Bug 1224965 (CVE-2021-47275) - VUL-0: CVE-2021-47275: kernel: bcache: avoid oversized read request in cache missing code path
Summary: VUL-0: CVE-2021-47275: kernel: bcache: avoid oversized read request in cache ...
Status: RESOLVED FIXED
Alias: CVE-2021-47275
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/406906/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-47275:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-22 12:32 UTC by SMASH SMASH
Modified: 2024-07-18 16:35 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-05-22 12:32:47 UTC 
In the Linux kernel, the following vulnerability has been resolved:

bcache: avoid oversized read request in cache missing code path

In the cache missing code path of cached device, if a proper location
from the internal B+ tree is matched for a cache miss range, function
cached_dev_cache_miss() will be called in cache_lookup_fn() in the
following code block,
[code block 1]
  526         unsigned int sectors = KEY_INODE(k) == s->iop.inode
  527                 ? min_t(uint64_t, INT_MAX,
  528                         KEY_START(k) - bio->bi_iter.bi_sector)
  529                 : INT_MAX;
  530         int ret = s->d->cache_miss(b, s, bio, sectors);

Here s->d->cache_miss() is the call backfunction pointer initialized as
cached_dev_cache_miss(), the last parameter 'sectors' is an important
hint to calculate the size of read request to backing device of the
missing cache data.

Current calculation in above code block may generate oversized value of
'sectors', which consequently may trigger 2 different potential kernel
panics by BUG() or BUG_ON() as listed below,

1) BUG_ON() inside bch_btree_insert_key(),
[code block 2]
   886         BUG_ON(b->ops->is_extents && !KEY_SIZE(k));
2) BUG() inside biovec_slab(),
[code block 3]
   51         default:
   52                 BUG();
   53                 return NULL;

All the above panics are original from cached_dev_cache_miss() by the
oversized parameter 'sectors'.

Inside cached_dev_cache_miss(), parameter 'sectors' is used to calculate
the size of data read from backing device for the cache missing. This
size is stored in s->insert_bio_sectors by the following lines of code,
[code block 4]
  909    s->insert_bio_sectors = min(sectors, bio_sectors(bio) + reada);

Then the actual key inserting to the internal B+ tree is generated and
stored in s->iop.replace_key by the following lines of code,
[code block 5]
  911   s->iop.replace_key = KEY(s->iop.inode,
  912                    bio->bi_iter.bi_sector + s->insert_bio_sectors,
  913                    s->insert_bio_sectors);
The oversized parameter 'sectors' may trigger panic 1) by BUG_ON() from
the above code block.

And the bio sending to backing device for the missing data is allocated
with hint from s->insert_bio_sectors by the following lines of code,
[code block 6]
  926    cache_bio = bio_alloc_bioset(GFP_NOWAIT,
  927                 DIV_ROUND_UP(s->insert_bio_sectors, PAGE_SECTORS),
  928                 &dc->disk.bio_split);
The oversized parameter 'sectors' may trigger panic 2) by BUG() from the
agove code block.

Now let me explain how the panics happen with the oversized 'sectors'.
In code block 5, replace_key is generated by macro KEY(). From the
definition of macro KEY(),
[code block 7]
  71 #define KEY(inode, offset, size)                                  \
  72 ((struct bkey) {                                                  \
  73      .high = (1ULL << 63) | ((__u64) (size) << 20) | (inode),     \
  74      .low = (offset)                                              \
  75 })

Here 'size' is 16bits width embedded in 64bits member 'high' of struct
bkey. But in code block 1, if "KEY_START(k) - bio->bi_iter.bi_sector" is
very probably to be larger than (1<<16) - 1, which makes the bkey size
calculation in code block 5 is overflowed. In one bug report the value
of parameter 'sectors' is 131072 (= 1 << 17), the overflowed 'sectors'
results the overflowed s->insert_bio_sectors in code block 4, then makes
size field of s->iop.replace_key to be 0 in code block 5. Then the 0-
sized s->iop.replace_key is inserted into the internal B+ tree as cache
missing check key (a special key to detect and avoid a racing between
normal write request and cache missing read request) as,
[code block 8]
  915   ret = bch_btree_insert_check_key(b, &s->op, &s->iop.replace_key);

Then the 0-sized s->iop.replace_key as 3rd parameter triggers the bkey
size check BUG_ON() in code block 2, and causes the kernel panic 1).

Another ke
---truncated---

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47275
https://www.cve.org/CVERecord?id=CVE-2021-47275
https://git.kernel.org/stable/c/41fe8d088e96472f63164e213de44ec77be69478
https://git.kernel.org/stable/c/555002a840ab88468e252b0eedf0b05e2ce7099c
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47275.mbox
Comment 2 Michal Hocko 2024-05-24 16:30:55 UTC 
Is this even a security bug? Can anybody trigger the condition?
Comment 3 Coly Li 2024-05-24 17:05:08 UTC 
(In reply to Michal Hocko from comment #2)
> Is this even a security bug? Can anybody trigger the condition?

