Bug 1023051 - (CVE-2016-3695) VUL-1: CVE-2016-3695: kernel-source: Error injection via EINJ is allowed when securelevel is enabled
(CVE-2016-3695)
VUL-1: CVE-2016-3695: kernel-source: Error injection via EINJ is allowed when...
Status: REOPENED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Joey Lee
Security Team bot
https://smash.suse.de/issue/179623/
CVSSv2:SUSE:CVE-2016-3695:1.7:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-02-01 16:16 UTC by Matthias Gerstner
Modified: 2022-12-23 15:01 UTC (History)
12 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
tiwai: needinfo? (jlee)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Gerstner 2017-02-01 16:16:37 UTC
Somebody digged out an older security implication with ACPI error injection.

It was found that EINJ, error injection mechanism, is allowed even if securelevel, a prevention from userspace performing actions that undermine trust in the platform, is enabled. This can have undesirable side-effects, such as causing the platform to mark hardware as needing replacement.

Upstream Patch:

https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1322755
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3695

Acknowledgments:

Linn Crosetto (HP)
Comment 2 Swamp Workflow Management 2017-02-01 23:02:14 UTC
bugbot adjusting priority
Comment 6 Swamp Workflow Management 2017-09-04 19:15:06 UTC
SUSE-SU-2017:2342-1: An update that solves 44 vulnerabilities and has 135 fixes is now available.

Category: security (important)
Bug References: 1003077,1005651,1008374,1008850,1008893,1012422,1013018,1013070,1013800,1013862,1016489,1017143,1018074,1018263,1018446,1019168,1020229,1021256,1021913,1022971,1023014,1023051,1023163,1023888,1024508,1024788,1024938,1025235,1025702,1026024,1026260,1026722,1026914,1027066,1027101,1027178,1027565,1028372,1028415,1028880,1029140,1029212,1029770,1029850,1030213,1030552,1030573,1030593,1030814,1031003,1031052,1031440,1031579,1032141,1032340,1032471,1033287,1033336,1033771,1033794,1033804,1033816,1034026,1034670,1035576,1035777,1035920,1036056,1036288,1036629,1037182,1037183,1037191,1037193,1037227,1037232,1037233,1037356,1037358,1037359,1037441,1038544,1038879,1038981,1038982,1039258,1039348,1039354,1039456,1039594,1039882,1039883,1039885,1040069,1040351,1041160,1041431,1041762,1041975,1042045,1042200,1042615,1042633,1042687,1042832,1043014,1043234,1043935,1044015,1044125,1044216,1044230,1044854,1044882,1044913,1044985,1045154,1045340,1045356,1045406,1045416,1045525,1045538,1045547,1045615,1046107,1046122,1046192,1046715,1047027,1047053,1047343,1047354,1047487,1047523,1047653,1048185,1048221,1048232,1048275,1049483,1049603,1049688,1049882,1050154,1050431,1051478,1051515,1051770,784815,792863,799133,870618,909486,909618,911105,919382,928138,931620,938352,943786,948562,962257,970956,971975,972891,979021,982783,983212,985561,986362,986365,986924,988065,989056,990682,991651,995542,999245
CVE References: CVE-2014-9922,CVE-2015-3288,CVE-2015-8970,CVE-2016-10200,CVE-2016-2188,CVE-2016-4997,CVE-2016-4998,CVE-2016-5243,CVE-2016-7117,CVE-2017-1000363,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-11176,CVE-2017-11473,CVE-2017-2636,CVE-2017-2647,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-6951,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7482,CVE-2017-7487,CVE-2017-7533,CVE-2017-7542,CVE-2017-7616,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1, kernel-source-rt-3.0.101.rt130-69.5.1, kernel-syms-rt-3.0.101.rt130-69.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_debug-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1
Comment 7 Swamp Workflow Management 2017-09-08 16:10:27 UTC
SUSE-SU-2017:2389-1: An update that solves 21 vulnerabilities and has 92 fixes is now available.

