1224951 – (CVE-2023-52843) VUL-0: CVE-2023-52843: kernel: llc: verify mac len before reading mac header

Bug 1224951 (CVE-2023-52843) - VUL-0: CVE-2023-52843: kernel: llc: verify mac len before reading mac header

Summary: VUL-0: CVE-2023-52843: kernel: llc: verify mac len before reading mac header

Status:	NEW

Alias:	CVE-2023-52843

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/407154/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-52843:5.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-05-22 12:17 UTC by SMASH SMASH
Modified:	2024-07-18 16:35 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-05-22 12:17:44 UTC

In the Linux kernel, the following vulnerability has been resolved:

llc: verify mac len before reading mac header

LLC reads the mac header with eth_hdr without verifying that the skb
has an Ethernet header.

Syzbot was able to enter llc_rcv on a tun device. Tun can insert
packets without mac len and with user configurable skb->protocol
(passing a tun_pi header when not configuring IFF_NO_PI).

BUG: KMSAN: uninit-value in llc_station_ac_send_test_r net/llc/llc_station.c:81 [inline]
BUG: KMSAN: uninit-value in llc_station_rcv+0x6fb/0x1290 net/llc/llc_station.c:111
llc_station_ac_send_test_r net/llc/llc_station.c:81 [inline]
llc_station_rcv+0x6fb/0x1290 net/llc/llc_station.c:111
llc_rcv+0xc5d/0x14a0 net/llc/llc_input.c:218
__netif_receive_skb_one_core net/core/dev.c:5523 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637
netif_receive_skb_internal net/core/dev.c:5723 [inline]
netif_receive_skb+0x58/0x660 net/core/dev.c:5782
tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555
tun_get_user+0x54c5/0x69c0 drivers/net/tun.c:2002

Add a mac_len test before all three eth_hdr(skb) calls under net/llc.

There are further uses in include/net/llc_pdu.h. All these are
protected by a test skb->protocol == ETH_P_802_2. Which does not
protect against this tun scenario.

But the mac_len test added in this patch in llc_fixup_skb will
indirectly protect those too. That is called from llc_rcv before any
other LLC code.

It is tempting to just add a blanket mac_len check in llc_rcv, but
not sure whether that could break valid LLC paths that do not assume
an Ethernet header. 802.2 LLC may be used on top of non-802.3
protocols in principle. The below referenced commit shows that used
to, on top of Token Ring.

At least one of the three eth_hdr uses goes back to before the start
of git history. But the one that syzbot exercises is introduced in
this commit. That commit is old enough (2008), that effectively all
stable kernels should receive this.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52843
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2023/CVE-2023-52843.mbox
https://git.kernel.org/stable/c/900a4418e3f66a32db6baaf23f92b99c20ae6535
https://git.kernel.org/stable/c/9a3f9054a5227d7567cba1fb821df48ccecad10c
https://git.kernel.org/stable/c/cbdcdf42d15dac74c7287679fb2a9d955f8feb1f
https://git.kernel.org/stable/c/3a2653828ffc6101aef80bf58d5b77484239f779
https://git.kernel.org/stable/c/352887b3edd007cf9b0abc30fe9d98622acd859b
https://git.kernel.org/stable/c/f980e9a57dfb9530f1f4ee41a2420f2a256d7b29
https://git.kernel.org/stable/c/0a720d0259ad3521ec6c9e4199f9f6fc75bac77a
https://git.kernel.org/stable/c/ff5cb6a4f0c6d7fbdc84858323fb4b7af32cfd79
https://git.kernel.org/stable/c/7b3ba18703a63f6fd487183b9262b08e5632da1b
https://www.cve.org/CVERecord?id=CVE-2023-52843

Comment 20 Maintenance Automation 2024-07-09 16:30:47 UTC

SUSE-SU-2024:2372-1: An update that solves 249 vulnerabilities, contains three features and has 45 security fixes can now be installed.