This was a serious bug reported by both Votech and our customer.
Indeed commit 1616a4c2ab1a ("bcache: remove bcache device self-defined readahead") should be added too.

Let me add the fixes into SLE12-SP5 and SLE12-SP3-TD.

Thanks.
Comment 9 Maintenance Automation 2024-06-12 20:31:48 UTC 
SUSE-SU-2024:2010-1: An update that solves 186 vulnerabilities and has 27 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1151927, 1152472, 1154353, 1156395, 1174585, 1176447, 1176774, 1176869, 1178134, 1181147, 1184631, 1185589, 1185902, 1186885, 1188616, 1188772, 1189883, 1190795, 1191452, 1192107, 1194288, 1194591, 1196956, 1197760, 1198029, 1199304, 1200619, 1203389, 1206646, 1209657, 1210335, 1210629, 1213476, 1215420, 1216702, 1217169, 1220137, 1220144, 1220754, 1220877, 1220960, 1221044, 1221113, 1221829, 1222251, 1222619, 1222838, 1222867, 1223084, 1223138, 1223384, 1223390, 1223512, 1223626, 1223715, 1223932, 1223934, 1224099, 1224174, 1224438, 1224482, 1224511, 1224592, 1224816, 1224826, 1224830, 1224831, 1224832, 1224834, 1224841, 1224842, 1224843, 1224844, 1224846, 1224849, 1224852, 1224853, 1224854, 1224859, 1224882, 1224886, 1224888, 1224889, 1224891, 1224892, 1224893, 1224899, 1224904, 1224907, 1224909, 1224916, 1224917, 1224922, 1224923, 1224924, 1224926, 1224928, 1224953, 1224954, 1224955, 1224957, 1224961, 1224963, 1224965, 1224966, 1224968, 1224981, 1224982, 1224983, 1224984, 1224987, 1224990, 1224993, 1224996, 1224997, 1225026, 1225030, 1225058, 1225060, 1225083, 1225084, 1225091, 1225112, 1225113, 1225128, 1225140, 1225143, 1225148, 1225155, 1225164, 1225177, 1225178, 1225181, 1225192, 1225193, 1225198, 1225201, 1225206, 1225207, 1225208, 1225214, 1225223, 1225224, 1225230, 1225232, 1225233, 1225237, 1225238, 1225243, 1225244, 1225247, 1225251, 1225252, 1225256, 1225261, 1225262, 1225263, 1225301, 1225303, 1225316, 1225318, 1225320, 1225321, 1225322, 1225326, 1225327, 1225328, 1225330, 1225333, 1225336, 1225341, 1225346, 1225351, 1225354, 1225355, 1225357, 1225358, 1225360, 1225361, 1225366, 1225367, 1225369, 1225370, 1225372, 1225374, 1225384, 1225386, 1225387, 1225390, 1225393, 1225400, 1225404, 1225405, 1225409, 1225411, 1225424, 1225427, 1225435, 1225437, 1225438, 1225439, 1225446, 1225447, 1225448, 1225450, 1225453, 1225455, 1225468, 1225499, 1225500, 1225508, 1225534
CVE References: CVE-2020-36788, CVE-2021-3743, CVE-2021-39698, CVE-2021-43056, CVE-2021-47104, CVE-2021-47192, CVE-2021-47200, CVE-2021-47220, CVE-2021-47227, CVE-2021-47228, CVE-2021-47229, CVE-2021-47230, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47239, CVE-2021-47240, CVE-2021-47241, CVE-2021-47246, CVE-2021-47252, CVE-2021-47253, CVE-2021-47254, CVE-2021-47255, CVE-2021-47258, CVE-2021-47259, CVE-2021-47260, CVE-2021-47261, CVE-2021-47263, CVE-2021-47265, CVE-2021-47267, CVE-2021-47269, CVE-2021-47270, CVE-2021-47274, CVE-2021-47275, CVE-2021-47276, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47289, CVE-2021-47296, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47314, CVE-2021-47315, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47329, CVE-2021-47330, CVE-2021-47332, CVE-2021-47333, CVE-2021-47334, CVE-2021-47337, CVE-2021-47338, CVE-2021-47340, CVE-2021-47341, CVE-2021-47343, CVE-2021-47344, CVE-2021-47347, CVE-2021-47348, CVE-2021-47350, CVE-2021-47353, CVE-2021-47354, CVE-2021-47356, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47381, CVE-2021-47382, CVE-2021-47383, CVE-2021-47387, CVE-2021-47388, CVE-2021-47391, CVE-2021-47392, CVE-2021-47393, CVE-2021-47395, CVE-2021-47396, CVE-2021-47399, CVE-2021-47402, CVE-2021-47404, CVE-2021-47405, CVE-2021-47409, CVE-2021-47413, CVE-2021-47416, CVE-2021-47422, CVE-2021-47423, CVE-2021-47424, CVE-2021-47425, CVE-2021-47426, CVE-2021-47428, CVE-2021-47431, CVE-2021-47434, CVE-2021-47435, CVE-2021-47436, CVE-2021-47441, CVE-2021-47442, CVE-2021-47443, CVE-2021-47444, CVE-2021-47445, CVE-2021-47451, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47464, CVE-2021-47465, CVE-2021-47468, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47482, CVE-2021-47483, CVE-2021-47485, CVE-2021-47493, CVE-2021-47494, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47498, CVE-2021-47499, CVE-2021-47500, CVE-2021-47501, CVE-2021-47502, CVE-2021-47503, CVE-2021-47505, CVE-2021-47506, CVE-2021-47507, CVE-2021-47509, CVE-2021-47511, CVE-2021-47512, CVE-2021-47516, CVE-2021-47518, CVE-2021-47521, CVE-2021-47522, CVE-2021-47523, CVE-2021-47527, CVE-2021-47535, CVE-2021-47536, CVE-2021-47538, CVE-2021-47540, CVE-2021-47541, CVE-2021-47542, CVE-2021-47549, CVE-2021-47557, CVE-2021-47562, CVE-2021-47563, CVE-2021-47565, CVE-2022-1195, CVE-2022-20132, CVE-2022-48636, CVE-2022-48673, CVE-2022-48704, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-2176, CVE-2023-4244, CVE-2023-47233, CVE-2023-52433, CVE-2023-52581, CVE-2023-52591, CVE-2023-52654, CVE-2023-52655, CVE-2023-52686, CVE-2023-52840, CVE-2023-52871, CVE-2023-52880, CVE-2023-6531, CVE-2024-26581, CVE-2024-26643, CVE-2024-26828, CVE-2024-26921, CVE-2024-26925, CVE-2024-26929, CVE-2024-26930, CVE-2024-27398, CVE-2024-27413, CVE-2024-35811, CVE-2024-35895, CVE-2024-35914
Maintenance Incident: [SUSE:Maintenance:34219](https://smelt.suse.de/incident/34219/)
Sources used:
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-source-rt-5.3.18-150300.172.1
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-source-rt-5.3.18-150300.172.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-source-rt-5.3.18-150300.172.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Maintenance Automation 2024-06-24 20:31:34 UTC 
SUSE-SU-2024:2183-1: An update that solves 131 vulnerabilities and has 13 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1151927, 1154353, 1156395, 1174585, 1176869, 1184631, 1185589, 1185902, 1188616, 1188772, 1189883, 1190795, 1191452, 1192107, 1194288, 1196956, 1200619, 1208813, 1209657, 1210335, 1210629, 1215356, 1215420, 1216702, 1217169, 1220137, 1220144, 1220754, 1220877, 1220960, 1221044, 1221829, 1222251, 1222619, 1223084, 1223384, 1223390, 1223934, 1224099, 1224174, 1224438, 1224482, 1224511, 1224592, 1224831, 1224832, 1224834, 1224841, 1224843, 1224846, 1224849, 1224854, 1224859, 1224882, 1224888, 1224889, 1224891, 1224892, 1224893, 1224904, 1224907, 1224909, 1224916, 1224917, 1224922, 1224923, 1224924, 1224928, 1224953, 1224954, 1224961, 1224963, 1224965, 1224966, 1224968, 1224981, 1224982, 1224984, 1224987, 1224990, 1224993, 1224996, 1224997, 1225026, 1225030, 1225058, 1225060, 1225084, 1225091, 1225112, 1225113, 1225140, 1225143, 1225164, 1225177, 1225181, 1225192, 1225193, 1225201, 1225206, 1225207, 1225208, 1225214, 1225223, 1225224, 1225232, 1225238, 1225244, 1225251, 1225256, 1225261, 1225262, 1225263, 1225301, 1225303, 1225318, 1225321, 1225326, 1225327, 1225328, 1225336, 1225341, 1225346, 1225351, 1225354, 1225355, 1225360, 1225366, 1225367, 1225384, 1225390, 1225393, 1225400, 1225404, 1225411, 1225427, 1225437, 1225448, 1225453, 1225455, 1225499, 1225500, 1225534
CVE References: CVE-2021-3743, CVE-2021-39698, CVE-2021-43056, CVE-2021-47104, CVE-2021-47220, CVE-2021-47229, CVE-2021-47231, CVE-2021-47236, CVE-2021-47239, CVE-2021-47240, CVE-2021-47246, CVE-2021-47252, CVE-2021-47254, CVE-2021-47255, CVE-2021-47259, CVE-2021-47260, CVE-2021-47261, CVE-2021-47267, CVE-2021-47269, CVE-2021-47270, CVE-2021-47274, CVE-2021-47275, CVE-2021-47276, CVE-2021-47280, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47289, CVE-2021-47296, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47314, CVE-2021-47315, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47330, CVE-2021-47332, CVE-2021-47333, CVE-2021-47334, CVE-2021-47338, CVE-2021-47341, CVE-2021-47344, CVE-2021-47347, CVE-2021-47350, CVE-2021-47354, CVE-2021-47356, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47381, CVE-2021-47382, CVE-2021-47383, CVE-2021-47388, CVE-2021-47391, CVE-2021-47393, CVE-2021-47395, CVE-2021-47396, CVE-2021-47399, CVE-2021-47402, CVE-2021-47404, CVE-2021-47405, CVE-2021-47416, CVE-2021-47423, CVE-2021-47424, CVE-2021-47425, CVE-2021-47431, CVE-2021-47434, CVE-2021-47436, CVE-2021-47441, CVE-2021-47442, CVE-2021-47443, CVE-2021-47445, CVE-2021-47456, CVE-2021-47460, CVE-2021-47464, CVE-2021-47465, CVE-2021-47468, CVE-2021-47473, CVE-2021-47482, CVE-2021-47483, CVE-2021-47485, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47500, CVE-2021-47505, CVE-2021-47506, CVE-2021-47511, CVE-2021-47516, CVE-2021-47522, CVE-2021-47527, CVE-2021-47538, CVE-2021-47541, CVE-2021-47542, CVE-2021-47562, CVE-2021-47563, CVE-2021-47565, CVE-2022-20132, CVE-2022-48673, CVE-2023-0160, CVE-2023-1829, CVE-2023-2176, CVE-2023-424, CVE-2023-4244, CVE-2023-47233, CVE-2023-52433, CVE-2023-52581, CVE-2023-52591, CVE-2023-52654, CVE-2023-52655, CVE-2023-52686, CVE-2023-52840, CVE-2023-52871, CVE-2023-52880, CVE-2023-6531, CVE-2024-26581, CVE-2024-26643, CVE-2024-26828, CVE-2024-26925, CVE-2024-26929, CVE-2024-26930, CVE-2024-27398, CVE-2024-27413, CVE-2024-35811, CVE-2024-35895, CVE-2024-35914
Maintenance Incident: [SUSE:Maintenance:34159](https://smelt.suse.de/incident/34159/)
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src):
 kernel-livepatch-SLE15-SP2_Update_49-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 kernel-obs-build-5.3.18-150200.24.194.1, kernel-default-base-5.3.18-150200.24.194.1.150200.9.99.1, kernel-source-5.3.18-150200.24.194.1, kernel-syms-5.3.18-150200.24.194.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 kernel-obs-build-5.3.18-150200.24.194.1, kernel-default-base-5.3.18-150200.24.194.1.150200.9.99.1, kernel-source-5.3.18-150200.24.194.1, kernel-syms-5.3.18-150200.24.194.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 kernel-obs-build-5.3.18-150200.24.194.1, kernel-default-base-5.3.18-150200.24.194.1.150200.9.99.1, kernel-source-5.3.18-150200.24.194.1, kernel-syms-5.3.18-150200.24.194.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Maintenance Automation 2024-06-24 20:32:14 UTC 
SUSE-SU-2024:2185-1: An update that solves 187 vulnerabilities and has 26 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1151927, 1152472, 1154353, 1156395, 1174585, 1176447, 1176774, 1176869, 1178134, 1181147, 1184631, 1185570, 1185589, 1185902, 1186885, 1187357, 1188616, 1188772, 1189883, 1190795, 1191452, 1192107, 1194288, 1194591, 1196956, 1197760, 1198029, 1199304, 1200619, 1203389, 1206646, 1209657, 1210335, 1210629, 1213476, 1215420, 1216702, 1217169, 1220137, 1220144, 1220754, 1220877, 1220960, 1221044, 1221113, 1221829, 1222251, 1222619, 1222838, 1222867, 1223084, 1223138, 1223384, 1223390, 1223512, 1223932, 1223934, 1224099, 1224174, 1224438, 1224482, 1224511, 1224592, 1224816, 1224826, 1224830, 1224831, 1224832, 1224834, 1224841, 1224842, 1224843, 1224844, 1224846, 1224849, 1224852, 1224853, 1224854, 1224859, 1224882, 1224886, 1224888, 1224889, 1224891, 1224892, 1224893, 1224899, 1224904, 1224907, 1224909, 1224916, 1224917, 1224922, 1224923, 1224924, 1224926, 1224928, 1224953, 1224954, 1224955, 1224957, 1224961, 1224963, 1224965, 1224966, 1224968, 1224981, 1224982, 1224983, 1224984, 1224987, 1224990, 1224993, 1224996, 1224997, 1225026, 1225030, 1225058, 1225060, 1225083, 1225084, 1225091, 1225112, 1225113, 1225128, 1225140, 1225143, 1225148, 1225155, 1225164, 1225177, 1225178, 1225181, 1225192, 1225193, 1225198, 1225201, 1225206, 1225207, 1225208, 1225214, 1225223, 1225224, 1225230, 1225232, 1225233, 1225237, 1225238, 1225243, 1225244, 1225247, 1225251, 1225252, 1225256, 1225261, 1225262, 1225263, 1225301, 1225303, 1225316, 1225318, 1225320, 1225321, 1225322, 1225326, 1225327, 1225328, 1225330, 1225333, 1225336, 1225341, 1225346, 1225351, 1225354, 1225355, 1225357, 1225358, 1225360, 1225361, 1225366, 1225367, 1225369, 1225370, 1225372, 1225374, 1225384, 1225386, 1225387, 1225390, 1225393, 1225400, 1225404, 1225405, 1225409, 1225411, 1225424, 1225427, 1225435, 1225437, 1225438, 1225439, 1225446, 1225447, 1225448, 1225450, 1225453, 1225455, 1225468, 1225499, 1225500, 1225508, 1225534
