Bug 1176069 - (CVE-2020-14386) VUL-0: CVE-2020-14386: kernel-source: local privilege escalation via memory corruption in net/packet/af_packet.c
(CVE-2020-14386)
VUL-0: CVE-2020-14386: kernel-source: local privilege escalation via memory c...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/266581
CVSSv3.1:SUSE:CVE-2020-14386:8.4:(AV:...
:
Depends on:
Blocks: 1176072
  Show dependency treegraph
 
Reported: 2020-09-02 12:25 UTC by Wolfgang Frisch
Modified: 2022-07-21 18:59 UTC (History)
9 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 5 Wolfgang Frisch 2020-09-02 14:53:38 UTC
The bug was introduced with
commit 8913336a7e8d56e984109a3137d6c0e3362596a4
Author: Patrick McHardy <kaber@trash.net>
Date:   Fri Jul 18 18:05:19 2008 -0700

    packet: add PACKET_RESERVE sockopt

    Add new sockopt to reserve some headroom in the mmaped ring frames in
    front of the packet payload. This can be used f.i. when the VLAN header
    needs to be (re)constructed to avoid moving the entire payload.

All supported kernels are likely affected.
Comment 6 Michal Kubeček 2020-09-02 15:07:33 UTC
(In reply to Wolfgang Frisch from comment #5)
> All supported kernels are likely affected.

Unprivileged user namespaces are only supported in our kernels based on 3.12
and newer. Without them, the bug can be only exploited by root.
Comment 7 Wolfgang Frisch 2020-09-02 15:57:33 UTC
(In reply to Michal Kubeček from comment #6)
> (In reply to Wolfgang Frisch from comment #5)
> > All supported kernels are likely affected.
> 
> Unprivileged user namespaces are only supported in our kernels based on 3.12
> and newer. Without them, the bug can be only exploited by root.

Thanks for the analysis. I adjusted our tracking accordingly.
Comment 11 Wolfgang Frisch 2020-09-03 17:44:50 UTC
via oss-security:

Hi,
This is an announcement of CVE-2020-14386.

I also reported the issue netdev@...r.kernel.org and I'm waiting for
approval of my proposed patch.

The report is as follows: ( a proposed patch and a reproducer are attached)

I discovered a bug which leads to a memory corruption in
(net/packet/af_packet.c). It can be exploited to gain root privileges
from unprivileged processes.

To create AF_PACKET sockets you need CAP_NET_RAW in your network
namespace, which can be acquired by unprivileged processes on systems
where unprivileged namespaces are enabled (Ubuntu, Fedora, etc).

I discovered the vulnerability while auditing the 5.7 kernel sources.

The bug occurs in tpacket_rcv function, when calculating the netoff
variable (unsigned short), po->tp_reserve (unsigned int) is added to
it which can overflow netoff so it gets a small value.

macoff is calculated using: "macoff = netoff - maclen", we can control
macoff so it will receive a small value (specifically, smaller then
sizeof(struct virtio_net_hdr)).

Later, when running the following code:
...
if (do_vnet &&
   virtio_net_hdr_from_skb(skb, h.raw + macoff -
sizeof(struct virtio_net_hdr),
...

If do_vnet is set, and because macoff < sizeof(struct virtio_net_hdr)
a pointer to a memory area before the h.raw buffer will be sent to
virtio_net_hdr_from_skb. This can lead to an out-of-bounds write of
1-10 bytes, controlled by the user.

The h.raw buffer is allocated in alloc_pg_vec and it's size is
controlled by the user.