Category: security (important)
Bug References: 1156395, 1190336, 1191958, 1193883, 1194826, 1195065, 1195254, 1195341, 1195349, 1195775, 1196746, 1197915, 1198014, 1199295, 1202767, 1202780, 1205205, 1207361, 1217912, 1218148, 1218570, 1218820, 1219224, 1219633, 1219847, 1220368, 1220812, 1220958, 1221086, 1221282, 1221958, 1222015, 1222072, 1222080, 1222241, 1222254, 1222364, 1222893, 1223013, 1223018, 1223265, 1223384, 1223641, 1224020, 1224331, 1224488, 1224497, 1224498, 1224504, 1224520, 1224539, 1224540, 1224552, 1224583, 1224588, 1224602, 1224603, 1224605, 1224612, 1224614, 1224619, 1224661, 1224662, 1224670, 1224671, 1224674, 1224677, 1224679, 1224696, 1224703, 1224712, 1224716, 1224719, 1224735, 1224749, 1224764, 1224765, 1224766, 1224935, 1224946, 1224951, 1225050, 1225098, 1225105, 1225300, 1225389, 1225391, 1225419, 1225426, 1225448, 1225452, 1225467, 1225475, 1225484, 1225487, 1225514, 1225518, 1225535, 1225585, 1225602, 1225611, 1225681, 1225692, 1225698, 1225699, 1225704, 1225714, 1225726, 1225732, 1225737, 1225749, 1225758, 1225759, 1225760, 1225767, 1225770, 1225823, 1225834, 1225840, 1225866, 1225872, 1225894, 1225945, 1226022, 1226131, 1226145, 1226149, 1226155, 1226211, 1226212, 1226226, 1226514, 1226520, 1226537, 1226538, 1226539, 1226550, 1226552, 1226553, 1226554, 1226556, 1226557, 1226558, 1226559, 1226561, 1226562, 1226563, 1226564, 1226566, 1226567, 1226569, 1226572, 1226575, 1226576, 1226577, 1226579, 1226580, 1226581, 1226582, 1226583, 1226585, 1226587, 1226588, 1226593, 1226595, 1226597, 1226601, 1226602, 1226603, 1226607, 1226610, 1226614, 1226616, 1226617, 1226618, 1226619, 1226621, 1226622, 1226624, 1226626, 1226628, 1226629, 1226632, 1226633, 1226634, 1226637, 1226643, 1226644, 1226645, 1226647, 1226650, 1226653, 1226657, 1226658, 1226669, 1226670, 1226672, 1226673, 1226674, 1226675, 1226678, 1226679, 1226683, 1226685, 1226686, 1226690, 1226691, 1226692, 1226693, 1226696, 1226697, 1226698, 1226699, 1226701, 1226702, 1226703, 1226704, 1226705, 1226706, 1226708, 1226709, 1226710, 1226711, 1226712, 1226713, 1226715, 1226716, 1226718, 1226719, 1226720, 1226721, 1226730, 1226732, 1226734, 1226735, 1226737, 1226738, 1226739, 1226740, 1226744, 1226746, 1226747, 1226749, 1226754, 1226762, 1226764, 1226767, 1226768, 1226769, 1226771, 1226774, 1226777, 1226780, 1226781, 1226785, 1226786, 1226789, 1226791, 1226839, 1226840, 1226841, 1226842, 1226848, 1226852, 1226857, 1226861, 1226863, 1226864, 1226867, 1226868, 1226876, 1226878, 1226883, 1226886, 1226890, 1226891, 1226895, 1226908, 1226915, 1226928, 1226948, 1226949, 1226950, 1226953, 1226962, 1226976, 1226992, 1226994, 1226996, 1227066, 1227096, 1227101, 1227103, 1227274
CVE References: CVE-2021-4439, CVE-2021-47089, CVE-2021-47432, CVE-2021-47515, CVE-2021-47534, CVE-2021-47538, CVE-2021-47539, CVE-2021-47555, CVE-2021-47566, CVE-2021-47571, CVE-2021-47572, CVE-2021-47576, CVE-2021-47577, CVE-2021-47578, CVE-2021-47580, CVE-2021-47582, CVE-2021-47583, CVE-2021-47584, CVE-2021-47585, CVE-2021-47586, CVE-2021-47587, CVE-2021-47589, CVE-2021-47592, CVE-2021-47595, CVE-2021-47596, CVE-2021-47597, CVE-2021-47600, CVE-2021-47601, CVE-2021-47602, CVE-2021-47603, CVE-2021-47604, CVE-2021-47605, CVE-2021-47607, CVE-2021-47608, CVE-2021-47609, CVE-2021-47610, CVE-2021-47611, CVE-2021-47612, CVE-2021-47614, CVE-2021-47615, CVE-2021-47616, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2022-48711, CVE-2022-48712, CVE-2022-48713, CVE-2022-48714, CVE-2022-48715, CVE-2022-48716, CVE-2022-48717, CVE-2022-48718, CVE-2022-48720, CVE-2022-48721, CVE-2022-48722, CVE-2022-48723, CVE-2022-48724, CVE-2022-48725, CVE-2022-48726, CVE-2022-48727, CVE-2022-48728, CVE-2022-48729, CVE-2022-48730, CVE-2022-48732, CVE-2022-48733, CVE-2022-48734, CVE-2022-48735, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48739, CVE-2022-48740, CVE-2022-48743, CVE-2022-48744, CVE-2022-48745, CVE-2022-48746, CVE-2022-48747, CVE-2022-48748, CVE-2022-48749, CVE-2022-48751, CVE-2022-48752, CVE-2022-48753, CVE-2022-48754, CVE-2022-48755, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48763, CVE-2022-48765, CVE-2022-48766, CVE-2022-48767, CVE-2022-48768, CVE-2022-48769, CVE-2022-48770, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-52622, CVE-2023-52658, CVE-2023-52667, CVE-2023-52670, CVE-2023-52672, CVE-2023-52675, CVE-2023-52735, CVE-2023-52737, CVE-2023-52752, CVE-2023-52766, CVE-2023-52784, CVE-2023-52787, CVE-2023-52800, CVE-2023-52835, CVE-2023-52837, CVE-2023-52843, CVE-2023-52845, CVE-2023-52846, CVE-2023-52869, CVE-2023-52881, CVE-2023-52882, CVE-2023-52884, CVE-2024-26625, CVE-2024-26644, CVE-2024-26720, CVE-2024-26842, CVE-2024-26845, CVE-2024-26923, CVE-2024-26973, CVE-2024-27432, CVE-2024-33619, CVE-2024-35247, CVE-2024-35789, CVE-2024-35790, CVE-2024-35807, CVE-2024-35814, CVE-2024-35835, CVE-2024-35848, CVE-2024-35857, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35869, CVE-2024-35878, CVE-2024-35884, CVE-2024-35886, CVE-2024-35896, CVE-2024-35898, CVE-2024-35900, CVE-2024-35905, CVE-2024-35925, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35997, CVE-2024-36005, CVE-2024-36008, CVE-2024-36017, CVE-2024-36020, CVE-2024-36021, CVE-2024-36025, CVE-2024-36477, CVE-2024-36478, CVE-2024-36479, CVE-2024-36890, CVE-2024-36894, CVE-2024-36899, CVE-2024-36900, CVE-2024-36904, CVE-2024-36915, CVE-2024-36916, CVE-2024-36917, CVE-2024-36919, CVE-2024-36934, CVE-2024-36937, CVE-2024-36940, CVE-2024-36945, CVE-2024-36949, CVE-2024-36960, CVE-2024-36964, CVE-2024-36965, CVE-2024-36967, CVE-2024-36969, CVE-2024-36971, CVE-2024-36975, CVE-2024-36978, CVE-2024-37021, CVE-2024-37078, CVE-2024-37354, CVE-2024-38381, CVE-2024-38388, CVE-2024-38390, CVE-2024-38540, CVE-2024-38541, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548, CVE-2024-38549, CVE-2024-38550, CVE-2024-38552, CVE-2024-38553, CVE-2024-38555, CVE-2024-38556, CVE-2024-38557, CVE-2024-38559, CVE-2024-38560, CVE-2024-38564, CVE-2024-38565, CVE-2024-38567, CVE-2024-38568, CVE-2024-38571, CVE-2024-38573, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38581, CVE-2024-38582, CVE-2024-38583, CVE-2024-38587, CVE-2024-38590, CVE-2024-38591, CVE-2024-38594, CVE-2024-38597, CVE-2024-38599, CVE-2024-38600, CVE-2024-38601, CVE-2024-38603, CVE-2024-38605, CVE-2024-38608, CVE-2024-38616, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38630, CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39468, CVE-2024-39469, CVE-2024-39471
Jira References: PED-8491, PED-8570, PED-8690
Maintenance Incident: [SUSE:Maintenance:34676](https://smelt.suse.de/incident/34676/)
Sources used:
Public Cloud Module 15-SP5 (src):
 kernel-source-azure-5.14.21-150500.33.60.1, kernel-syms-azure-5.14.21-150500.33.60.1
openSUSE Leap 15.5 (src):
 kernel-source-azure-5.14.21-150500.33.60.1, kernel-syms-azure-5.14.21-150500.33.60.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Maintenance Automation 2024-07-09 16:32:44 UTC

