1225124 – (CVE-2021-47352) VUL-0: CVE-2021-47352: kernel: virtio-net: Add validation for used length

Bug 1225124 (CVE-2021-47352) - VUL-0: CVE-2021-47352: kernel: virtio-net: Add validation for used length

Summary: VUL-0: CVE-2021-47352: kernel: virtio-net: Add validation for used length

Status:	IN_PROGRESS

Alias:	CVE-2021-47352

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/406990/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-47352:6.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-05-23 11:30 UTC by SMASH SMASH
Modified:	2024-06-24 20:31 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-05-23 11:30:28 UTC

In the Linux kernel, the following vulnerability has been resolved:

virtio-net: Add validation for used length

This adds validation for used length (might come
from an untrusted device) to avoid data corruption
or loss.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47352
https://www.cve.org/CVERecord?id=CVE-2021-47352
https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c
https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758
https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292
https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47352.mbox
https://bugzilla.redhat.com/show_bug.cgi?id=2282401

Comment 1 Gabriel Krisman Bertazi 2024-05-23 20:46:54 UTC

Hi Fabiano,

Can you take care of this one or reassign according to the security process [1]?

The CVSS score is 6.5.  The patch lacks Fixes tag but looking at SLE12-SP3-TD I think we might still need it there. 

Thanks,

[1] https://wiki.suse.net/index.php?title=SUSE-Labs/kernel/sec


[130:krisman@cartola kernel-source]$ ../scripts/scripts/check-kernel-fix  CVE-2021-47352
ad993a95c508 ("virtio-net: Add validation for used length") merged v5.14-rc1~119^2~410
No Fixes tag. Requires manual review for affected branches.
Security fix for CVE-2021-47352 bsc#1225124 with CVSS 6.5
Experts candidates: jgross@suse.com fabiano.rosas@suse.com dfaggioli@suse.com
..............................
ACTION NEEDED!
SLE12-SP5: MANUAL: might need backport of ad993a95c508417acdeb15244109e009e50d8758 ()
SLE12-SP3-TD: MANUAL: might need backport of ad993a95c508417acdeb15244109e009e50d8758 ()

Comment 2 Fabiano Rosas 2024-05-31 14:09:17 UTC

Hi,

SLE12-SP5 is indeed affected and I'm backporting the fix.

SLE12-SP3-TD is not affected because all code paths either don't do anything critical with 'len' or already have a call to page_to_skb() early enough. That function has a similar check that in the original patch discussion[1] was deemed sufficient to protect against a 'used length' that's too large, that's why the original patch doesn't include receive_big() (because it calls page_to_skb() early).

Note that the original bug case seems to have been related[2] to the use of VDUSE, which is not yet present in the SLE versions in question. Unfortunately, the commit ad993a95c508 ("virtio-net: Add validation for used length") doesn't mention anything about how this bug could be triggered or even what is the path that causes the supposed data corruption, so to be safe I'm assuming it can indeed be triggered via other means (than a device implemented in userspace via VDUSE).

1- https://patches.linaro.org/project/netdev/patch/20210525045838.1137-1-xieyongji@bytedance.com/ (couldn't find a lore link)

