-2022-48653, CVE-2022-48654, CVE-2022-48655, CVE-2022-48656, CVE-2022-48657, CVE-2022-48658, CVE-2022-48659, CVE-2022-48660, CVE-2022-48662, CVE-2022-48663, CVE-2022-48667, CVE-2022-48668, CVE-2022-48671, CVE-2022-48672, CVE-2022-48673, CVE-2022-48675, CVE-2022-48686, CVE-2022-48687, CVE-2022-48688, CVE-2022-48690, CVE-2022-48692, CVE-2022-48693, CVE-2022-48694, CVE-2022-48695, CVE-2022-48697, CVE-2022-48698, CVE-2022-48700, CVE-2022-48701, CVE-2022-48702, CVE-2022-48703, CVE-2022-48704, CVE-2023-2860, CVE-2023-52488, CVE-2023-52503, CVE-2023-52561, CVE-2023-52585, CVE-2023-52589, CVE-2023-52590, CVE-2023-52591, CVE-2023-52593, CVE-2023-52614, CVE-2023-52616, CVE-2023-52620, CVE-2023-52627, CVE-2023-52635, CVE-2023-52636, CVE-2023-52645, CVE-2023-52652, CVE-2023-6270, CVE-2024-0639, CVE-2024-0841, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-23850, CVE-2024-26601, CVE-2024-26610, CVE-2024-26656, CVE-2024-26660, CVE-2024-26671, CVE-2024-26673, CVE-2024-26675, CVE-2024-26680, CVE-2024-26681, CVE-2024-26684, CVE-2024-26685, CVE-2024-26687, CVE-2024-26688, CVE-2024-26689, CVE-2024-26696, CVE-2024-26697, CVE-2024-26702, CVE-2024-26704, CVE-2024-26718, CVE-2024-26722, CVE-2024-26727, CVE-2024-26733, CVE-2024-26736, CVE-2024-26737, CVE-2024-26739, CVE-2024-26743, CVE-2024-26744, CVE-2024-26745, CVE-2024-26747, CVE-2024-26749, CVE-2024-26751, CVE-2024-26754, CVE-2024-26760, CVE-2024-26763, CVE-2024-26764, CVE-2024-26766, CVE-2024-26769, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26776, CVE-2024-26779, CVE-2024-26783, CVE-2024-26787, CVE-2024-26790, CVE-2024-26792, CVE-2024-26793, CVE-2024-26798, CVE-2024-26805, CVE-2024-26807, CVE-2024-26816, CVE-2024-26817, CVE-2024-26820, CVE-2024-26825, CVE-2024-26830, CVE-2024-26833, CVE-2024-26836, CVE-2024-26843, CVE-2024-26848, CVE-2024-26852, CVE-2024-26853, CVE-2024-26855, CVE-2024-26856, CVE-2024-26857, CVE-2024-26861, CVE-2024-26862, CVE-2024-26866, CVE-2024-26872, CVE-2024-26875, CVE-2024-26878, CVE-2024-26879, CVE-2024-26881, CVE-2024-26882, CVE-2024-26883, CVE-2024-26884, CVE-2024-26885, CVE-2024-26891, CVE-2024-26893, CVE-2024-26895, CVE-2024-26896, CVE-2024-26897, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26917, CVE-2024-26927, CVE-2024-26948, CVE-2024-26950, CVE-2024-26951, CVE-2024-26955, CVE-2024-26956, CVE-2024-26960, CVE-2024-26965, CVE-2024-26966, CVE-2024-26969, CVE-2024-26970, CVE-2024-26972, CVE-2024-26981, CVE-2024-26982, CVE-2024-26993, CVE-2024-27013, CVE-2024-27014, CVE-2024-27030, CVE-2024-27038, CVE-2024-27039, CVE-2024-27041, CVE-2024-27043, CVE-2024-27046, CVE-2024-27056, CVE-2024-27062, CVE-2024-27389
Jira References: PED-7167, PED-7619