SUSE-SU-2024:2360-1: An update that solves 148 vulnerabilities and has 15 security fixes can now be installed.

Category: security (important)
Bug References: 1119113, 1171988, 1191958, 1195065, 1195254, 1195775, 1204514, 1216062, 1217912, 1218148, 1219224, 1221010, 1221647, 1221654, 1221791, 1221958, 1222015, 1222080, 1222364, 1222385, 1222435, 1222809, 1222866, 1222879, 1222893, 1223013, 1223018, 1223021, 1223043, 1223384, 1223532, 1223641, 1224177, 1224432, 1224504, 1224549, 1224552, 1224572, 1224575, 1224583, 1224588, 1224605, 1224651, 1224660, 1224661, 1224662, 1224664, 1224668, 1224670, 1224672, 1224674, 1224677, 1224678, 1224703, 1224735, 1224739, 1224763, 1224764, 1224765, 1224946, 1224951, 1224967, 1224976, 1224977, 1224978, 1224993, 1224997, 1225047, 1225140, 1225184, 1225203, 1225232, 1225261, 1225306, 1225337, 1225372, 1225463, 1225484, 1225487, 1225490, 1225514, 1225518, 1225548, 1225555, 1225556, 1225559, 1225571, 1225573, 1225577, 1225583, 1225585, 1225599, 1225602, 1225611, 1225642, 1225681, 1225704, 1225722, 1225749, 1225758, 1225760, 1225761, 1225767, 1225770, 1225815, 1225840, 1225848, 1225866, 1225872, 1225894, 1225895, 1225898, 1226211, 1226212, 1226537, 1226554, 1226557, 1226562, 1226567, 1226575, 1226577, 1226593, 1226595, 1226597, 1226610, 1226614, 1226619, 1226621, 1226634, 1226637, 1226670, 1226672, 1226692, 1226698, 1226699, 1226701, 1226705, 1226708, 1226711, 1226712, 1226716, 1226718, 1226732, 1226735, 1226744, 1226746, 1226747, 1226749, 1226754, 1226767, 1226769, 1226857, 1226876, 1226883, 1226886, 1226895, 1226948, 1226949, 1226950, 1226962, 1226976, 1226996, 1227101
CVE References: CVE-2020-10135, CVE-2021-43389, CVE-2021-4439, CVE-2021-47103, CVE-2021-47191, CVE-2021-47193, CVE-2021-47267, CVE-2021-47270, CVE-2021-47293, CVE-2021-47294, CVE-2021-47297, CVE-2021-47309, CVE-2021-47328, CVE-2021-47354, CVE-2021-47372, CVE-2021-47379, CVE-2021-47407, CVE-2021-47418, CVE-2021-47434, CVE-2021-47445, CVE-2021-47518, CVE-2021-47544, CVE-2021-47566, CVE-2021-47571, CVE-2021-47576, CVE-2021-47587, CVE-2021-47589, CVE-2021-47600, CVE-2021-47602, CVE-2021-47603, CVE-2021-47609, CVE-2021-47617, CVE-2022-0435, CVE-2022-22942, CVE-2022-48711, CVE-2022-48715, CVE-2022-48722, CVE-2022-48732, CVE-2022-48733, CVE-2022-48740, CVE-2022-48743, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-52622, CVE-2023-52675, CVE-2023-52737, CVE-2023-52752, CVE-2023-52754, CVE-2023-52757, CVE-2023-52762, CVE-2023-52764, CVE-2023-52784, CVE-2023-52808, CVE-2023-52809, CVE-2023-5281, CVE-2023-52832, CVE-2023-52834, CVE-2023-52835, CVE-2023-52843, CVE-2023-52845, CVE-2023-52855, CVE-2023-52881, CVE-2024-26633, CVE-2024-26641, CVE-2024-26679, CVE-2024-26687, CVE-2024-26720, CVE-2024-26813, CVE-2024-26845, CVE-2024-26863, CVE-2024-26894, CVE-2024-26923, CVE-2024-26928, CVE-2024-26973, CVE-2024-27399, CVE-2024-27410, CVE-2024-35247, CVE-2024-35807, CVE-2024-35822, CVE-2024-35835, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35867, CVE-2024-35868, CVE-2024-35870, CVE-2024-35886, CVE-2024-35896, CVE-2024-35922, CVE-2024-35925, CVE-2024-35930, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35976, CVE-2024-35979, CVE-2024-35997, CVE-2024-35998, CVE-2024-36016, CVE-2024-36017, CVE-2024-36025, CVE-2024-36479, CVE-2024-36592, CVE-2024-36880, CVE-2024-36894, CVE-2024-36915, CVE-2024-36917, CVE-2024-36919, CVE-2024-36923, CVE-2024-36934, CVE-2024-36938, CVE-2024-36940, CVE-2024-36949, CVE-2024-36950, CVE-2024-36960, CVE-2024-36964, CVE-2024-37021, CVE-2024-37354, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38549, CVE-2024-38552, CVE-2024-38553, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38597, CVE-2024-38601, CVE-2024-38608, CVE-2024-38618, CVE-2024-38621, CVE-2024-38627, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780
Maintenance Incident: [SUSE:Maintenance:34677](https://smelt.suse.de/incident/34677/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.191.1, kernel-source-azure-4.12.14-16.191.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.191.1, kernel-source-azure-4.12.14-16.191.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.191.1, kernel-source-azure-4.12.14-16.191.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Maintenance Automation 2024-07-10 08:30:14 UTC