Category: security (important)
Bug References: 1000365,1000380,1012422,1013018,1015452,1023051,1029140,1029850,1030552,1030593,1030814,1032340,1032471,1034026,1034670,1035576,1035721,1035777,1035920,1036056,1036288,1036629,1037191,1037193,1037227,1037232,1037233,1037356,1037358,1037359,1037441,1038544,1038879,1038981,1038982,1039258,1039354,1039456,1039594,1039882,1039883,1039885,1040069,1040351,1041160,1041431,1041762,1041975,1042045,1042615,1042633,1042687,1042832,1042863,1043014,1043234,1043935,1044015,1044125,1044216,1044230,1044854,1044882,1044913,1045154,1045356,1045416,1045479,1045487,1045525,1045538,1045547,1045615,1046107,1046192,1046715,1047027,1047053,1047343,1047354,1047487,1047523,1047653,1048185,1048221,1048232,1048275,1049128,1049483,1049603,1049688,1049882,1050154,1050431,1051478,1051515,1051770,1055680,784815,792863,799133,909618,919382,928138,938352,943786,948562,962257,971975,972891,986924,990682,995542
CVE References: CVE-2014-9922,CVE-2016-10277,CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-11176,CVE-2017-11473,CVE-2017-2647,CVE-2017-6951,CVE-2017-7482,CVE-2017-7487,CVE-2017-7533,CVE-2017-7542,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-108.7.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-108.7.1, kernel-default-3.0.101-108.7.1, kernel-ec2-3.0.101-108.7.1, kernel-pae-3.0.101-108.7.1, kernel-ppc64-3.0.101-108.7.1, kernel-source-3.0.101-108.7.1, kernel-syms-3.0.101-108.7.1, kernel-trace-3.0.101-108.7.1, kernel-xen-3.0.101-108.7.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.7.1, kernel-pae-3.0.101-108.7.1, kernel-ppc64-3.0.101-108.7.1, kernel-trace-3.0.101-108.7.1, kernel-xen-3.0.101-108.7.1
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    cluster-network-1.4-2.32.2.14, drbd-kmp-8.4.4-0.27.2.13, gfs2-2-0.24.2.14, ocfs2-1.6-0.28.3.4
SUSE Linux Enterprise High Availability Extension 11-SP4 (src):    cluster-network-1.4-2.32.2.14, drbd-8.4.4-0.27.2.1, drbd-kmp-8.4.4-0.27.2.13, gfs2-2-0.24.2.14, ocfs2-1.6-0.28.3.4
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    drbd-8.4.4-0.27.2.1, kernel-bigmem-3.0.101-108.7.1, kernel-default-3.0.101-108.7.1, kernel-ec2-3.0.101-108.7.1, kernel-pae-3.0.101-108.7.1, kernel-ppc64-3.0.101-108.7.1, kernel-trace-3.0.101-108.7.1, kernel-xen-3.0.101-108.7.1
Comment 8 Swamp Workflow Management 2017-09-19 13:08:50 UTC
SUSE-SU-2017:2525-1: An update that solves 40 vulnerabilities and has 44 fixes is now available.