Maintenance Incident: [SUSE:Maintenance:33750](https://smelt.suse.de/incident/33750/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-obs-build-5.14.21-150500.55.62.2, kernel-livepatch-SLE15-SP5_Update_13-1-150500.11.3.2, kernel-source-5.14.21-150500.55.62.2, kernel-obs-qa-5.14.21-150500.55.62.1, kernel-syms-5.14.21-150500.55.62.1, kernel-default-base-5.14.21-150500.55.62.2.150500.6.27.2
SUSE Linux Enterprise Micro 5.5 (src):
 kernel-default-base-5.14.21-150500.55.62.2.150500.6.27.2
Basesystem Module 15-SP5 (src):
 kernel-source-5.14.21-150500.55.62.2, kernel-default-base-5.14.21-150500.55.62.2.150500.6.27.2
Development Tools Module 15-SP5 (src):
 kernel-obs-build-5.14.21-150500.55.62.2, kernel-syms-5.14.21-150500.55.62.1, kernel-source-5.14.21-150500.55.62.2
SUSE Linux Enterprise Live Patching 15-SP5 (src):
 kernel-livepatch-SLE15-SP5_Update_13-1-150500.11.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Maintenance Automation 2024-05-15 20:30:21 UTC

SUSE-SU-2024:1663-1: An update that solves 219 vulnerabilities, contains 20 features and has 45 security fixes can now be installed.

Category: security (important)
Bug References: 1141539, 1177529, 1190576, 1192145, 1192837, 1193629, 1196869, 1200313, 1201308, 1201489, 1203906, 1203935, 1204614, 1207361, 1211592, 1213573, 1217408, 1218562, 1218917, 1219104, 1219126, 1219141, 1219169, 1219170, 1219264, 1220342, 1220492, 1220569, 1220761, 1220901, 1220915, 1220935, 1221042, 1221044, 1221080, 1221084, 1221088, 1221162, 1221299, 1221612, 1221617, 1221645, 1221791, 1221825, 1222011, 1222051, 1222247, 1222266, 1222294, 1222307, 1222357, 1222368, 1222379, 1222416, 1222422, 1222424, 1222427, 1222428, 1222430, 1222431, 1222435, 1222437, 1222445, 1222449, 1222482, 1222503, 1222520, 1222536, 1222549, 1222550, 1222557, 1222559, 1222585, 1222586, 1222596, 1222609, 1222610, 1222613, 1222615, 1222618, 1222624, 1222630, 1222632, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222677, 1222678, 1222680, 1222703, 1222704, 1222706, 1222709, 1222710, 1222720, 1222721, 1222724, 1222726, 1222727, 1222764, 1222772, 1222773, 1222776, 1222781, 1222784, 1222785, 1222787, 1222790, 1222791, 1222792, 1222796, 1222798, 1222801, 1222812, 1222824, 1222829, 1222832, 1222836, 1222838, 1222866, 1222867, 1222869, 1222876, 1222878, 1222879, 1222881, 1222883, 1222888, 1222894, 1222901, 1222968, 1223012, 1223014, 1223016, 1223024, 1223030, 1223033, 1223034, 1223035, 1223036, 1223037, 1223041, 1223042, 1223051, 1223052, 1223056, 1223057, 1223058, 1223060, 1223061, 1223065, 1223066, 1223067, 1223068, 1223076, 1223078, 1223111, 1223115, 1223118, 1223187, 1223189, 1223190, 1223191, 1223196, 