The stack trace is as follows at the time of the crash: ( linux v5.7 )

#0  memset_erms () at arch/x86/lib/memset_64.S:66
#1  0xffffffff831934a6 in virtio_net_hdr_from_skb
(little_endian=<optimized out>, has_data_valid=<optimized out>,
    vlan_hlen=<optimized out>, hdr=<optimized out>, skb=<optimized
out>) at ./include/linux/virtio_net.h:134
#2  tpacket_rcv (skb=0xffff8881ef539940, dev=0xffff8881de534000,
pt=<optimized out>, orig_dev=<optimized out>)
        at net/packet/af_packet.c:2287
#3  0xffffffff82c52e47 in dev_queue_xmit_nit (skb=0xffff8881ef5391c0,
dev=<optimized out>) at net/core/dev.c:2276
#4  0xffffffff82c5e3d4 in xmit_one (more=<optimized out>,
txq=<optimized out>, dev=<optimized out>,
            skb=<optimized out>) at net/core/dev.c:3473
#5  dev_hard_start_xmit (first=0xffffc900001c0ff6, dev=0x0
<fixed_percpu_data>, txq=0xa <fixed_percpu_data+10>,
    ret=<optimized out>) at net/core/dev.c:3493
#6  0xffffffff82c5fc7e in __dev_queue_xmit (skb=0xffff8881ef5391c0,
sb_dev=<optimized out>) at net/core/dev.c:4052
#7  0xffffffff831982d3 in packet_snd (len=65536, msg=<optimized out>,
sock=<optimized out>) 0001-net-packet-fix-overflow-in-tpacket_rcv
at net/packet/af_packet.c:2979
#8  packet_sendmsg (sock=<optimized out>, msg=<optimized out>,
len=65536) at net/packet/af_packet.c:3004
#9  0xffffffff82be09ed in sock_sendmsg_nosec (msg=<optimized out>,
sock=<optimized out>) at net/socket.c:652
#10 sock_sendmsg (sock=0xffff8881e8ff56c0, msg=0xffff8881de56fd88) at
net/socket.c:672

Files attached:
A proposed patch - 0001-net-packet-fix-overflow-in-tpacket_rcv.patch
A reproducer for the bug - trigger_bug.c

We are currently working on an exploit for getting root privileges
from unprivileged context using this bug.
Comment 12 Michal Kubeček 2020-09-04 06:17:53 UTC
The upstream submission (the original e-mail by author had the patch in an
attachment):

http://patchwork.ozlabs.org/project/netdev/patch/20200904040528.3635711-1-edumazet@google.com/

As far as I can say, the patch will fix the issue with u16 overflow but it would
take more thorough analysis to make 100% sure if some problem cannot happen with
netoff just below 65536. It would probably make sense to enforce a reasonable
limit on PACKET_RESERVE socket option value.

Note 1: the "local privilege escalation" claim is a bit unclear: while there is
"It can be exploited to gain root privileges from unprivileged processes." in
both announcements, the later one ends with "We are currently working on an exploit
for getting root privileges"

Note 2: to work on default SLE15-SP2 installation without net-tools-deprecated
package, the proof of concept code needs to be modified by replacing
"/sbin/ifup lo up" with "/sbin/ip link set lo up".
Comment 14 OBSbugzilla Bot 2020-09-04 07:03:25 UTC
This is an autogenerated message for OBS integration:
This bug (1176069) was mentioned in
https://build.opensuse.org/request/show/832013 15.2 / kernel-source
Comment 15 Marcus Meissner 2020-09-04 09:45:55 UTC
from oss-sec solar designer:

...

In the proposed patch you have:

Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")

That commit was in July 2008.

While this is technically correct, it can be misleading, so I am posting
the below clarification/excerpt from the discussion on linux-distros:

> On Wed, Sep 2, 2020 at 4:47 PM Eric Dumazet <edumazet@google.com> wrote:
> > At the time of commit 8913336a7e8d  virtio_net was not there yet.

On Wed, Sep 02, 2020 at 05:14:03PM +0300, Or Cohen wrote:
> This is the commit that introduced the feature and the arithmetic
> overflow exists there, which is the root cause of the bug.
> However, you are correct that it is probably not possible to trigger
> the memory corruption because virtio_net is not there.