Category: security (important)
Bug References: 1006919,1012422,1013862,1017143,1020229,1021256,1023051,1024938,1025013,1025235,1026024,1026722,1026914,1027066,1027101,1027178,1027179,1027406,1028415,1028880,1029212,1029850,1030213,1030573,1030575,1030593,1031003,1031052,1031440,1031481,1031579,1031660,1033287,1033336,1034670,1034838,1035576,1037182,1037183,1037994,1038544,1038564,1038879,1038883,1038981,1038982,1039349,1039354,1039456,1039594,1039882,1039883,1039885,1040069,1041431,1042364,1042863,1042892,1044125,1045416,1045487,1046107,1048232,1048275,1049483,1049603,1049882,1050677,1052311,1053148,1053152,1053760,1056588,870618,948562,957988,957990,963655,972891,979681,983212,986924,989896,999245
CVE References: CVE-2016-10200,CVE-2016-5243,CVE-2017-1000112,CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-11473,CVE-2017-12762,CVE-2017-14051,CVE-2017-2647,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-6951,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7482,CVE-2017-7487,CVE-2017-7533,CVE-2017-7542,CVE-2017-7616,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.5.1, kernel-default-3.0.101-0.47.106.5.1, kernel-ec2-3.0.101-0.47.106.5.1, kernel-pae-3.0.101-0.47.106.5.1, kernel-source-3.0.101-0.47.106.5.1, kernel-syms-3.0.101-0.47.106.5.1, kernel-trace-3.0.101-0.47.106.5.1, kernel-xen-3.0.101-0.47.106.5.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.5.1, kernel-default-3.0.101-0.47.106.5.1, kernel-pae-3.0.101-0.47.106.5.1, kernel-trace-3.0.101-0.47.106.5.1, kernel-xen-3.0.101-0.47.106.5.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.5.1, kernel-ec2-3.0.101-0.47.106.5.1, kernel-pae-3.0.101-0.47.106.5.1, kernel-source-3.0.101-0.47.106.5.1, kernel-syms-3.0.101-0.47.106.5.1, kernel-trace-3.0.101-0.47.106.5.1, kernel-xen-3.0.101-0.47.106.5.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.5.1, kernel-default-3.0.101-0.47.106.5.1, kernel-ec2-3.0.101-0.47.106.5.1, kernel-pae-3.0.101-0.47.106.5.1, kernel-trace-3.0.101-0.47.106.5.1, kernel-xen-3.0.101-0.47.106.5.1
Comment 9 Marcus Meissner 2017-10-24 09:14:40 UTC
released
Comment 10 Joey Lee 2022-05-28 00:16:45 UTC
For unknown reason, kernel mainline's lockdown patchset doesn't include this patch against CVE-2016-3695. I have sent mail for checking the reason but didn't receive any response:

https://lore.kernel.org/lkml/20180111115915.dejachty3l7fwpmf@dwarf.suse.cz/T/

I reopened this bug and will port patch to new SLE kernels for locking down EINJ.
Comment 11 Hu 2022-05-30 06:27:58 UTC
Thanks Joey for your help!

So the new assessment would be:
Patch missing:
- cve/linux-3.0
- cve/linux-5.3
- SLE15-SP4-GA
- SLE15-SP4
- SLE15-SP3
- stable

(So only cve/linux-4.4 seems to contain the patch)

These branches contain a different patch [0] that does something similar, should be okay imo:
- cve/linux-4.12
- SLE12-SP5

[0] https://lore.kernel.org/linux-security-module/20190325220954.29054-17-matthewgarrett@google.com/
Comment 12 Joey Lee 2022-06-22 03:04:46 UTC
Kernel upstream still didn't give any response:

https://lore.kernel.org/lkml/151024863544.28329.2436580122759221600.stgit@warthog.procyon.org.uk/T/
Comment 15 Joey Lee 2022-06-23 03:25:15 UTC
Thanks for Hu and Borislav's suggestion. I agree this issue is minor and can be avoided by removing the einj.ko module because it's only for debugging.

I set this issue to WONFIX. If upstream merged patch then we can reopen it.
Comment 16 Marcus Meissner 2022-06-23 07:55:33 UTC
I think it  violates secure boot constraints?

if root is able to load the module and can bypass secure boot this is a bug we need to fix to keep secure boot promise.

a solution can be to remove the module from our kernel.
Comment 17 Takashi Iwai 2022-06-23 08:33:45 UTC
Hmm, it's an interesting point.  Strictly speaking, dropping the einj module from the next update kernel or apply the patch to einj wouldn't cover corner cases.
Since we've already shipped the (signed) einj module with the older kernel and it'll keep working with the future kernel thanks to kABI compatibility, an attacker can just use the old module.
Comment 18 Marcus Meissner 2022-06-23 09:50:55 UTC
we rotated the secure boot key just now to handle such cases... 
unfortunately most kernels are already released with the new key, excepting 15-sp4 (and 15-sp3).
Comment 19 Michal Suchanek 2022-06-23 09:58:18 UTC
Given the severity is not high it is probably OK to disable the module until upstream fix is provided.