CVE References: CVE-2020-36788, CVE-2021-3743, CVE-2021-39698, CVE-2021-43056, CVE-2021-47104, CVE-2021-47192, CVE-2021-47200, CVE-2021-47220, CVE-2021-47227, CVE-2021-47228, CVE-2021-47229, CVE-2021-47230, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47239, CVE-2021-47240, CVE-2021-47241, CVE-2021-47246, CVE-2021-47252, CVE-2021-47253, CVE-2021-47254, CVE-2021-47255, CVE-2021-47258, CVE-2021-47259, CVE-2021-47260, CVE-2021-47261, CVE-2021-47263, CVE-2021-47265, CVE-2021-47267, CVE-2021-47269, CVE-2021-47270, CVE-2021-47274, CVE-2021-47275, CVE-2021-47276, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47289, CVE-2021-47296, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47314, CVE-2021-47315, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47329, CVE-2021-47330, CVE-2021-47332, CVE-2021-47333, CVE-2021-47334, CVE-2021-47337, CVE-2021-47338, CVE-2021-47340, CVE-2021-47341, CVE-2021-47343, CVE-2021-47344, CVE-2021-47347, CVE-2021-47348, CVE-2021-47350, CVE-2021-47353, CVE-2021-47354, CVE-2021-47356, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47381, CVE-2021-47382, CVE-2021-47383, CVE-2021-47387, CVE-2021-47388, CVE-2021-47391, CVE-2021-47392, CVE-2021-47393, CVE-2021-47395, CVE-2021-47396, CVE-2021-47399, CVE-2021-47402, CVE-2021-47404, CVE-2021-47405, CVE-2021-47409, CVE-2021-47413, CVE-2021-47416, CVE-2021-47422, CVE-2021-47423, CVE-2021-47424, CVE-2021-47425, CVE-2021-47426, CVE-2021-47428, CVE-2021-47431, CVE-2021-47434, CVE-2021-47435, CVE-2021-47436, CVE-2021-47441, CVE-2021-47442, CVE-2021-47443, CVE-2021-47444, CVE-2021-47445, CVE-2021-47451, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47464, CVE-2021-47465, CVE-2021-47468, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47482, CVE-2021-47483, CVE-2021-47485, CVE-2021-47493, CVE-2021-47494, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47498, CVE-2021-47499, CVE-2021-47500, CVE-2021-47501, CVE-2021-47502, CVE-2021-47503, CVE-2021-47505, CVE-2021-47506, CVE-2021-47507, CVE-2021-47509, CVE-2021-47511, CVE-2021-47512, CVE-2021-47516, CVE-2021-47518, CVE-2021-47521, CVE-2021-47522, CVE-2021-47523, CVE-2021-47527, CVE-2021-47535, CVE-2021-47536, CVE-2021-47538, CVE-2021-47540, CVE-2021-47541, CVE-2021-47542, CVE-2021-47549, CVE-2021-47557, CVE-2021-47562, CVE-2021-47563, CVE-2021-47565, CVE-2022-1195, CVE-2022-20132, CVE-2022-48636, CVE-2022-48673, CVE-2022-48704, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-2176, CVE-2023-424, CVE-2023-4244, CVE-2023-47233, CVE-2023-52433, CVE-2023-52581, CVE-2023-52591, CVE-2023-52654, CVE-2023-52655, CVE-2023-52686, CVE-2023-52840, CVE-2023-52871, CVE-2023-52880, CVE-2023-6531, CVE-2024-26581, CVE-2024-26643, CVE-2024-26828, CVE-2024-26921, CVE-2024-26925, CVE-2024-26929, CVE-2024-26930, CVE-2024-27398, CVE-2024-27413, CVE-2024-35811, CVE-2024-35895, CVE-2024-35914
Maintenance Incident: [SUSE:Maintenance:34168](https://smelt.suse.de/incident/34168/)
Sources used:
openSUSE Leap 15.3 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-syms-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-livepatch-SLE15-SP3_Update_45-1-150300.7.3.1, kernel-source-5.3.18-150300.59.164.1, kernel-obs-qa-5.3.18-150300.59.164.1
SUSE Linux Enterprise Live Patching 15-SP3 (src):
 kernel-livepatch-SLE15-SP3_Update_45-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-source-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-syms-5.3.18-150300.59.164.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-source-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-syms-5.3.18-150300.59.164.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-source-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-syms-5.3.18-150300.59.164.1
SUSE Enterprise Storage 7.1 (src):
 kernel-obs-build-5.3.18-150300.59.164.1, kernel-source-5.3.18-150300.59.164.1, kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1, kernel-syms-5.3.18-150300.59.164.1
SUSE Linux Enterprise Micro 5.1 (src):
 kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1
SUSE Linux Enterprise Micro 5.2 (src):
 kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 kernel-default-base-5.3.18-150300.59.164.1.150300.18.96.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Andrea Mattiazzo 2024-07-03 13:32:17 UTC 
All done, closing.
Comment 17 Maintenance Automation 2024-07-16 08:30:23 UTC 
SUSE-SU-2024:2493-1: An update that solves 28 vulnerabilities and has three security fixes can now be installed.