2- https://lore.kernel.org/all/20210517090836.533-1-xieyongji@bytedance.com/

Comment 9 Maintenance Automation 2024-06-11 08:30:37 UTC

SUSE-SU-2024:1979-1: An update that solves 180 vulnerabilities and has 18 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1101816, 1181674, 1185902, 1187716, 1188616, 1190317, 1190795, 1191452, 1194591, 1197760, 1206213, 1206646, 1207186, 1209657, 1210335, 1215702, 1216702, 1217169, 1217519, 1220487, 1220854, 1220928, 1221044, 1221081, 1221086, 1221977, 1221994, 1222619, 1222627, 1222667, 1222671, 1222893, 1222894, 1223023, 1223046, 1223048, 1223084, 1223138, 1223207, 1223360, 1223384, 1223633, 1223653, 1223666, 1223671, 1223738, 1223752, 1223834, 1223922, 1223932, 1223948, 1224096, 1224174, 1224181, 1224347, 1224482, 1224511, 1224525, 1224566, 1224580, 1224592, 1224601, 1224607, 1224621, 1224644, 1224645, 1224648, 1224650, 1224663, 1224671, 1224676, 1224680, 1224682, 1224725, 1224728, 1224733, 1224738, 1224747, 1224749, 1224759, 1224803, 1224827, 1224830, 1224831, 1224834, 1224838, 1224841, 1224844, 1224846, 1224847, 1224849, 1224854, 1224859, 1224867, 1224880, 1224882, 1224888, 1224889, 1224892, 1224893, 1224899, 1224904, 1224907, 1224916, 1224917, 1224922, 1224926, 1224930, 1224931, 1224942, 1224954, 1224957, 1224959, 1224960, 1224961, 1224963, 1224966, 1224968, 1224981, 1224982, 1224983, 1224987, 1224990, 1224996, 1225008, 1225009, 1225010, 1225022, 1225026, 1225030, 1225054, 1225058, 1225059, 1225060, 1225062, 1225082, 1225084, 1225086, 1225092, 1225096, 1225112, 1225124, 1225128, 1225132, 1225141, 1225143, 1225144, 1225151, 1225153, 1225155, 1225157, 1225164, 1225177, 1225189, 1225192, 1225193, 1225198, 1225201, 1225207, 1225208, 1225222, 1225230, 1225242, 1225244, 1225247, 1225251, 1225252, 1225256, 1225303, 1225318, 1225322, 1225329, 1225330, 1225336, 1225347, 1225351, 1225354, 1225355, 1225360, 1225366, 1225367, 1225384, 1225390, 1225404, 1225409, 1225411, 1225438, 1225453, 1225479, 1225482, 1225506, 1225549, 1225560, 1225572, 1225640, 1225708, 1225764
CVE References: CVE-2021-46933, CVE-2021-47074, CVE-2021-47162, CVE-2021-47171, CVE-2021-47188, CVE-2021-47206, CVE-2021-47220, CVE-2021-47229, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47238, CVE-2021-47239, CVE-2021-47245, CVE-2021-47246, CVE-2021-47248, CVE-2021-47249, CVE-2021-47250, CVE-2021-47252, CVE-2021-47254, CVE-2021-47258, CVE-2021-47260, CVE-2021-47261, CVE-2021-47265, CVE-2021-47269, CVE-2021-47274, CVE-2021-47276, CVE-2021-47277, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47310, CVE-2021-47311, CVE-2021-47314, CVE-2021-47315, CVE-2021-47319, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47330, CVE-2021-47334, CVE-2021-47337, CVE-2021-47343, CVE-2021-47344, CVE-2021-47345, CVE-2021-47347, CVE-2021-47352, CVE-2021-47353, CVE-2021-47355, CVE-2021-47356, CVE-2021-47357, CVE-2021-47361, CVE-2021-47362, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47382, CVE-2021-47383, CVE-2021-47391, CVE-2021-47397, CVE-2021-47400, CVE-2021-47401, CVE-2021-47404, CVE-2021-47409, CVE-2021-47416, CVE-2021-47423, CVE-2021-47424, CVE-2021-47431, CVE-2021-47435, CVE-2021-47436, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47469, CVE-2021-47472, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47483, CVE-2021-47485, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47500, CVE-2021-47506, CVE-2021-47509, CVE-2021-47511, CVE-2021-47523, CVE-2021-47541, CVE-2021-47548, CVE-2021-47565, CVE-2022-48686, CVE-2022-48697, CVE-2022-48704, CVE-2022-48708, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-42755, CVE-2023-47233, CVE-2023-52527, CVE-2023-52586, CVE-2023-52591, CVE-2023-52655, CVE-2023-52664, CVE-2023-52685, CVE-2023-52686, CVE-2023-52691, CVE-2023-52696, CVE-2023-52698, CVE-2023-52703, CVE-2023-52730, CVE-2023-52732, CVE-2023-52741, CVE-2023-52742, CVE-2023-52747, CVE-2023-52759, CVE-2023-52774, CVE-2023-52781, CVE-2023-52796, CVE-2023-52803, CVE-2023-52821, CVE-2023-52864, CVE-2023-52865, CVE-2023-52867, CVE-2023-52875, CVE-2023-52880, CVE-2024-26625, CVE-2024-26752, CVE-2024-26775, CVE-2024-26828, CVE-2024-26846, CVE-2024-26874, CVE-2024-26900, CVE-2024-26915, CVE-2024-26920, CVE-2024-26921, CVE-2024-26934, CVE-2024-26957, CVE-2024-26958, CVE-2024-26984, CVE-2024-26996, CVE-2024-27059, CVE-2024-27062, CVE-2024-27396, CVE-2024-27398, CVE-2024-27401, CVE-2024-27419, CVE-2024-27436, CVE-2024-35789, CVE-2024-35791, CVE-2024-35809, CVE-2024-35811, CVE-2024-35830, CVE-2024-35849, CVE-2024-35877, CVE-2024-35878, CVE-2024-35887, CVE-2024-35895, CVE-2024-35914, CVE-2024-35932, CVE-2024-35935, CVE-2024-35936, CVE-2024-35944, CVE-2024-35955, CVE-2024-35969, CVE-2024-35982, CVE-2024-35984, CVE-2024-36015, CVE-2024-36029, CVE-2024-36954
Maintenance Incident: [SUSE:Maintenance:34205](https://smelt.suse.de/incident/34205/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.188.1, kernel-source-azure-4.12.14-16.188.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.188.1, kernel-source-azure-4.12.14-16.188.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-syms-azure-4.12.14-16.188.1, kernel-source-azure-4.12.14-16.188.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Maintenance Automation 2024-06-11 12:30:48 UTC