1223197, 1223198, 1223275, 1223323, 1223369, 1223380, 1223473, 1223474, 1223475, 1223477, 1223478, 1223479, 1223481, 1223482, 1223484, 1223487, 1223490, 1223496, 1223498, 1223499, 1223501, 1223502, 1223503, 1223505, 1223509, 1223511, 1223512, 1223513, 1223516, 1223517, 1223518, 1223519, 1223520, 1223522, 1223523, 1223525, 1223536, 1223539, 1223574, 1223595, 1223598, 1223634, 1223640, 1223643, 1223644, 1223645, 1223646, 1223648, 1223655, 1223657, 1223660, 1223661, 1223663, 1223664, 1223668, 1223686, 1223693, 1223705, 1223714, 1223735, 1223745, 1223784, 1223785, 1223790, 1223816, 1223821, 1223822, 1223824, 1223827, 1223834, 1223875, 1223876, 1223877, 1223878, 1223879, 1223894, 1223921, 1223922, 1223923, 1223924, 1223929, 1223931, 1223932, 1223934, 1223941, 1223948, 1223949, 1223950, 1223951, 1223952, 1223953, 1223956, 1223957, 1223960, 1223962, 1223963, 1223964
CVE References: CVE-2021-47047, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47187, CVE-2021-47188, CVE-2021-47189, CVE-2021-47191, CVE-2021-47192, CVE-2021-47193, CVE-2021-47194, CVE-2021-47195, CVE-2021-47196, CVE-2021-47197, CVE-2021-47198, CVE-2021-47199, CVE-2021-47200, CVE-2021-47201, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47206, CVE-2021-47207, CVE-2021-47209, CVE-2021-47210, CVE-2021-47211, CVE-2021-47212, CVE-2021-47214, CVE-2021-47215, CVE-2021-47216, CVE-2021-47217, CVE-2021-47218, CVE-2021-47219, CVE-2022-48631, CVE-2022-48632, CVE-2022-48634, CVE-2022-48636, CVE-2022-48637, CVE-2022-48638, CVE-2022-48639, CVE-2022-48640, CVE-2022-48642, CVE-2022-48644, CVE-2022-48646, CVE-2022-48647, CVE-2022-48648, CVE-2022-48650, CVE-2022-48651, CVE-2022-48652, CVE-2022-48653, CVE-2022-48654, CVE-2022-48655, CVE-2022-48656, CVE-2022-48657, CVE-2022-48658, CVE-2022-48659, CVE-2022-48660, CVE-2022-48662, CVE-2022-48663, CVE-2022-48667, CVE-2022-48668, CVE-2022-48671, CVE-2022-48672, CVE-2022-48673, CVE-2022-48675, CVE-2022-48686, CVE-2022-48687, CVE-2022-48688, CVE-2022-48690, CVE-2022-48692, CVE-2022-48693, CVE-2022-48694, CVE-2022-48695, CVE-2022-48697, CVE-2022-48698, CVE-2022-48700, CVE-2022-48701, CVE-2022-48702, CVE-2022-48703, CVE-2022-48704, CVE-2023-2860, CVE-2023-52488, CVE-2023-52503, CVE-2023-52561, CVE-2023-52585, CVE-2023-52589, CVE-2023-52590, CVE-2023-52591, CVE-2023-52593, CVE-2023-52614, CVE-2023-52616, CVE-2023-52620, CVE-2023-52627, CVE-2023-52635, CVE-2023-52636, CVE-2023-52645, CVE-2023-52652, CVE-2023-6270, CVE-2024-0639, CVE-2024-0841, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-23850, CVE-2024-26601, CVE-2024-26610, CVE-2024-26656, CVE-2024-26660, CVE-2024-26671, CVE-2024-26673, CVE-2024-26675, CVE-2024-26680, CVE-2024