Category: security (important)
Bug References: 1215420, 1220833, 1221656, 1221659, 1222005, 1222792, 1223021, 1223188, 1224622, 1224627, 1224647, 1224683, 1224686, 1224743, 1224965, 1225229, 1225357, 1225431, 1225478, 1225505, 1225530, 1225532, 1225569, 1225593, 1225835, 1226757, 1226861, 1226994, 1227407, 1227435, 1227487
CVE References: CVE-2021-47145, CVE-2021-47201, CVE-2021-47275, CVE-2021-47438, CVE-2021-47498, CVE-2021-47520, CVE-2021-47547, CVE-2023-4244, CVE-2023-52507, CVE-2023-52683, CVE-2023-52693, CVE-2023-52753, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2024-26635, CVE-2024-26636, CVE-2024-26880, CVE-2024-35805, CVE-2024-35819, CVE-2024-35828, CVE-2024-35947, CVE-2024-36014, CVE-2024-36941, CVE-2024-38598, CVE-2024-38619, CVE-2024-39301, CVE-2024-39475
Maintenance Incident: [SUSE:Maintenance:34763](https://smelt.suse.de/incident/34763/)
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src):
 kernel-syms-rt-4.12.14-10.194.1, kernel-source-rt-4.12.14-10.194.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Maintenance Automation 2024-07-18 16:31:07 UTC 
SUSE-SU-2024:2561-1: An update that solves 176 vulnerabilities and has 17 security fixes can now be installed.