SUSE-SU-2024:1983-1: An update that solves 199 vulnerabilities and has 26 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1101816, 1141539, 1181674, 1185902, 1187716, 1188616, 1190317, 1190795, 1191452, 1194591, 1197760, 1197894, 1203935, 1206213, 1206646, 1207186, 1209657, 1210335, 1215702, 1216702, 1217169, 1217519, 1218917, 1220487, 1220513, 1220854, 1220928, 1221044, 1221081, 1221086, 1221543, 1221545, 1221816, 1221977, 1221994, 1222559, 1222619, 1222627, 1222667, 1222671, 1222793, 1222893, 1222894, 1223023, 1223046, 1223048, 1223084, 1223119, 1223138, 1223207, 1223360, 1223384, 1223432, 1223509, 1223512, 1223539, 1223540, 1223626, 1223627, 1223633, 1223653, 1223666, 1223671, 1223712, 1223715, 1223738, 1223744, 1223752, 1223802, 1223819, 1223834, 1223922, 1223923, 1223931, 1223932, 1223948, 1223969, 1224096, 1224174, 1224181, 1224347, 1224482, 1224511, 1224525, 1224566, 1224580, 1224592, 1224601, 1224607, 1224621, 1224644, 1224645, 1224648, 1224650, 1224663, 1224671, 1224676, 1224680, 1224682, 1224725, 1224728, 1224733, 1224738, 1224747, 1224749, 1224759, 1224803, 1224827, 1224830, 1224831, 1224834, 1224838, 1224841, 1224844, 1224846, 1224847, 1224849, 1224854, 1224859, 1224867, 1224880, 1224882, 1224888, 1224889, 1224892, 1224893, 1224899, 1224904, 1224907, 1224916, 1224917, 1224922, 1224926, 1224930, 1224931, 1224942, 1224954, 1224956, 1224957, 1224959, 1224960, 1224961, 1224963, 1224966, 1224968, 1224981, 1224982, 1224983, 1224987, 1224990, 1224996, 1225008, 1225009, 1225010, 1225022, 1225026, 1225030, 1225054, 1225058, 1225059, 1225060, 1225062, 1225082, 1225084, 1225086, 1225092, 1225096, 1225112, 1225124, 1225128, 1225132, 1225141, 1225143, 1225144, 1225151, 1225153, 1225155, 1225157, 1225164, 1225177, 1225189, 1225192, 1225193, 1225198, 1225201, 1225207, 1225208, 1225222, 1225230, 1225242, 1225244, 1225247, 1225251, 1225252, 1225256, 1225303, 1225318, 1225322, 1225329, 1225330, 1225336, 1225347, 1225351, 1225354, 1225355, 1225360, 1225366, 1225367, 1225384, 1225390, 1225404, 1225409, 1225411, 1225438, 1225453, 1225479, 1225482, 1225506, 1225549, 1225560, 1225572, 1225640, 1225708, 1225764
CVE References: CVE-2021-46933, CVE-2021-46955, CVE-2021-47074, CVE-2021-47113, CVE-2021-47131, CVE-2021-47162, CVE-2021-47171, CVE-2021-47188, CVE-2021-47206, CVE-2021-47220, CVE-2021-47229, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47238, CVE-2021-47239, CVE-2021-47245, CVE-2021-47246, CVE-2021-47248, CVE-2021-47249, CVE-2021-47250, CVE-2021-47252, CVE-2021-47254, CVE-2021-47258, CVE-2021-47260, CVE-2021-47261, CVE-2021-47265, CVE-2021-47269, CVE-2021-47274, CVE-2021-47276, CVE-2021-47277, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47310, CVE-2021-47311, CVE-2021