It is possible to load old module with the bug but that's the case for many other bugs.
Comment 20 Joey Lee 2022-06-23 11:48:32 UTC
OK! I will disable EINJ module in kernel first.
Comment 21 Borislav Petkov 2022-06-23 11:58:24 UTC
No, not disable - put it in the extra package or so.
Comment 22 Takashi Iwai 2022-06-23 12:10:27 UTC
I believe that we need to either patch or completely drop (disable).  Even if we put the module to *-extra, it's still signed with the proper SLE key, hence anyone can use it as long as it's shipped no matter in which package.
Comment 23 Borislav Petkov 2022-06-23 15:13:07 UTC
1. It is a supported module:

$ grep einj supported.conf
drivers/acpi/apei/einj   # APEI (ACPI Platform Error Interface)

2. The injection interface is root-only:

$ ls -al /sys/kernel/debug/apei/einj
total 0
drwxr-xr-x 2 root root 0 Jun 23 17:08 .
drwxr-xr-x 3 root root 0 Jun 23 17:08 ..
-r-------- 1 root root 0 Jun 23 17:08 available_error_type
--w------- 1 root root 0 Jun 23 17:08 error_inject
-rw------- 1 root root 0 Jun 23 17:08 error_type
-rw------- 1 root root 0 Jun 23 17:08 flags
-rw------- 1 root root 0 Jun 23 17:08 notrigger
-rw------- 1 root root 0 Jun 23 17:08 param1
-rw------- 1 root root 0 Jun 23 17:08 param2
-rw------- 1 root root 0 Jun 23 17:08 param3
-rw------- 1 root root 0 Jun 23 17:08 param4
-r-------- 1 root root 0 Jun 23 17:08 vendor
-rw------- 1 root root 0 Jun 23 17:08 vendor_flags

so if the attacker has root, that's the last thing he'll use.

3. Also, if you disable it, you need to run it through jira in order to defeature it and you'd have to explain customers why we're disabling the only usable error injection functionality on modern systems.

So no, you don't want to disable it.
Comment 24 Takashi Iwai 2022-06-23 15:27:56 UTC
Why not take another option, just forward-port the downstream patch (to disable EINJ under secure boot)?

You can disable the module for TW if a downstream patch matters, instead; but for SLE, it looks not too bad in the end, as the code change it self is fairly trivial.
Comment 25 Borislav Petkov 2022-06-23 22:48:09 UTC
Why would you do *anything* *at* *all*?!

As shown, you need to be root to do the injection...

Also, I'm not buying the "justification" of that original HP patch one bit.

"This can have undesirable side-effects, such as causing the platform to mark hardware as needing replacement."

So don't do that then.

Don't log in as root and don't do error injection. You don't want to do that on production machines anyway.
Comment 26 Takashi Iwai 2022-06-24 05:38:31 UTC
(In reply to Borislav Petkov from comment #25)
> Why would you do *anything* *at* *all*?!
> 
> As shown, you need to be root to do the injection...