-26681, CVE-2024-26684, CVE-2024-26685, CVE-2024-26687, CVE-2024-26688, CVE-2024-26689, CVE-2024-26696, CVE-2024-26697, CVE-2024-26702, CVE-2024-26704, CVE-2024-26718, CVE-2024-26722, CVE-2024-26727, CVE-2024-26733, CVE-2024-26736, CVE-2024-26737, CVE-2024-26739, CVE-2024-26743, CVE-2024-26744, CVE-2024-26745, CVE-2024-26747, CVE-2024-26749, CVE-2024-26751, CVE-2024-26754, CVE-2024-26760, CVE-2024-267600, CVE-2024-26763, CVE-2024-26764, CVE-2024-26766, CVE-2024-26769, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26776, CVE-2024-26779, CVE-2024-26783, CVE-2024-26787, CVE-2024-26790, CVE-2024-26792, CVE-2024-26793, CVE-2024-26798, CVE-2024-26805, CVE-2024-26807, CVE-2024-26816, CVE-2024-26817, CVE-2024-26820, CVE-2024-26825, CVE-2024-26830, CVE-2024-26833, CVE-2024-26836, CVE-2024-26843, CVE-2024-26848, CVE-2024-26852, CVE-2024-26853, CVE-2024-26855, CVE-2024-26856, CVE-2024-26857, CVE-2024-26861, CVE-2024-26862, CVE-2024-26866, CVE-2024-26872, CVE-2024-26875, CVE-2024-26878, CVE-2024-26879, CVE-2024-26881, CVE-2024-26882, CVE-2024-26883, CVE-2024-26884, CVE-2024-26885, CVE-2024-26891, CVE-2024-26893, CVE-2024-26895, CVE-2024-26896, CVE-2024-26897, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26917, CVE-2024-26927, CVE-2024-26948, CVE-2024-26950, CVE-2024-26951, CVE-2024-26955, CVE-2024-26956, CVE-2024-26960, CVE-2024-26965, CVE-2024-26966, CVE-2024-26969, CVE-2024-26970, CVE-2024-26972, CVE-2024-26981, CVE-2024-26982, CVE-2024-26993, CVE-2024-27013, CVE-2024-27014, CVE-2024-27030, CVE-2024-27038, CVE-2024-27039, CVE-2024-27041, CVE-2024-27043, CVE-2024-27046, CVE-2024-27056, CVE-2024-27062, CVE-2024-27389
Jira References: PED-1166, PED-1168, PED-1170, PED-1218, PED-1220, PED-1222, PED-1223, PED-1225, PED-1565, PED-2849, PED-376, PED-542, PED-7167, PED-7619, SLE-18378, SLE-18383, SLE-18385, SLE-18978, SLE-19249, SLE-19253
Maintenance Incident: [SUSE:Maintenance:33809](https://smelt.suse.de/incident/33809/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-syms-rt-5.14.21-150500.13.52.1, kernel-livepatch-SLE15-SP5-RT_Update_14-1-150500.11.5.1, kernel-source-rt-5.14.21-150500.13.52.1
SUSE Linux Enterprise Micro 5.5 (src):
 kernel-source-rt-5.14.21-150500.13.52.1
SUSE Linux Enterprise Live Patching 15-SP5 (src):
 kernel-livepatch-SLE15-SP5-RT_Update_14-1-150500.11.5.1
SUSE Real Time Module 15-SP5 (src):
 kernel-syms-rt-5.14.21-150500.13.52.1, kernel-source-rt-5.14.21-150500.13.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Maintenance Automation 2024-05-21 16:30:39 UTC

SUSE-SU-2024:1648-2: An update that solves 193 vulnerabilities, contains one feature and has 17 security fixes can now be installed.