-47314, CVE-2021-47315, CVE-2021-47319, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47330, CVE-2021-47334, CVE-2021-47337, CVE-2021-47343, CVE-2021-47344, CVE-2021-47345, CVE-2021-47347, CVE-2021-47352, CVE-2021-47353, CVE-2021-47355, CVE-2021-47356, CVE-2021-47357, CVE-2021-47361, CVE-2021-47362, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47382, CVE-2021-47383, CVE-2021-47391, CVE-2021-47397, CVE-2021-47400, CVE-2021-47401, CVE-2021-47404, CVE-2021-47409, CVE-2021-47416, CVE-2021-47423, CVE-2021-47424, CVE-2021-47431, CVE-2021-47435, CVE-2021-47436, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47469, CVE-2021-47472, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47483, CVE-2021-47485, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47500, CVE-2021-47506, CVE-2021-47509, CVE-2021-47511, CVE-2021-47523, CVE-2021-47541, CVE-2021-47548, CVE-2021-47565, CVE-2022-48636, CVE-2022-48650, CVE-2022-48672, CVE-2022-48686, CVE-2022-48697, CVE-2022-48702, CVE-2022-48704, CVE-2022-48708, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-42755, CVE-2023-47233, CVE-2023-52527, CVE-2023-52586, CVE-2023-52591, CVE-2023-52646, CVE-2023-52653, CVE-2023-52655, CVE-2023-52664, CVE-2023-52685, CVE-2023-52686, CVE-2023-52691, CVE-2023-52696, CVE-2023-52698, CVE-2023-52703, CVE-2023-52730, CVE-2023-52732, CVE-2023-52741, CVE-2023-52742, CVE-2023-52747, CVE-2023-52759, CVE-2023-52774, CVE-2023-52781, CVE-2023-52796, CVE-2023-52803, CVE-2023-52821, CVE-2023-52864, CVE-2023-52865, CVE-2023-52867, CVE-2023-52875, CVE-2023-52880, CVE-2024-0639, CVE-2024-26625, CVE-2024-26739, CVE-2024-26752, CVE-2024-26775, CVE-2024-26791, CVE-2024-26828, CVE-2024-26846, CVE-2024-26874, CVE-2024-26876, CVE-2024-26900, CVE-2024-26915, CVE-2024-26920, CVE-2024-26921, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26934, CVE-2024-26957, CVE-2024-26958, CVE-2024-26984, CVE-2024-26996, CVE-2024-27008, CVE-2024-27054, CVE-2024-27059, CVE-2024-27062, CVE-2024-27388, CVE-2024-27396, CVE-2024-27398, CVE-2024-27401, CVE-2024-27419, CVE-2024-27436, CVE-2024-35789, CVE-2024-35791, CVE-2024-35809, CVE-2024-35811, CVE-2024-35830, CVE-2024-35849, CVE-2024-35877, CVE-2024-35878, CVE-2024-35887, CVE-2024-35895, CVE-2024-35914, CVE-2024-35932, CVE-2024-35935, CVE-2024-35936, CVE-2024-35944, CVE-2024-35955, CVE-2024-35969, CVE-2024-35982, CVE-2024-35984, CVE-2024-36015, CVE-2024-36029, CVE-2024-36954
Maintenance Incident: [SUSE:Maintenance:34218](https://smelt.suse.de/incident/34218/)
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src):
 kernel-syms-rt-4.12.14-10.188.1, kernel-source-rt-4.12.14-10.188.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Maintenance Automation 2024-06-24 20:31:04 UTC