... and root is not trusted from secure boot POV.  That's why we had to lock down many other features that could be operated only by root, too.
Comment 27 Borislav Petkov 2022-06-24 08:36:58 UTC
If you mean this security lockdown thing where you protect even root from shooting its own foot I still think it's silly. But whatever.
Comment 28 Takashi Iwai 2022-06-24 08:40:44 UTC
Yeah, I fully agree with "silly but...", too :)

I'm not against challenging to dispute this CVE, but my gut feeling is that patching would be an easier path.
Comment 31 Joey Lee 2022-08-10 14:30:16 UTC
The following kernel already have patch:

- cve/linux-3.0
        SLE11-SP3-TD            [OK]
        SLE11-SP4-LTSS          [OK]
- cve/linux-4.12                [OK]

And, I have backported patch to the following kernels and waiting the patch be merged:

- cve/linux-5.3                 
- SLE15-SP4
- stable
Comment 34 Jan Kara 2022-08-25 14:54:48 UTC
Joey, anything new here wrt upstream? Otherwise AFAIU other code streams are handled...
Comment 35 Swamp Workflow Management 2022-09-14 10:26:59 UTC
SUSE-SU-2022:3264-1: An update that solves 15 vulnerabilities, contains one feature and has 61 fixes is now available.

Category: security (important)
Bug References: 1023051,1065729,1156395,1179722,1179723,1181862,1191662,1191667,1191881,1192594,1192968,1194272,1194535,1197158,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199291,1200431,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201420,1201610,1201705,1201726,1201948,1202096,1202097,1202346,1202347,1202393,1202396,1202447,1202564,1202577,1202636,1202672,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1203063,1203098,1203107,1203116,1203117,1203135,1203136,1203137
CVE References: CVE-2016-3695,CVE-2020-27784,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190
JIRA References: SLE-24635
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.93.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.93.1, kernel-64kb-5.3.18-150300.59.93.1, kernel-debug-5.3.18-150300.59.93.1, kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1, kernel-docs-5.3.18-150300.59.93.1, kernel-kvmsmall-5.3.18-150300.59.93.1, kernel-obs-build-5.3.18-150300.59.93.1, kernel-obs-qa-5.3.18-150300.59.93.1, kernel-preempt-5.3.18-150300.59.93.1, kernel-source-5.3.18-150300.59.93.1, kernel-syms-5.3.18-150300.59.93.1, kernel-zfcpdump-5.3.18-150300.59.93.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.93.1, kernel-preempt-5.3.18-150300.59.93.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.93.1, kernel-livepatch-SLE15-SP3_Update_24-1-150300.7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.93.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.93.1, kernel-obs-build-5.3.18-150300.59.93.1, kernel-preempt-5.3.18-150300.59.93.1, kernel-source-5.3.18-150300.59.93.1, kernel-syms-5.3.18-150300.59.93.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.93.1, kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1, kernel-preempt-5.3.18-150300.59.93.1, kernel-source-5.3.18-150300.59.93.1, kernel-zfcpdump-5.3.18-150300.59.93.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.93.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Swamp Workflow Management 2022-09-16 13:21:19 UTC
SUSE-SU-2022:3288-1: An update that solves 25 vulnerabilities, contains four features and has 91 fixes is now available.

Category: security (important)
Bug References: 1023051,1032323,1065729,1156395,1189999,1190497,1192968,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198577,1198702,1198971,1199356,1199515,1200301,1200313,1200431,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201361,1201442,1201455,1201489,1201610,1201726,1201768,1201865,1201940,1201948,1201956,1202094,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202872,1202898,1202989,1203036,1203041,1203063,1203098,1203107,1203117,1203138,1203139,1203159
CVE References: CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-1184,CVE-2022-20368,CVE-2022-20369,CVE-2022-2585,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190
JIRA References: SLE-19359,SLE-23766,SLE-24572,SLE-24682
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.13.1, kernel-source-azure-5.14.21-150400.14.13.1, kernel-syms-azure-5.14.21-150400.14.13.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.13.1, kernel-source-azure-5.14.21-150400.14.13.1, kernel-syms-azure-5.14.21-150400.14.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Swamp Workflow Management 2022-09-16 19:26:01 UTC
SUSE-SU-2022:3293-1: An update that solves 23 vulnerabilities, contains 5 features and has 88 fixes is now available.