Category: security (important)
Bug References: 1084332, 1141539, 1184509, 1186060, 1190317, 1190576, 1192145, 1194516, 1203935, 1209657, 1211592, 1212514, 1213456, 1217339, 1217987, 1217988, 1217989, 1218220, 1218336, 1218479, 1218562, 1219104, 1219169, 1219170, 1219618, 1219623, 1219847, 1220320, 1220366, 1220394, 1220411, 1220416, 1220418, 1220422, 1220442, 1220445, 1220505, 1220521, 1220528, 1220536, 1220538, 1220554, 1220572, 1220580, 1220611, 1220625, 1220628, 1220637, 1220640, 1220662, 1220687, 1220692, 1220703, 1220706, 1220739, 1220742, 1220743, 1220745, 1220751, 1220768, 1220769, 1220777, 1220790, 1220794, 1220829, 1220836, 1220843, 1220846, 1220850, 1220871, 1220927, 1220960, 1220985, 1220987, 1221044, 1221046, 1221048, 1221058, 1221060, 1221061, 1221077, 1221082, 1221088, 1221162, 1221277, 1221293, 1221337, 1221532, 1221541, 1221548, 1221575, 1221605, 1221608, 1221617, 1221791, 1221816, 1221825, 1221830, 1221862, 1221934, 1221949, 1221952, 1221953, 1221965, 1221966, 1221967, 1221969, 1221972, 1221973, 1221977, 1221979, 1221988, 1221991, 1221993, 1221994, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222117, 1222294, 1222300, 1222357, 1222379, 1222422, 1222428, 1222449, 1222503, 1222559, 1222585, 1222609, 1222610, 1222613, 1222618, 1222619, 1222624, 1222630, 1222632, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222677, 1222706, 1222720, 1222765, 1222770, 1222772, 1222787, 1222790, 1222812, 1222836, 1222869, 1222876, 1222878, 1222881, 1222883, 1222888, 1222952, 1222961, 1222975, 1222976, 1223016, 1223035, 1223049, 1223051, 1223057, 1223058, 1223060, 1223187, 1223189, 1223198, 1223203, 1223315, 1223432, 1223509, 1223512, 1223513, 1223516, 1223518, 1223626, 1223627, 1223664, 1223686, 1223693, 1223712, 1223715, 1223735, 1223744, 1223745, 1223770, 1223781, 1223819, 1223824, 1223827, 1223837, 1223842, 1223843, 1223844, 1223883, 1223885, 1223921, 1223941, 1223952, 1223953, 1223954
CVE References: CVE-2019-25160, CVE-2020-36312, CVE-2021-23134, CVE-2021-46904, CVE-2021-46905, CVE-2021-46907, CVE-2021-46909, CVE-2021-46938, CVE-2021-46939, CVE-2021-46941, CVE-2021-46950, CVE-2021-46958, CVE-2021-46960, CVE-2021-46963, CVE-2021-46964, CVE-2021-46966, CVE-2021-46975, CVE-2021-46981, CVE-2021-46988, CVE-2021-46990, CVE-2021-46998, CVE-2021-47006, CVE-2021-47015, CVE-2021-47024, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47055, CVE-2021-47056, CVE-2021-47060, CVE-2021-47061, CVE-2021-47063, CVE-2021-47068, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47100, CVE-2021-47101, CVE-2021-47104, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47138, CVE-2021-47141, CVE-2021-47142, CVE-2021-47143, CVE-2021-47146, CVE-2021-47149, CVE-2021-47150, CVE-2021-47153, CVE-2021-47159, CVE-2021-47161, CVE-2021-47162, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47171, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47188, CVE-2021-47189, CVE-2021-47198, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47207, CVE-2021-47211, CVE-2021-47216, CVE-2021-47217, CVE-2022-0487, CVE-2022-48619, CVE-2022-48626, CVE-2022-48636, CVE-2022-48650, CVE-2022-48651, CVE-2022-48667, CVE-2022-48668, CVE-2022-48687, CVE-2022-48688, CVE-2022-48695, CVE-2022-48701, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52486, CVE-2023-52488, CVE-2023-52509, CVE-2023-52515, CVE-2023-52524, CVE-2023-52528, CVE-2023-52575, CVE-2023-52583, CVE-2023-52587, CVE-2023-52590, CVE-2023-52591, CVE-2023-52595, CVE-2023-52598, CVE-2023-52607, CVE-2023-52614, CVE-2023