I just looked into it some further, and it appears the bug was exposed
to the known way to trigger it with 58d19b19cd99 ("packet: vnet_hdr
support for tpacket_rcv") in February 2016, which first got into 4.6-rc1.
Comment 16 Michal Kubeček 2020-09-04 10:34:07 UTC
(In reply to Marcus Meissner from comment #15)
> In the proposed patch you have:
> 
> Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
> 
> That commit was in July 2008.
> 
> While this is technically correct, it can be misleading, so I am posting
> the below clarification/excerpt from the discussion on linux-distros:
> 
> > On Wed, Sep 2, 2020 at 4:47 PM Eric Dumazet <edumazet@google.com> wrote:
> > > At the time of commit 8913336a7e8d  virtio_net was not there yet.
> 
> On Wed, Sep 02, 2020 at 05:14:03PM +0300, Or Cohen wrote:
> > This is the commit that introduced the feature and the arithmetic
> > overflow exists there, which is the root cause of the bug.
> > However, you are correct that it is probably not possible to trigger
> > the memory corruption because virtio_net is not there.
> 
> I just looked into it some further, and it appears the bug was exposed
> to the known way to trigger it with 58d19b19cd99 ("packet: vnet_hdr
> support for tpacket_rcv") in February 2016, which first got into 4.6-rc1.

On the other hand, even before that, one could still use the u16 overflow
via PACKET_RESERVE socket option to make netoff and macoff smaller than the
space used for tpacket metadata. I don't see an immediate way to enforce
a buffer overflow but it would be certainly possible to make macoff = 0
so that tpacket*_hdr would overlap with packet data. We are a bit lucky
that packet contents is copied there before tpacket*_hdr is constructed
but with sufficiently small snaplen (which is easy to do), we might
allocate too short frame so that just filling tpacket header might write
past it.
Comment 17 Marcus Meissner 2020-09-04 10:45:06 UTC
thats why I would like to be on the safe side and fix it with online updates right now.

I think we can skip the 3.0 based 11-sp4 ltss currently (but should put it in the next update for it).
Comment 19 Michal Kubeček 2020-09-04 14:53:17 UTC
SLE15-SP2 update has been submitted.

Created

  users/mkubecek/cve/linux-4.12/for-next
  users/mkubecek/cve/linux-3.12/for-next

The 4.4 based branches were handled by Oscar Salvador based on an off-bugzilla
discussions.

The patch applies cleanly anywhere down to 3.12 but branches based on 4.12
and older need to change the stats update from

                atomic_inc(&po->tp_drops);

to

                po->stats.stats1.tp_drops++;
Comment 20 Michal Kubeček 2020-09-04 16:07:33 UTC
Submitted the fix to

  master
  stable
  SLE15-SP2
  cve/linux-4.12
  cve/linux-4.4
  cve/linux-3.12

but let's keep the bug open until things settle down and the fix reaches at
least the net tree.
Comment 22 OBSbugzilla Bot 2020-09-04 22:00:36 UTC
This is an autogenerated message for OBS integration:
This bug (1176069) was mentioned in
https://build.opensuse.org/request/show/832390 15.1 / kernel-source
Comment 26 Michal Kubeček 2020-09-07 07:32:56 UTC
The fix is in mainline now as commit acf69c946233 ("net/packet: fix overflow
in tpacket_rcv") and is present in 5.9-rc4.
Comment 29 Swamp Workflow Management 2020-09-07 22:14:15 UTC
openSUSE-SU-2020:1379-1: An update that solves one vulnerability and has 6 fixes is now available.