Category: security (important)
Bug References: 1023051,1032323,1065729,1156395,1190497,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198971,1199086,1199364,1199670,1200313,1200431,1200465,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201768,1201940,1201956,1201958,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202312,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202874,1202898,1203036,1203041,1203063,1203107,1203117,1203138,1203139,1203159
CVE References: CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-32250,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190
JIRA References: SLE-18130,SLE-19359,SLE-20183,SLE-23766,SLE-24572
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.21.1, kernel-64kb-5.14.21-150400.24.21.2, kernel-debug-5.14.21-150400.24.21.2, kernel-default-5.14.21-150400.24.21.2, kernel-default-base-5.14.21-150400.24.21.2.150400.24.7.2, kernel-docs-5.14.21-150400.24.21.3, kernel-kvmsmall-5.14.21-150400.24.21.2, kernel-obs-build-5.14.21-150400.24.21.2, kernel-obs-qa-5.14.21-150400.24.21.1, kernel-source-5.14.21-150400.24.21.2, kernel-syms-5.14.21-150400.24.21.1, kernel-zfcpdump-5.14.21-150400.24.21.2
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.21.2
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.21.2, kernel-livepatch-SLE15-SP4_Update_3-1-150400.9.3.2
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.21.2
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.21.3, kernel-obs-build-5.14.21-150400.24.21.2, kernel-source-5.14.21-150400.24.21.2, kernel-syms-5.14.21-150400.24.21.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.21.2, kernel-default-5.14.21-150400.24.21.2, kernel-default-base-5.14.21-150400.24.21.2.150400.24.7.2, kernel-source-5.14.21-150400.24.21.2, kernel-zfcpdump-5.14.21-150400.24.21.2
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.21.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Swamp Workflow Management 2022-09-28 10:22:37 UTC
SUSE-SU-2022:3450-1: An update that solves 20 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1023051,1180153,1188944,1191881,1192968,1194272,1194535,1196616,1197158,1199482,1199665,1201726,1201948,1202096,1202097,1202154,1202346,1202347,1202393,1202396,1202564,1202672,1202860,1202895,1202898,1203098,1203107,1203159
CVE References: CVE-2016-3695,CVE-2020-27784,CVE-2020-36516,CVE-2021-4155,CVE-2021-4203,CVE-2022-1012,CVE-2022-20166,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-2905,CVE-2022-29581,CVE-2022-2977,CVE-2022-3028,CVE-2022-32250,CVE-2022-36879,CVE-2022-39188
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.129.1, kernel-livepatch-SLE15-SP2_Update_30-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.129.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Takashi Iwai 2022-10-17 12:52:56 UTC
Do we miss a fix in any branch yet?  Otherwise let's reassign back to security team.
Comment 40 Swamp Workflow Management 2022-10-18 13:22:05 UTC
SUSE-SU-2022:3609-1: An update that solves 26 vulnerabilities, contains two features and has 89 fixes is now available.

Category: security (important)
Bug References: 1023051,1065729,1156395,1177471,1179722,1179723,1181862,1185032,1191662,1191667,1191881,1192594,1194023,1194272,1194535,1196444,1196616,1196867,1197158,1197659,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199255,1199291,1200084,1200313,1200431,1200622,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201309,1201310,1201420,1201442,1201489,1201610,1201645,1201705,1201726,1201865,1201948,1201990,1202095,1202096,1202097,1202154,1202341,1202346,1202347,1202385,1202393,1202396,1202447,1202577,1202636,1202672,1202677,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1202960,1202984,1203063,1203098,1203107,1203116,1203117,1203135,1203136,1203137,1203159,1203313,1203389,1203410,1203424,1203552,1203622,1203737,1203769,1203906,1203909,1203933,1203935,1203939,1203987,1203992
CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-27784,CVE-2020-36516,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2503,CVE-2022-2586,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-3239,CVE-2022-3303,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190,CVE-2022-41218,CVE-2022-41222,CVE-2022-41848,CVE-2022-41849
JIRA References: PED-529,SLE-24635
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.80.1, kernel-source-azure-5.3.18-150300.38.80.1, kernel-syms-azure-5.3.18-150300.38.80.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.80.1, kernel-source-azure-5.3.18-150300.38.80.1, kernel-syms-azure-5.3.18-150300.38.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2022-10-31 14:25:31 UTC
SUSE-SU-2022:3809-1: An update that solves 32 vulnerabilities, contains two features and has 84 fixes is now available.