SUSE-SU-2024:2381-1: An update that solves 143 vulnerabilities and has 18 security fixes can now be installed.

Category: security (important)
Bug References: 1119113, 1191958, 1195065, 1195254, 1195775, 1204514, 1216062, 1217912, 1218148, 1219224, 1221010, 1221647, 1221654, 1221791, 1221958, 1222015, 1222080, 1222364, 1222385, 1222435, 1222809, 1222866, 1222879, 1222893, 1223013, 1223018, 1223021, 1223043, 1223532, 1223641, 1224177, 1224432, 1224504, 1224549, 1224552, 1224572, 1224575, 1224583, 1224588, 1224605, 1224651, 1224660, 1224661, 1224662, 1224664, 1224668, 1224670, 1224672, 1224674, 1224677, 1224678, 1224703, 1224735, 1224739, 1224763, 1224764, 1224765, 1224946, 1224951, 1224967, 1224976, 1224977, 1224978, 1224993, 1224997, 1225047, 1225140, 1225184, 1225203, 1225232, 1225261, 1225306, 1225337, 1225372, 1225463, 1225484, 1225487, 1225490, 1225514, 1225518, 1225548, 1225555, 1225556, 1225559, 1225571, 1225573, 1225577, 1225583, 1225585, 1225599, 1225602, 1225611, 1225642, 1225681, 1225704, 1225722, 1225749, 1225758, 1225760, 1225761, 1225767, 1225770, 1225815, 1225840, 1225848, 1225866, 1225872, 1225894, 1225895, 1225898, 1226211, 1226212, 1226537, 1226554, 1226557, 1226562, 1226567, 1226575, 1226577, 1226593, 1226595, 1226597, 1226610, 1226614, 1226619, 1226621, 1226634, 1226637, 1226670, 1226672, 1226692, 1226698, 1226699, 1226701, 1226705, 1226708, 1226711, 1226712, 1226716, 1226718, 1226732, 1226735, 1226744, 1226746, 1226747, 1226749, 1226754, 1226767, 1226769, 1226857, 1226876, 1226883, 1226886, 1226895, 1226948, 1226949, 1226950, 1226962, 1226976, 1226996, 1227101
CVE References: CVE-2021-4439, CVE-2021-47103, CVE-2021-47191, CVE-2021-47193, CVE-2021-47267, CVE-2021-47270, CVE-2021-47293, CVE-2021-47294, CVE-2021-47297, CVE-2021-47309, CVE-2021-47328, CVE-2021-47354, CVE-2021-47372, CVE-2021-47379, CVE-2021-47407, CVE-2021-47418, CVE-2021-47434, CVE-2021-47445, CVE-2021-47518, CVE-2021-47544, CVE-2021-47566, CVE-2021-47571, CVE-2021-47576, CVE-2021-47587, CVE-2021-47589, CVE-2021-47600, CVE-2021-47602, CVE-2021-47603, CVE-2021-47609, CVE-2021-47617, CVE-2022-48711, CVE-2022-48715, CVE-2022-48722, CVE-2022-48732, CVE-2022-48733, CVE-2022-48740, CVE-2022-48743, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-52622, CVE-2023-52675, CVE-2023-52737, CVE-2023-52752, CVE-2023-52754, CVE-2023-52757, CVE-2023-52762, CVE-2023-52764, CVE-2023-52784, CVE-2023-52808, CVE-2023-52809, CVE-2023-5281, CVE-2023-52832, CVE-2023-52834, CVE-2023-52835, CVE-2023-52843, CVE-2023-52845, CVE-2023-52855, CVE-2023-52881, CVE-2024-26633, CVE-2024-26641, CVE-2024-26679, CVE-2024-26687, CVE-2024-26720, CVE-2024-26813, CVE-2024-26845, CVE-2024-26863, CVE-2024-26894, CVE-2024-26928, CVE-2024-26973, CVE-2024-27399, CVE-2024-27410, CVE-2024-35247, CVE-2024-35807, CVE-2024-35822, CVE-2024-35835, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35867, CVE-2024-35868, CVE-2024-35870, CVE-2024-35886, CVE-2024-35896, CVE-2024-35922, CVE-2024-35925, CVE-2024-35930, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35976, CVE-2024-35979, CVE-2024-35997, CVE-2024-35998, CVE-2024-36016, CVE-2024-36017, CVE-2024-36025, CVE-2024-36479, CVE-2024-36592, CVE-2024-36880, CVE-2024-36894, CVE-2024-36915, CVE-2024-36917, CVE-2024-36919, CVE-2024-36923, CVE-2024-36934, CVE-2024-36938, CVE-2024-36940, CVE-2024-36949, CVE-2024-36950, CVE-2024-36960, CVE-2024-36964, CVE-2024-37021, CVE-2024-37354, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38549, CVE-2024-38552, CVE-2024-38553, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38597, CVE-2024-38601, CVE-2024-38608, CVE-2024-38618, CVE-2024-38621, CVE-2024-38627, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780
Maintenance Incident: [SUSE:Maintenance:34690](https://smelt.suse.de/incident/34690/)
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src):
 kernel-source-rt-4.12.14-10.191.1, kernel-syms-rt-4.12.14-10.191.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Maintenance Automation 2024-07-10 20:30:20 UTC

SUSE-SU-2024:2394-1: An update that solves 249 vulnerabilities, contains three features and has 44 security fixes can now be installed.