Category: security (important)
Bug References: 1119113, 1171988, 1191958, 1195065, 1195254, 1195775, 1204514, 1215420, 1216062, 1217912, 1218148, 1219224, 1220833, 1221010, 1221647, 1221654, 1221656, 1221659, 1221791, 1221958, 1222005, 1222015, 1222080, 1222364, 1222385, 1222435, 1222792, 1222809, 1222866, 1222879, 1222893, 1223013, 1223018, 1223021, 1223043, 1223188, 1223384, 1223532, 1223641, 1224177, 1224432, 1224504, 1224549, 1224552, 1224572, 1224575, 1224583, 1224588, 1224605, 1224622, 1224627, 1224647, 1224651, 1224660, 1224661, 1224662, 1224664, 1224668, 1224670, 1224672, 1224674, 1224677, 1224678, 1224683, 1224686, 1224703, 1224735, 1224739, 1224743, 1224763, 1224764, 1224765, 1224946, 1224951, 1224965, 1224967, 1224976, 1224977, 1224978, 1224993, 1224997, 1225047, 1225140, 1225184, 1225203, 1225229, 1225232, 1225261, 1225306, 1225337, 1225357, 1225372, 1225431, 1225463, 1225478, 1225484, 1225487, 1225490, 1225505, 1225514, 1225518, 1225530, 1225532, 1225548, 1225555, 1225556, 1225559, 1225569, 1225571, 1225573, 1225577, 1225583, 1225585, 1225593, 1225599, 1225602, 1225611, 1225642, 1225681, 1225704, 1225722, 1225749, 1225758, 1225760, 1225761, 1225767, 1225770, 1225815, 1225835, 1225840, 1225848, 1225866, 1225872, 1225894, 1225895, 1225898, 1226211, 1226212, 1226537, 1226554, 1226557, 1226562, 1226567, 1226575, 1226577, 1226593, 1226595, 1226597, 1226610, 1226614, 1226619, 1226621, 1226634, 1226637, 1226670, 1226672, 1226692, 1226698, 1226699, 1226701, 1226705, 1226708, 1226711, 1226712, 1226716, 1226718, 1226732, 1226735, 1226744, 1226746, 1226747, 1226749, 1226754, 1226757, 1226767, 1226769, 1226857, 1226861, 1226876, 1226883, 1226886, 1226895, 1226948, 1226949, 1226950, 1226962, 1226976, 1226994, 1226996, 1227101, 1227407, 1227435, 1227487
CVE References: CVE-2020-10135, CVE-2021-43389, CVE-2021-4439, CVE-2021-47103, CVE-2021-47145, CVE-2021-47191, CVE-2021-47193, CVE-2021-47201, CVE-2021-47267, CVE-2021-47270, CVE-2021-47275, CVE-2021-47293, CVE-2021-47294, CVE-2021-47297, CVE-2021-47309, CVE-2021-47328, CVE-2021-47354, CVE-2021-47372, CVE-2021-47379, CVE-2021-47407, CVE-2021-47418, CVE-2021-47434, CVE-2021-47438, CVE-2021-47445, CVE-2021-47498, CVE-2021-47518, CVE-2021-47520, CVE-2021-47544, CVE-2021-47547, CVE-2021-47566, CVE-2021-47571, CVE-2021-47576, CVE-2021-47587, CVE-2021-47589, CVE-2021-47600, CVE-2021-47602, CVE-2021-47603, CVE-2021-47609, CVE-2021-47617, CVE-2022-0435, CVE-2022-22942, CVE-2022-48711, CVE-2022-48715, CVE-2022-48722, CVE-2022-48732, CVE-2022-48733, CVE-2022-48740, CVE-2022-48743, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-4244, CVE-2023-52507, CVE-2023-52622, CVE-2023-52675, CVE-2023-52683, CVE-2023-52693, CVE-2023-52737, CVE-2023-52752, CVE-2023-52753, CVE-2023-52754, CVE-2023-52757, CVE-2023-52762, CVE-2023-52764, CVE-2023-52784, CVE-2023-52808, CVE-2023-52809, CVE-2023-5281, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2023-52832, CVE-2023-52834, CVE-2023-52835, CVE-2023-52843, CVE-2023-52845, CVE-2023-52855, CVE-2023-52881, CVE-2024-26633, CVE-2024-26635, CVE-2024-26636, CVE-2024-26641, CVE-2024-26679, CVE-2024-26687, CVE-2024-26720, CVE-2024-26813, CVE-2024-26845, CVE-2024-26863, CVE-2024-26880, CVE-2024-26894, CVE-2024-26923, CVE-2024-26928, CVE-2024-26973, CVE-2024-27399, CVE-2024-27410, CVE-2024-35247, CVE-2024-35805, CVE-2024-35807, CVE-2024-35819, CVE-2024-35822, CVE-2024-35828, CVE-2024-35835, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35867, CVE-2024-35868, CVE-2024-35870, CVE-2024-35886, CVE-2024-35896, CVE-2024-35922, CVE-2024-35925, CVE-2024-35930, CVE-2024-35947, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35976, CVE-2024-35979, CVE-2024-35997, CVE-2024-35998, CVE-2024-36014, CVE-2024-36016, CVE-2024-36017, CVE-2024-36025, CVE-2024-36479, CVE-2024-36880, CVE-2024-36894, CVE-2024-36915, CVE-2024-36917, CVE-2024-36919, CVE-2024-36923, CVE-2024-36934, CVE-2024-36938, CVE-2024-36940, CVE-2024-36941, CVE-2024-36949, CVE-2024-36950, CVE-2024-36952, CVE-2024-36960, CVE-2024-36964, CVE-2024-37021, CVE-2024-37354, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38549, CVE-2024-38552, CVE-2024-38553, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38597, CVE-2024-38598, CVE-2024-38601, CVE-2024-38608, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39475
Maintenance Incident: [SUSE:Maintenance:34719](https://smelt.suse.de/incident/34719/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_58-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.222.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Maintenance Automation 2024-07-18 16:35:40 UTC 
SUSE-SU-2024:2561-1: An update that solves 176 vulnerabilities and has 17 security fixes can now be installed.