Category: security (important)
Bug References: 1023051,1065729,1152489,1156395,1177471,1179722,1179723,1181862,1185032,1191662,1191667,1191881,1192594,1194023,1194272,1194535,1196444,1197158,1197659,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199291,1200288,1200313,1200431,1200622,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201309,1201310,1201420,1201489,1201610,1201705,1201726,1201865,1201948,1201990,1202095,1202096,1202097,1202341,1202346,1202347,1202385,1202393,1202396,1202447,1202577,1202636,1202638,1202672,1202677,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1202960,1202984,1203063,1203098,1203107,1203117,1203135,1203136,1203137,1203159,1203290,1203389,1203410,1203424,1203514,1203552,1203622,1203737,1203769,1203770,1203802,1203906,1203909,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125
CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-27784,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2503,CVE-2022-2586,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-3169,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190,CVE-2022-40768,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722
JIRA References: PED-529,SLE-24635
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-rt-5.3.18-150300.106.1
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.106.1, kernel-rt_debug-5.3.18-150300.106.1, kernel-source-rt-5.3.18-150300.106.1, kernel-syms-rt-5.3.18-150300.106.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.106.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.106.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Takashi Iwai 2022-12-01 13:27:44 UTC
Joey, this bug (CVE-2016-3695) isn't referred in any cve/* branches.
Was a fix really pushed and merged?
Comment 43 Takashi Iwai 2022-12-01 13:39:26 UTC
(In reply to Takashi Iwai from comment #42)
> Joey, this bug (CVE-2016-3695) isn't referred in any cve/* branches.
> Was a fix really pushed and merged?

I found the fix in cve/linux-5.3, but missing in older releases.
Comment 44 Swamp Workflow Management 2022-12-23 15:01:59 UTC
SUSE-SU-2022:4617-1: An update that solves 96 vulnerabilities, contains 50 features and has 246 fixes is now available.