Category: security (important)
Bug References: 1156395, 1190336, 1191958, 1193883, 1194826, 1195065, 1195254, 1195341, 1195349, 1195775, 1196746, 1197915, 1198014, 1199295, 1202767, 1202780, 1205205, 1207361, 1217912, 1218148, 1218570, 1218820, 1219224, 1219633, 1219847, 1220368, 1220812, 1220958, 1221086, 1221282, 1221958, 1222015, 1222072, 1222080, 1222241, 1222254, 1222364, 1222893, 1223013, 1223018, 1223265, 1223384, 1223641, 1224020, 1224331, 1224488, 1224497, 1224498, 1224504, 1224520, 1224539, 1224540, 1224552, 1224583, 1224588, 1224602, 1224603, 1224605, 1224612, 1224614, 1224619, 1224661, 1224662, 1224670, 1224671, 1224674, 1224677, 1224679, 1224696, 1224703, 1224712, 1224716, 1224719, 1224735, 1224749, 1224764, 1224765, 1224766, 1224935, 1224946, 1224951, 1225050, 1225098, 1225105, 1225300, 1225389, 1225391, 1225419, 1225426, 1225448, 1225452, 1225467, 1225475, 1225484, 1225487, 1225514, 1225518, 1225535, 1225585, 1225602, 1225611, 1225681, 1225692, 1225698, 1225699, 1225704, 1225714, 1225726, 1225732, 1225737, 1225749, 1225758, 1225759, 1225760, 1225767, 1225770, 1225823, 1225834, 1225840, 1225866, 1225872, 1225894, 1226022, 1226131, 1226145, 1226149, 1226155, 1226211, 1226212, 1226226, 1226514, 1226520, 1226537, 1226538, 1226539, 1226550, 1226552, 1226553, 1226554, 1226556, 1226557, 1226558, 1226559, 1226561, 1226562, 1226563, 1226564, 1226566, 1226567, 1226569, 1226572, 1226575, 1226576, 1226577, 1226579, 1226580, 1226581, 1226582, 1226583, 1226585, 1226587, 1226588, 1226593, 1226595, 1226597, 1226601, 1226602, 1226603, 1226607, 1226610, 1226614, 1226616, 1226617, 1226618, 1226619, 1226621, 1226622, 1226624, 1226626, 1226628, 1226629, 1226632, 1226633, 1226634, 1226637, 1226643, 1226644, 1226645, 1226647, 1226650, 1226653, 1226657, 1226658, 1226669, 1226670, 1226672, 1226673, 1226674, 1226675, 1226678, 1226679, 1226683, 1226685, 1226686, 1226690, 1226691, 1226692, 1226693, 1226696, 1226697, 1226698, 1226699, 1226701, 1226702, 1226703, 1226704, 1226705, 1226706, 1226708, 1226709, 1226710, 1226711, 1226712, 1226713, 1226715, 1226716, 1226718, 1226719, 1226720, 1226721, 1226730, 1226732, 1226734, 1226735, 1226737, 1226738, 1226739, 1226740, 1226744, 1226746, 1226747, 1226749, 1226754, 1226762, 1226764, 1226767, 1226768, 1226769, 1226771, 1226774, 1226777, 1226780, 1226781, 1226785, 1226786, 1226789, 1226791, 1226839, 1226840, 1226841, 1226842, 1226848, 1226852, 1226857, 1226861, 1226863, 1226864, 1226867, 1226868, 1226876, 1226878, 1226883, 1226886, 1226890, 1226891, 1226895, 1226908, 1226915, 1226928, 1226948, 1226949, 1226950, 1226953, 1226962, 1226976, 1226992, 1226994, 1226996, 1227066, 1227096, 1227101, 1227103, 1227274
CVE References: CVE-2021-4439, CVE-2021-47089, CVE-2021-47432, CVE-2021-47515, CVE-2021-47534, CVE-2021-47538, CVE-2021-47539, CVE-2021-47555, CVE-2021-47566, CVE-2021-47571, CVE-2021-47572, CVE-2021-47576, CVE-2021-47577, CVE-2021-47578, CVE-2021-47580, CVE-2021-47582, CVE-2021-47583, CVE-2021-47584, CVE-2021-47585, CVE-2021-47586, CVE-2021-47587, CVE-2021-47589, CVE-2021-47592, CVE-2021-47595, CVE-2021-47596, CVE-2021-47597, CVE-2021-47600, CVE-2021-47601, CVE-2021-47602, CVE-2021-47603, CVE-2021-47604, CVE-2021-47605, CVE-2021-47607, CVE-2021-47608, CVE-2021-47609, CVE-2021-47610, CVE-2021-47611, CVE-2021-47612, CVE-2021-47614, CVE-2021-47615, CVE-2021-47616, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2022-48711, CVE-2022-48712, CVE-2022-48713, CVE-2022-48714, CVE-2022-48715, CVE-2022-48716, CVE-2022-48717, CVE-2022-48718, CVE-2022-48720, CVE-2022-48721, CVE-2022-48722, CVE-