-52620, CVE-2023-52628, CVE-2023-52635, CVE-2023-52639, CVE-2023-52644, CVE-2023-52646, CVE-2023-52650, CVE-2023-52652, CVE-2023-52653, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-24855, CVE-2024-24861, CVE-2024-26614, CVE-2024-26642, CVE-2024-26651, CVE-2024-26671, CVE-2024-26675, CVE-2024-26689, CVE-2024-26704, CVE-2024-26733, CVE-2024-26739, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26754, CVE-2024-26763, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26793, CVE-2024-26805, CVE-2024-26816, CVE-2024-26817, CVE-2024-26839, CVE-2024-26840, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857, CVE-2024-26859, CVE-2024-26878, CVE-2024-26883, CVE-2024-26884, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26907, CVE-2024-26922, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26948, CVE-2024-26993, CVE-2024-27013, CVE-2024-27014, CVE-2024-27043, CVE-2024-27046, CVE-2024-27054, CVE-2024-27072, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27078, CVE-2024-27388
Jira References: PED-5759
Maintenance Incident: [SUSE:Maintenance:33233](https://smelt.suse.de/incident/33233/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_55-1-8.11.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.212.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-source-4.12.14-122.212.1, kernel-syms-4.12.14-122.212.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-source-4.12.14-122.212.1, kernel-syms-4.12.14-122.212.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-source-4.12.14-122.212.1, kernel-syms-4.12.14-122.212.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Maintenance Automation 2024-05-30 16:30:38 UTC

SUSE-SU-2024:1870-1: An update that solves 193 vulnerabilities, contains one feature and has 18 security fixes can now be installed.

Category: security (important)
Bug References: 1084332, 1141539, 1184509, 1186060, 1190317, 1190576, 1192145, 1194516, 1203935, 1209657, 1211592, 1212514, 1213456, 1217339, 1217987, 1217988, 1217989, 1218220, 1218336, 1218479, 1218562, 1219104, 1219169, 1219170, 1219618, 1219623, 1219847, 1220320, 1220366, 1220394, 1220411, 1220416, 1220418, 1220422, 1220442, 1220445, 1220505, 1220521, 1220528, 1220536, 1220538, 1220554, 1220572, 1220580, 1220611, 1220625, 1220628, 1220637, 1220640, 1220662, 1220687, 1220692, 1220703, 1220706, 1220739, 1220742, 1220743, 1220745, 1220751, 1220768, 1220769, 1220777, 1220790, 1220794, 1220829, 1220836, 1220843, 1220846, 1220850, 1220871, 1220927, 1220960, 1220985, 1220987, 1221044, 1221046, 1221048, 1221058, 1221060, 1221061, 1221077, 1221082, 1221088, 1221162, 1221277, 1221293, 1221337, 1221532, 1221541, 1221548, 1221575, 1221605, 1221608, 1221617, 1221791, 1221816, 1221825, 1221830, 1221862, 1221934, 1221949, 1221952, 1221953, 1221965, 1221966, 1221967, 1221969, 1221972, 1221973, 1221977, 1221979, 1221988, 1221991, 1221993, 1221994, 1221997, 1221998, 1221999, 1222000, 1222001, 1222002, 1222117, 1222294, 1222300, 1222357, 1222379, 1222422, 1222428, 1222449, 1222503, 1222559, 1222585, 1222609, 1222610, 1222613, 1222618, 1222619, 1222624, 1222630, 1222632, 1222660, 1222662, 1222664, 1222666, 1222669, 1222671, 1222677, 1222706, 1222720, 1222765, 1222770, 1222772, 1222787, 1222790, 1222812, 1222836, 1222869, 1222876, 1222878, 1222881, 1222883, 1222888, 1222952, 1222961, 1222975, 1222976, 1223016, 1223035, 1223049, 1223051, 1223057, 1223058, 1223060, 1223187, 1223189, 1223198, 1223203, 1223315, 1223432, 1223509, 1223512, 1223513, 1223516, 1223518, 1223626, 1223627, 1223664, 1223686, 1223693, 1223712, 1223715, 1223735, 1223744, 1223745, 1223770, 1223781, 1223819, 1223824, 1223827, 1223837, 1223842, 1223843, 1223844, 1223883, 1223885, 1223921, 1223941, 1223952, 1223953, 1223954, 1224785