SUSE-SU-2024:2184-1: An update that solves 198 vulnerabilities and has 28 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1101816, 1141539, 1181674, 1185902, 1187716, 1188616, 1190317, 1190795, 1191452, 1194591, 1197760, 1197894, 1203935, 1206213, 1206646, 1207186, 1209657, 1210335, 1215702, 1216702, 1217169, 1217519, 1218917, 1220487, 1220513, 1220854, 1220928, 1221044, 1221081, 1221086, 1221543, 1221545, 1221816, 1221977, 1221994, 1222559, 1222619, 1222627, 1222667, 1222671, 1222793, 1222893, 1222894, 1223023, 1223046, 1223048, 1223062, 1223084, 1223119, 1223138, 1223207, 1223360, 1223384, 1223432, 1223509, 1223512, 1223539, 1223540, 1223626, 1223627, 1223633, 1223653, 1223666, 1223671, 1223712, 1223715, 1223738, 1223744, 1223752, 1223802, 1223819, 1223834, 1223922, 1223923, 1223931, 1223932, 1223948, 1223969, 1224096, 1224174, 1224181, 1224347, 1224482, 1224511, 1224525, 1224566, 1224580, 1224592, 1224601, 1224607, 1224621, 1224644, 1224645, 1224648, 1224650, 1224663, 1224671, 1224676, 1224680, 1224682, 1224725, 1224728, 1224733, 1224738, 1224747, 1224749, 1224759, 1224803, 1224827, 1224830, 1224831, 1224834, 1224838, 1224841, 1224844, 1224846, 1224847, 1224849, 1224854, 1224859, 1224867, 1224880, 1224882, 1224888, 1224889, 1224892, 1224893, 1224899, 1224904, 1224907, 1224916, 1224917, 1224922, 1224926, 1224930, 1224931, 1224942, 1224954, 1224956, 1224957, 1224959, 1224960, 1224961, 1224963, 1224966, 1224968, 1224981, 1224982, 1224983, 1224987, 1224990, 1224996, 1225008, 1225009, 1225010, 1225022, 1225026, 1225030, 1225054, 1225058, 1225059, 1225060, 1225062, 1225082, 1225084, 1225086, 1225092, 1225096, 1225112, 1225124, 1225128, 1225132, 1225141, 1225143, 1225144, 1225151, 1225153, 1225155, 1225157, 1225164, 1225177, 1225189, 1225192, 1225193, 1225198, 1225201, 1225207, 1225208, 1225222, 1225230, 1225242, 1225244, 1225247, 1225251, 1225252, 1225256, 1225303, 1225318, 1225322, 1225329, 1225330, 1225336, 1225347, 1225351, 1225354, 1225355, 1225360, 1225366, 1225367, 1225384, 1225390, 1225404, 1225409, 1225411, 1225438, 1225453, 1225479, 1225482, 1225506, 1225549, 1225560, 1225572, 1225640, 1225708, 1225764
CVE References: CVE-2021-46933, CVE-2021-46955, CVE-2021-47074, CVE-2021-47113, CVE-2021-47131, CVE-2021-47162, CVE-2021-47171, CVE-2021-47188, CVE-2021-47206, CVE-2021-47220, CVE-2021-47229, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47238, CVE-2021-47239, CVE-2021-47245, CVE-2021-47246, CVE-2021-47248, CVE-2021-47249, CVE-2021-47250, CVE-2021-47252, CVE-2021-47254, CVE-2021-47258, CVE-2021-47260, CVE-2021-47261, CVE-2021-47265, CVE-2021-47269, CVE-2021-47274, CVE-2021-47276, CVE-2021-47277, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47310, CVE-2021-47311, CVE-2021-47314, CVE-2021-47315, CVE-2021-47319, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47330, CVE-2021-47334, CVE-2021-47337, CVE-2021-47343, CVE-2021-47344