2022-48723, CVE-2022-48724, CVE-2022-48725, CVE-2022-48726, CVE-2022-48727, CVE-2022-48728, CVE-2022-48729, CVE-2022-48730, CVE-2022-48732, CVE-2022-48733, CVE-2022-48734, CVE-2022-48735, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48739, CVE-2022-48740, CVE-2022-48743, CVE-2022-48744, CVE-2022-48745, CVE-2022-48746, CVE-2022-48747, CVE-2022-48748, CVE-2022-48749, CVE-2022-48751, CVE-2022-48752, CVE-2022-48753, CVE-2022-48754, CVE-2022-48755, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48763, CVE-2022-48765, CVE-2022-48766, CVE-2022-48767, CVE-2022-48768, CVE-2022-48769, CVE-2022-48770, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-52622, CVE-2023-52658, CVE-2023-52667, CVE-2023-52670, CVE-2023-52672, CVE-2023-52675, CVE-2023-52735, CVE-2023-52737, CVE-2023-52752, CVE-2023-52766, CVE-2023-52784, CVE-2023-52787, CVE-2023-52800, CVE-2023-52835, CVE-2023-52837, CVE-2023-52843, CVE-2023-52845, CVE-2023-52846, CVE-2023-52869, CVE-2023-52881, CVE-2023-52882, CVE-2023-52884, CVE-2024-26625, CVE-2024-26644, CVE-2024-26720, CVE-2024-26842, CVE-2024-26845, CVE-2024-26923, CVE-2024-26973, CVE-2024-27432, CVE-2024-33619, CVE-2024-35247, CVE-2024-35789, CVE-2024-35790, CVE-2024-35807, CVE-2024-35814, CVE-2024-35835, CVE-2024-35848, CVE-2024-35857, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35869, CVE-2024-35878, CVE-2024-35884, CVE-2024-35886, CVE-2024-35896, CVE-2024-35898, CVE-2024-35900, CVE-2024-35905, CVE-2024-35925, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35997, CVE-2024-36005, CVE-2024-36008, CVE-2024-36017, CVE-2024-36020, CVE-2024-36021, CVE-2024-36025, CVE-2024-36477, CVE-2024-36478, CVE-2024-36479, CVE-2024-36890, CVE-2024-36894, CVE-2024-36899, CVE-2024-36900, CVE-2024-36904, CVE-2024-36915, CVE-2024-36916, CVE-2024-36917, CVE-2024-36919, CVE-2024-36934, CVE-2024-36937, CVE-2024-36940, CVE-2024-36945, CVE-2024-36949, CVE-2024-36960, CVE-2024-36964, CVE-2024-36965, CVE-2024-36967, CVE-2024-36969, CVE-2024-36971, CVE-2024-36975, CVE-2024-36978, CVE-2024-37021, CVE-2024-37078, CVE-2024-37354, CVE-2024-38381, CVE-2024-38388, CVE-2024-38390, CVE-2024-38540, CVE-2024-38541, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548, CVE-2024-38549, CVE-2024-38550, CVE-2024-38552, CVE-2024-38553, CVE-2024-38555, CVE-2024-38556, CVE-2024-38557, CVE-2024-38559, CVE-2024-38560, CVE-2024-38564, CVE-2024-38565, CVE-2024-38567, CVE-2024-38568, CVE-2024-38571, CVE-2024-38573, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38581, CVE-2024-38582, CVE-2024-38583, CVE-2024-38587, CVE-2024-38590, CVE-2024-38591, CVE-2024-38594, CVE-2024-38597, CVE-2024-38599, CVE-2024-38600, CVE-2024-38601, CVE-2024-38603, CVE-2024-38605, CVE-2024-38608, CVE-2024-38616, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38630, CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39468, CVE-2024-39469, CVE-2024-39471
Jira References: PED-8491, PED-8570, PED-8690
Maintenance Incident: [SUSE:Maintenance:34699](https://smelt.suse.de/incident/34699/)
Sources used:
openSUSE Leap 15.5 (src):
 kernel-livepatch-SLE15-SP5-RT_Update_17-1-150500.11.3.1, kernel-syms-rt-5.14.21-150500.13.61.1, kernel-source-rt-5.14.21-150500.13.61.1
SUSE Linux Enterprise Micro 5.5 (src):
 kernel-source-rt-5.14.21-150500.13.61.1
SUSE Linux Enterprise Live Patching 15-SP5 (src):
 kernel-livepatch-SLE15-SP5-RT_Update_17-1-150500.11.3.1
SUSE Real Time Module 15-SP5 (src):
 kernel-syms-rt-5.14.21-150500.13.61.1, kernel-source-rt-5.14.21-150500.13.61.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Davide Benini 2024-07-15 13:41:50 UTC