CVE References: CVE-2019-25160, CVE-2020-36312, CVE-2021-23134, CVE-2021-46904, CVE-2021-46905, CVE-2021-46907, CVE-2021-46909, CVE-2021-46938, CVE-2021-46939, CVE-2021-46941, CVE-2021-46950, CVE-2021-46958, CVE-2021-46960, CVE-2021-46963, CVE-2021-46964, CVE-2021-46966, CVE-2021-46975, CVE-2021-46981, CVE-2021-46988, CVE-2021-46990, CVE-2021-46998, CVE-2021-47006, CVE-2021-47015, CVE-2021-47024, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47055, CVE-2021-47056, CVE-2021-47060, CVE-2021-47061, CVE-2021-47063, CVE-2021-47068, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47100, CVE-2021-47101, CVE-2021-47104, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47138, CVE-2021-47141, CVE-2021-47142, CVE-2021-47143, CVE-2021-47146, CVE-2021-47149, CVE-2021-47150, CVE-2021-47153, CVE-2021-47159, CVE-2021-47161, CVE-2021-47162, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47171, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47182, CVE-2021-47183, CVE-2021-47184, CVE-2021-47185, CVE-2021-47188, CVE-2021-47189, CVE-2021-47198, CVE-2021-47202, CVE-2021-47203, CVE-2021-47204, CVE-2021-47205, CVE-2021-47207, CVE-2021-47211, CVE-2021-47216, CVE-2021-47217, CVE-2022-0487, CVE-2022-48619, CVE-2022-48626, CVE-2022-48636, CVE-2022-48650, CVE-2022-48651, CVE-2022-48667, CVE-2022-48668, CVE-2022-48687, CVE-2022-48688, CVE-2022-48695, CVE-2022-48701, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52486, CVE-2023-52488, CVE-2023-52509, CVE-2023-52515, CVE-2023-52524, CVE-2023-52528, CVE-2023-52575, CVE-2023-52583, CVE-2023-52587, CVE-2023-52590, CVE-2023-52591, CVE-2023-52595, CVE-2023-52598, CVE-2023-52607, CVE-2023-52614, CVE-2023-52620, CVE-2023-52628, CVE-2023-52635, CVE-2023-52639, CVE-2023-52644, CVE-2023-52646, CVE-2023-52650, CVE-2023-52652, CVE-2023-52653, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-23848, CVE-2024-24855, CVE-2024-24861, CVE-2024-26614, CVE-2024-26642, CVE-2024-26651, CVE-2024-26671, CVE-2024-26675, CVE-2024-26689, CVE-2024-26704, CVE-2024-26733, CVE-2024-26739, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26754, CVE-2024-26763, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26793, CVE-2024-26805, CVE-2024-26816, CVE-2024-26817, CVE-2024-26839, CVE-2024-26840, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857, CVE-2024-26859, CVE-2024-26878, CVE-2024-26883, CVE-2024-26884, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26907, CVE-2024-26922, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26948, CVE-2024-26993, CVE-2024-27013, CVE-2024-27014, CVE-2024-27043, CVE-2024-27046, CVE-2024-27054, CVE-2024-27072, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27078, CVE-2024-27388
Jira References: PED-5759
Maintenance Incident: [SUSE:Maintenance:34082](https://smelt.suse.de/incident/34082/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_56-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.216.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-4.12.14-122.216.1, kernel-source-4.12.14-122.216.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-4.12.14-122.216.1, kernel-source-4.12.14-122.216.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-4.12.14-122.216.1, kernel-source-4.12.14-122.216.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.