Category: security (important)
Bug References: 1119113, 1171988, 1191958, 1195065, 1195254, 1195775, 1204514, 1215420, 1216062, 1217912, 1218148, 1219224, 1220833, 1221010, 1221647, 1221654, 1221656, 1221659, 1221791, 1221958, 1222005, 1222015, 1222080, 1222364, 1222385, 1222435, 1222792, 1222809, 1222866, 1222879, 1222893, 1223013, 1223018, 1223021, 1223043, 1223188, 1223384, 1223532, 1223641, 1224177, 1224432, 1224504, 1224549, 1224552, 1224572, 1224575, 1224583, 1224588, 1224605, 1224622, 1224627, 1224647, 1224651, 1224660, 1224661, 1224662, 1224664, 1224668, 1224670, 1224672, 1224674, 1224677, 1224678, 1224683, 1224686, 1224703, 1224735, 1224739, 1224743, 1224763, 1224764, 1224765, 1224946, 1224951, 1224965, 1224967, 1224976, 1224977, 1224978, 1224993, 1224997, 1225047, 1225140, 1225184, 1225203, 1225229, 1225232, 1225261, 1225306, 1225337, 1225357, 1225372, 1225431, 1225463, 1225478, 1225484, 1225487, 1225490, 1225505, 1225514, 1225518, 1225530, 1225532, 1225548, 1225555, 1225556, 1225559, 1225569, 1225571, 1225573, 1225577, 1225583, 1225585, 1225593, 1225599, 1225602, 1225611, 1225642, 1225681, 1225704, 1225722, 1225749, 1225758, 1225760, 1225761, 1225767, 1225770, 1225815, 1225835, 1225840, 1225848, 1225866, 1225872, 1225894, 1225895, 1225898, 1226211, 1226212, 1226537, 1226554, 1226557, 1226562, 1226567, 1226575, 1226577, 1226593, 1226595, 1226597, 1226610, 1226614, 1226619, 1226621, 1226634, 1226637, 1226670, 1226672, 1226692, 1226698, 1226699, 1226701, 1226705, 1226708, 1226711, 1226712, 1226716, 1226718, 1226732, 1226735, 1226744, 1226746, 1226747, 1226749, 1226754, 1226757, 1226767, 1226769, 1226857, 1226861, 1226876, 1226883, 1226886, 1226895, 1226948, 1226949, 1226950, 1226962, 1226976, 1226994, 1226996, 1227101, 1227407, 1227435, 1227487
CVE References: CVE-2020-10135, CVE-2021-43389, CVE-2021-4439, CVE-2021-47103, CVE-2021-47145, CVE-2021-47191, CVE-2021-47193, CVE-2021-47201, CVE-2021-47267, CVE-2021-47270, CVE-2021-47275, CVE-2021-47293, CVE-2021-47294, CVE-2021-47297, CVE-2021-47309, CVE-2021-47328, CVE-2021-47354, CVE-2021-47372, CVE-2021-47379, CVE-2021-47407, CVE-2021-47418, CVE-2021-47434, CVE-2021-47438, CVE-2021-47445, CVE-2021-47498, CVE-2021-47518, CVE-2021-47520, CVE-2021-47544, CVE-2021-47547, CVE-2021-47566, CVE-2021-47571, CVE-2021-47576, CVE-2021-47587, CVE-2021-47589, CVE-2021-47600, CVE-2021-47602, CVE-2021-47603, CVE-2021-47609, CVE-2021-47617, CVE-2022-0435, CVE-2022-22942, CVE-2022-48711, CVE-2022-48715, CVE-2022-48722, CVE-2022-48732, CVE-2022-48733, CVE-2022-48740, CVE-2022-48743, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48771, CVE-2022-48772, CVE-2023-24023, CVE-2023-4244, CVE-2023-52507, CVE-2023-52622, CVE-2023-52675, CVE-2023-52683, CVE-2023-52693, CVE-2023-52737, CVE-2023-52752, CVE-2023-52753, CVE-2023-52754, CVE-2023-52757, CVE-2023-52762, CVE-2023-52764, CVE-2023-52784, CVE-2023-52808, CVE-2023-52809, CVE-2023-5281, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2023-52832, CVE-2023-52834, CVE-2023-52835, CVE-2023-52843, CVE-2023-52845, CVE-2023-52855, CVE-2023-52881, CVE-2024-26633, CVE-2024-26635, CVE-2024-26636, CVE-2024-26641, CVE-2024-26679, CVE-2024-26687, CVE-2024-26720, CVE-2024-26813, CVE-2024-26845, CVE-2024-26863, CVE-2024-26880, CVE-2024-26894, CVE-2024-26923, CVE-2024-26928, CVE-2024-26973, CVE-2024-27399, CVE-2024-27410, CVE-2024-35247, CVE-2024-35805, CVE-2024-35807, CVE-2024-35819, CVE-2024-35822, CVE-2024-35828, CVE-2024-35835, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35867, CVE-2024-35868, CVE-2024-35870, CVE-2024-35886, CVE-2024-35896, CVE-2024-35922, CVE-2024-35925, CVE-2024-35930, CVE-2024-35947, CVE-2024-35950, CVE-2024-35956, CVE-2024-35958, CVE-2024-35960, CVE-2024-35962, CVE-2024-35976, CVE-2024-35979, CVE-2024-35997, CVE-2024-35998, CVE-2024-36014, CVE-2024-36016, CVE-2024-36017, CVE-2024-36025, CVE-2024-36479, CVE-2024-36880, CVE-2024-36894, CVE-2024-36915, CVE-2024-36917, CVE-2024-36919, CVE-2024-36923, CVE-2024-36934, CVE-2024-36938, CVE-2024-36940, CVE-2024-36941, CVE-2024-36949, CVE-2024-36950, CVE-2024-36952, CVE-2024-36960, CVE-2024-36964, CVE-2024-37021, CVE-2024-37354, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38549, CVE-2024-38552, CVE-2024-38553, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38597, CVE-2024-38598, CVE-2024-38601, CVE-2024-38608, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38659, CVE-2024-38661, CVE-2024-38780, CVE-2024-39301, CVE-2024-39475
Maintenance Incident: [SUSE:Maintenance:34719](https://smelt.suse.de/incident/34719/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_58-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.222.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-4.12.14-122.222.1, kernel-source-4.12.14-122.222.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.