Fixed in:
SLE12-SP3-TD  d47c11602d9 llc: verify mac len before reading mac header (CVE-2023-52843 bsc#1224951).
SLE15-SP5     ad237fd491f llc: verify mac len before reading mac header (CVE-2023-52843 bsc#1224951).
SLE15-SP6     ea955e6a404 llc: verify mac len before reading mac header (CVE-2023-52843 bsc#1224951).
SLE12-SP5     048fdd18a6d llc: verify mac len before reading mac header (CVE-2023-52843 bsc#1224951).

Assigning back to the security team

Comment 27 Maintenance Automation 2024-07-18 16:31:06 UTC

SUSE-SU-2024:2561-1: An update that solves 176 vulnerabilities and has 17 security fixes can now be installed.

Category: security (important)
Bug References: 1119113, 1171988, 1191958, 1195065, 1195254, 1195775, 1204514, 1215420, 1216062, 1217912, 1218148, 1219224, 1220833, 1221010, 1221647, 1221654, 1221656, 1221659, 1221791, 1221958, 1222005, 1222015, 1222080, 1222364, 1222385, 1222435, 1222792, 1222809, 1222866, 1222879, 1222893, 1223013, 1223018, 1223021, 1223043, 1223188, 1223384, 1223532, 1223641, 1224177, 1224432, 1224504, 1224549, 1224552, 1224572, 1224575, 1224583, 1224588, 1224605, 1224622, 1224627, 1224647, 1224651, 1224660, 1224661, 1224662, 1224664, 1224668, 1224670, 1224672, 1224674, 1224677, 1224678, 1224683, 1224686, 1224703, 1224735, 1224739, 1224743, 1224763, 1224764, 1224765, 1224946, 1224951, 1224965, 1224967, 1224976, 1224977, 1224978, 1224993, 1224997, 1225047, 1225140, 1225184, 1225203, 1225229, 1225232, 1225261, 1225306, 1225337, 1225357, 1225372, 1225431, 1225463, 1225478, 1225484, 1225487, 1225490, 1225505, 1225514, 1225518, 1225530, 1225532, 1225548, 1225555, 1225556, 1225559, 1225569, 1225571, 1225573, 1225577, 1225583, 1225585, 1225593, 1225599, 1225602, 1225611, 1225642, 1225681, 1225704, 1225722, 1225749, 1225758, 1225760, 1225761, 1225767, 1225770, 1225815, 1225835, 1225840, 1225848, 1225866, 1225872, 1225894, 1225895, 1225898, 1226211, 1226212, 1226537, 1226554, 1226557, 1226562, 1226567, 1226575, 1226577, 1226593, 1226595, 1226597, 1226610, 1226614, 1226619, 1226621, 1226634, 1226637, 1226670, 1226672, 1226692, 1226698, 1226699, 1226701, 1226705, 1226708, 1226711, 1226712, 1226716, 1226718, 1226732, 1226735, 1226744, 1226746, 1226747, 1226749, 1226754, 1226757, 1226767, 1226769, 1226857, 1226861, 1226876, 1226883, 1226886, 1226895, 1226948, 1226949, 1226950, 1226962, 1226976, 1226994, 1226996, 1227101, 1227407, 1227435, 1227487
CVE References: CVE-2020-10135, CVE-2021-43389, CVE-2021-4439, CVE-2021-47103, CVE-2021-47145, CVE-2021-47191, CVE-2021-47193, CVE-2021-47201, CVE-2021-47267, CVE-2021-47270, CVE-2021-47275, CVE-2021-47293, CVE-2021-47294, CVE-2021-47297, CVE-2021-47309, CVE-2021-47328, CVE-2021-47354, CVE-2021-47372, CVE-2021-47379, CVE-2021-47407, CVE-2021-47418, CVE-2021-47434, CVE-2021-47438, CVE-2021-47445, CVE-2021-47498, CVE-2021-47518, CVE-2021-47520, CVE-2021-47544, CVE-2021-47547, CVE-2021-47566, CVE-2021-47571, CVE-2021-47576, CVE-2021-47587, CVE-2021-47589, CVE-2021-47600, CVE-2021-47602, CVE-2021-47603, CVE-2021-47609, CVE-2021-47617, CVE-2022-0435, CVE-2022-22942, CVE-2022-48711, CVE-2022-48715, CVE-2022-48722, CVE-2022-48732, CVE-2022-48733, CVE-2022-48740, CVE-2022-48743, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-4244, CVE-2023-52507, CVE-2023-52622, CVE-2023-52675, CVE-2023-52683, CVE-2023-52693, CVE-2023-52737, CVE-2023-52752, CVE-2023-52753, CVE-2023-52754, CVE-2023-52757, CVE-2023-52762, CVE-2023-52764, CVE-2023-52784, CVE-2023-52808, CVE-2023-52809, CVE-2023-5281, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2023-52832, CVE-2023-52834, CVE-2023-52835, CVE-2023-52843, CVE-2023-52845, CVE-2023-52855, CVE-2023-52881, CVE-2024-26633, CVE-2024-26635, CVE-2024-26636, CVE-2024-26641, CVE-2024-26679, CVE-2024-26687, CVE-2024-26720, CVE-2024-26813, CVE-2024-26845, CVE-2024-26863, CVE-2024-26880, CVE-2024-26894, CVE-2024-26923, CVE-2024-26928, CVE-2024-26973, CVE-2024-27399, CVE-2024-27410, CVE-2024-35247, CVE-2024-35805, CVE-2024-35807, CVE-2024-35819, CVE-2024-35822, CVE-2024-35828, CVE-2024-35835, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35867, CVE-2024-35868, CVE-2024-35870, CVE-2024-35886, CVE-2024-35896, CVE-2024-35922, CVE-2024-35925, CVE-2024-35930, CVE-2024-35947, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35976, CVE-2024-35979, CVE-2024-35997, CVE-2024-35998, CVE-2024-36014, CVE-2024-36016, CVE-2024-36017, CVE-2024-36025, CVE-2024-36479, CVE-2024-36880, CVE-2024-36894, CVE-2024-36915, CVE-2024-36917, CVE-2024-36919, CVE-2024-36923, CVE-2024-36934, CVE-2024-36938, CVE-2024-36940, CVE-2024-36941, CVE-2024-36949, CVE-2024-36950, CVE-2024-36952, CVE-2024-36960, CVE-2024-36964, CVE-2024-37021, CVE-2024-37354, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38549, CVE-2024-38552, CVE-2024-38553, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38597, CVE-2024-38598, CVE-2024-38601, CVE-2024-38608, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39475
Maintenance Incident: [SUSE:Maintenance:34719](https://smelt.suse.de/incident/34719/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_58-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.222.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Maintenance Automation 2024-07-18 16:35:40 UTC

SUSE-SU-2024:2561-1: An update that solves 176 vulnerabilities and has 17 security fixes can now be installed.