Category: security (important)
Bug References: 1023051,1032323,1065729,1071995,1152472,1152489,1156395,1164051,1177471,1184350,1185032,1188238,1189297,1189999,1190256,1190497,1190969,1192968,1193629,1194023,1194592,1194869,1194904,1195480,1195917,1196018,1196444,1196616,1196632,1196867,1196869,1197158,1197391,1197659,1197755,1197756,1197757,1197763,1198189,1198410,1198577,1198702,1198971,1199086,1199364,1199515,1199670,1199904,1200015,1200058,1200268,1200288,1200301,1200313,1200431,1200465,1200494,1200544,1200567,1200622,1200644,1200651,1200692,1200788,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201309,1201310,1201361,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201726,1201768,1201865,1201940,1201941,1201948,1201954,1201956,1201958,1202095,1202096,1202097,1202113,1202131,1202154,1202187,1202262,1202265,1202312,1202341,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202623,1202636,1202672,1202681,1202685,1202686,1202700,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202872,1202874,1202898,1202914,1202960,1202989,1202992,1202993,1203002,1203008,1203036,1203039,1203041,1203063,1203066,1203067,1203098,1203101,1203107,1203116,1203117,1203138,1203139,1203159,1203183,1203197,1203208,1203229,1203263,1203290,1203338,1203360,1203361,1203389,1203391,1203410,1203435,1203505,1203511,1203514,1203552,1203606,1203664,1203693,1203699,1203767,1203769,1203770,1203794,1203798,1203802,1203829,1203893,1203902,1203906,1203908,1203922,1203935,1203939,1203960,1203969,1203987,1203992,1203994,1204017,1204051,1204059,1204060,1204092,1204125,1204132,1204142,1204166,1204168,1204170,1204171,1204183,1204228,1204241,1204289,1204290,1204291,1204292,1204353,1204354,1204355,1204402,1204405,1204413,1204414,1204415,1204417,1204424,1204428,1204431,1204432,1204439,1204470,1204479,1204486,1204498,1204533,1204569,1204574,1204575,1204576,1204619,1204624,1204631,1204635,1204636,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204745,1204753,1204780,1204810,1204850,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,1205007,1205100,1205111,1205113,1205128,1205130,1205149,1205153,1205220,1205257,1205264,1205282,1205313,1205331,1205332,1205427,1205428,1205473,1205496,1205507,1205514,1205521,1205567,1205616,1205617,1205653,1205671,1205679,1205683,1205700,1205705,1205709,1205711,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206045,1206046,1206047,1206048,1206049,1206050,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,1206273,1206391
CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-1184,CVE-2022-1263,CVE-2022-1882,CVE-2022-20368,CVE-2022-20369,CVE-2022-2153,CVE-2022-2586,CVE-2022-2588,CVE-2022-2602,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-28748,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2964,CVE-2022-2977,CVE-2022-2978,CVE-2022-3028,CVE-2022-3078,CVE-2022-3114,CVE-2022-3169,CVE-2022-3176,CVE-2022-3202,CVE-2022-32250,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3566,CVE-2022-3567,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3635,CVE-2022-3640,CVE-2022-3643,CVE-2022-3646,CVE-2022-3649,CVE-2022-36879,CVE-2022-36946,CVE-2022-3707,CVE-2022-3903,CVE-2022-39188,CVE-2022-39189,CVE-2022-39190,CVE-2022-40476,CVE-2022-40768,CVE-2022-4095,CVE-2022-41218,CVE-2022-4129,CVE-2022-4139,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42703,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722,CVE-2022-42895,CVE-2022-42896,CVE-2022-43750,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934
JIRA References: PED-1082,PED-1084,PED-1085,PED-1096,PED-1211,PED-1573,PED-1649,PED-1706,PED-1936,PED-2684,PED-387,PED-529,PED-611,PED-634,PED-652,PED-664,PED-676,PED-678,PED-679,PED-682,PED-688,PED-707,PED-720,PED-729,PED-732,PED-755,PED-763,PED-813,PED-817,PED-822,PED-824,PED-825,PED-833,PED-842,PED-846,PED-849,PED-850,PED-851,PED-856,PED-857,SLE-13847,SLE-18130,SLE-19359,SLE-19924,SLE-20183,SLE-23766,SLE-24572,SLE-24682,SLE-24814,SLE-9246
Sources used:
openSUSE Leap Micro 5.3 (src):    kernel-rt-5.14.21-150400.15.5.1
openSUSE Leap 15.4 (src):    kernel-rt-5.14.21-150400.15.5.1, kernel-rt_debug-5.14.21-150400.15.5.1, kernel-source-rt-5.14.21-150400.15.5.1, kernel-syms-rt-5.14.21-150400.15.5.1
SUSE Linux Enterprise Module for Realtime 15-SP4 (src):    kernel-rt-5.14.21-150400.15.5.1, kernel-rt_debug-5.14.21-150400.15.5.1, kernel-source-rt-5.14.21-150400.15.5.1, kernel-syms-rt-5.14.21-150400.15.5.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-livepatch-SLE15-SP4-RT_Update_1-1-150400.1.3.1
SUSE Linux Enterprise Micro 5.3 (src):    kernel-rt-5.14.21-150400.15.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.