, CVE-2021-47345, CVE-2021-47347, CVE-2021-47352, CVE-2021-47353, CVE-2021-47355, CVE-2021-47356, CVE-2021-47357, CVE-2021-47361, CVE-2021-47362, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47382, CVE-2021-47383, CVE-2021-47391, CVE-2021-47397, CVE-2021-47400, CVE-2021-47401, CVE-2021-47404, CVE-2021-47409, CVE-2021-47416, CVE-2021-47423, CVE-2021-47424, CVE-2021-47431, CVE-2021-47435, CVE-2021-47436, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47469, CVE-2021-47472, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47483, CVE-2021-47485, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47500, CVE-2021-47506, CVE-2021-47509, CVE-2021-47511, CVE-2021-47523, CVE-2021-47541, CVE-2021-47548, CVE-2021-47565, CVE-2022-48636, CVE-2022-48650, CVE-2022-48672, CVE-2022-48686, CVE-2022-48697, CVE-2022-48702, CVE-2022-48704, CVE-2022-48708, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-42755, CVE-2023-47233, CVE-2023-52527, CVE-2023-52586, CVE-2023-52591, CVE-2023-52646, CVE-2023-52653, CVE-2023-52655, CVE-2023-52664, CVE-2023-52685, CVE-2023-52686, CVE-2023-52691, CVE-2023-52696, CVE-2023-52698, CVE-2023-52703, CVE-2023-52730, CVE-2023-52732, CVE-2023-52741, CVE-2023-52742, CVE-2023-52747, CVE-2023-52759, CVE-2023-52774, CVE-2023-52781, CVE-2023-52796, CVE-2023-52803, CVE-2023-52821, CVE-2023-52864, CVE-2023-52865, CVE-2023-52867, CVE-2023-52875, CVE-2023-52880, CVE-2024-0639, CVE-2024-26625, CVE-2024-26739, CVE-2024-26752, CVE-2024-26775, CVE-2024-26791, CVE-2024-26828, CVE-2024-26846, CVE-2024-26874, CVE-2024-26876, CVE-2024-26900, CVE-2024-26915, CVE-2024-26920, CVE-2024-26921, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26934, CVE-2024-26957, CVE-2024-26958, CVE-2024-26984, CVE-2024-26996, CVE-2024-27008, CVE-2024-27054, CVE-2024-27059, CVE-2024-27062, CVE-2024-27388, CVE-2024-27396, CVE-2024-27398, CVE-2024-27401, CVE-2024-27419, CVE-2024-27436, CVE-2024-35789, CVE-2024-35791, CVE-2024-35809, CVE-2024-35811, CVE-2024-35830, CVE-2024-35849, CVE-2024-35877, CVE-2024-35878, CVE-2024-35887, CVE-2024-35895, CVE-2024-35914, CVE-2024-35932, CVE-2024-35935, CVE-2024-35936, CVE-2024-35944, CVE-2024-35955, CVE-2024-35969, CVE-2024-35982, CVE-2024-36015, CVE-2024-36029, CVE-2024-36954
Maintenance Incident: [SUSE:Maintenance:34269](https://smelt.suse.de/incident/34269/)
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):
 kgraft-patch-SLE12-SP5_Update_57-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 kernel-obs-build-4.12.14-122.219.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 kernel-source-4.12.14-122.219.1, kernel-syms-4.12.14-122.219.1
SUSE Linux Enterprise Server 12 SP5 (src):
 kernel-source-4.12.14-122.219.1, kernel-syms-4.12.14-122.219.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 kernel-source-4.12.14-122.219.1, kernel-syms-4.12.14-122.219.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.