Category: security (important)
Bug References: 1119113, 1171988, 1191958, 1195065, 1195254, 1195775, 1204514, 1215420, 1216062, 1217912, 1218148, 1219224, 1220833, 1221010, 1221647, 1221654, 1221656, 1221659, 1221791, 1221958, 1222005, 1222015, 1222080, 1222364, 1222385, 1222435, 1222792, 1222809, 1222866, 1222879, 1222893, 1223013, 1223018, 1223021, 1223043, 1223188, 1223384, 1223532, 1223641, 1224177, 1224432, 1224504, 1224549, 1224552, 1224572, 1224575, 1224583, 1224588, 1224605, 1224622, 1224627, 1224647, 1224651, 1224660, 1224661, 1224662, 1224664, 1224668, 1224670, 1224672, 1224674, 1224677, 1224678, 1224683, 1224686, 1224703, 1224735, 1224739, 1224743, 1224763, 1224764, 1224765, 1224946, 1224951, 1224965, 1224967, 1224976, 1224977, 1224978, 1224993, 1224997, 1225047, 1225140, 1225184, 1225203, 1225229, 1225232, 1225261, 1225306, 1225337, 1225357, 1225372, 1225431, 1225463, 1225478, 1225484, 1225487, 1225490, 1225505, 1225514, 1225518, 1225530, 1225532, 1225548, 1225555, 1225556, 1225559, 1225569, 1225571, 1225573, 1225577, 1225583, 1225585, 1225593, 1225599, 1225602, 1225611, 1225642, 1225681, 1225704, 1225722, 1225749, 1225758, 1225760, 1225761, 1225767, 1225770, 1225815, 1225835, 1225840, 1225848, 1225866, 1225872, 1225894, 1225895, 1225898, 1226211, 1226212, 1226537, 1226554, 1226557, 1226562, 1226567, 1226575, 1226577, 1226593, 1226595, 1226597, 1226610, 1226614, 1226619, 1226621, 1226634, 1226637, 1226670, 1226672, 1226692, 1226698, 1226699, 1226701, 1226705, 1226708, 1226711, 1226712, 1226716, 1226718, 1226732, 1226735, 1226744, 1226746, 1226747, 1226749, 1226754, 1226757, 1226767, 1226769, 1226857, 1226861, 1226876, 1226883, 1226886, 1226895, 1226948, 1226949, 1226950, 1226962, 1226976, 1226994, 1226996, 1227101, 1227407, 1227435, 1227487
CVE References: CVE-2020-10135, CVE-2021-43389, CVE-2021-4439, CVE-2021-47103, CVE-2021-47145, CVE-2021-47191, CVE-2021-47193, CVE-2021-47201, CVE-2021-47267, CVE-2021-47270, CVE-2021-47275, CVE-2021-47293, CVE-2021-47294, CVE-2021-47297, CVE-2021-47309, CVE-2021-47328, CVE-2021-47354, CVE-2021-47372, CVE-2021-47379, CVE-2021-47407, CVE-2021-47418, CVE-2021-47434, CVE-2021-47438, CVE-2021-47445, CVE-2021-47498, CVE-2021-47518, CVE-2021-47520, CVE-2021-47544, CVE-2021-47547, CVE-2021-47566, CVE-2021-47571, CVE-2021-47576, CVE-2021-47587, CVE-2021-47589, CVE-2021-47600, CVE-2021-47602, CVE-2021-47603, CVE-2021-47609, CVE-2021-47617, CVE-2022-0435, CVE-2022-22942, CVE-2022-48711, CVE-2022-48715, CVE-2022-48722, CVE-2022-48732, CVE-2022-48733, CVE-2022-48740, CVE-2022-48743, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-4244, CVE-2023-52507, CVE-2023-52622, CVE-2023-52675, CVE-2023-52683, CVE-2023-52693, CVE-2023-52737, CVE-2023-52752, CVE-2023-52753, CVE-2023-52754, CVE-2023-52757, CVE-2023-52762, CVE-2023-52764, CVE-2023-52784, CVE-2023-52808, CVE-2023-52809, CVE-2023-5281, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2023-52832, CVE-2023-52834, CVE-2023-52835, CVE-2023-52843, CVE-2023-52845, CVE-2023-52855, CVE-2023-52881, CVE-2024-26633, CVE-2024-26635, CVE-2024-26636, CVE-2024-26641, CVE-2024-26679, CVE-2024-26687, CVE-2024-26720, CVE-2024-26813, CVE-2024-26845, CVE-2024-26863, CVE-2024-26880, CVE-2024-26894, CVE-2024-26923, CVE-2024-26928, CVE-2024-26973, CVE-2024-27399, CVE-2024-27410, CVE-2024-35247, CVE-2024-35805, CVE-2024-35807, CVE-2024-35819, CVE-2024-35822, CVE-2024-35828, CVE-2024-35835, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35867, CVE-2024-35868, CVE-2024-35870, CVE-2024-35886, CVE-2024-35896, CVE-2024-35922, CVE-2024-35925, CVE-2024-35930, CVE-2024-35947, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35976, CVE-2024-35979, CVE-2024-35997, CVE-2024-35998, CVE-2024-36014, CVE-2024-36016, CVE-2024-36017, CVE-2024-36025, CVE-2024-36479, CVE-2024-36880, CVE-2024-36894, CVE-2024-36915, CVE-2024-36917, CVE-2024-36919, CVE-2024-36923, CVE-2024-36934, CVE-2024-36938, CVE-2024-36940, CVE-2024-36941, CVE-2024-36949, CVE-2024-36950, CVE-2024-36952, CVE-2024-36960, CVE-2024-36964, CVE-2024-37021, CVE-2024-37354, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38549, CVE-2024-38552, CVE-2024-38553, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38597, CVE-2024-38598, CVE-2024-38601, CVE-2024-38608, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39475
Maintenance Incident: [SUSE:Maintenance:34719](https://smelt.suse.de/incident/34719/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_58-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.222.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.