Category: security (important)
Bug References: 1058115,1112178,1136666,1171558,1173060,1175691,1176069
CVE References: CVE-2020-14386
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.67.2, kernel-default-4.12.14-lp151.28.67.2, kernel-docs-4.12.14-lp151.28.67.3, kernel-kvmsmall-4.12.14-lp151.28.67.2, kernel-obs-build-4.12.14-lp151.28.67.2, kernel-obs-qa-4.12.14-lp151.28.67.2, kernel-source-4.12.14-lp151.28.67.1, kernel-syms-4.12.14-lp151.28.67.1, kernel-vanilla-4.12.14-lp151.28.67.2
Comment 30 Swamp Workflow Management 2020-09-08 13:22:13 UTC
openSUSE-SU-2020:1382-1: An update that solves two vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1065729,1071995,1085030,1133021,1154492,1156395,1159058,1160634,1169790,1171634,1171688,1172108,1172418,1172871,1173485,1173798,1174003,1174026,1174387,1174699,1174771,1174777,1174800,1175128,1175199,1175232,1175440,1175493,1175546,1175550,1175654,1175691,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175834,1175873,1176069
CVE References: CVE-2020-14314,CVE-2020-14386
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.41.1, kernel-default-5.3.18-lp152.41.1, kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2, kernel-docs-5.3.18-lp152.41.1, kernel-kvmsmall-5.3.18-lp152.41.1, kernel-obs-build-5.3.18-lp152.41.1, kernel-obs-qa-5.3.18-lp152.41.1, kernel-preempt-5.3.18-lp152.41.1, kernel-source-5.3.18-lp152.41.1, kernel-syms-5.3.18-lp152.41.1
Comment 31 Swamp Workflow Management 2020-09-08 19:28:44 UTC
SUSE-SU-2020:2574-1: An update that solves 7 vulnerabilities and has 131 fixes is now available.

Category: security (important)
Bug References: 1058115,1065600,1065729,1071995,1074701,1083548,1085030,1085235,1085308,1087078,1087082,1094912,1100394,1102640,1105412,1111666,1112178,1113956,1120163,1133021,1136666,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171558,1171688,1172073,1172108,1172247,1172418,1172428,1172871,1172872,1172873,1172963,1173060,1173485,1173798,1173954,1174003,1174026,1174070,1174161,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175691,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873,1176069
CVE References: CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.37.1, kgraft-patch-SLE12-SP5_Update_9-1-8.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Swamp Workflow Management 2020-09-08 19:43:19 UTC
SUSE-SU-2020:2574-1: An update that solves 7 vulnerabilities and has 131 fixes is now available.

Category: security (important)
Bug References: 1058115,1065600,1065729,1071995,1074701,1083548,1085030,1085235,1085308,1087078,1087082,1094912,1100394,1102640,1105412,1111666,1112178,1113956,1120163,1133021,1136666,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171558,1171688,1172073,1172108,1172247,1172418,1172428,1172871,1172872,1172873,1172963,1173060,1173485,1173798,1173954,1174003,1174026,1174070,1174161,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175691,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873,1176069
CVE References: CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.37.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.37.1, kernel-obs-build-4.12.14-122.37.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.37.1, kernel-source-4.12.14-122.37.1, kernel-syms-4.12.14-122.37.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.37.1, kgraft-patch-SLE12-SP5_Update_9-1-8.5.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2020-09-09 10:38:35 UTC
SUSE-SU-2020:2575-1: An update that solves 8 vulnerabilities and has 121 fixes is now available.

Category: security (important)
Bug References: 1058115,1065600,1065729,1071995,1083548,1085030,1111666,1112178,1113956,1120163,1133021,1136666,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171558,1171688,1171988,1172073,1172108,1172247,1172418,1172428,1172871,1172872,1172873,1172963,1173060,1173485,1173798,1173954,1174003,1174026,1174070,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175691,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873,1176069
CVE References: CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.56.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.56.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.56.1, kernel-obs-build-4.12.14-197.56.1, kernel-source-4.12.14-197.56.1, kernel-syms-4.12.14-197.56.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.56.1, kernel-source-4.12.14-197.56.1, kernel-zfcpdump-4.12.14-197.56.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Swamp Workflow Management 2020-09-09 10:40:47 UTC
SUSE-SU-2020:2576-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1152107,1173798,1174205,1174757,1175691,1176069
CVE References: CVE-2019-16746,CVE-2020-14314,CVE-2020-14331,CVE-2020-14386,CVE-2020-16166
JIRA References: 
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.141.1, kernel-source-4.4.121-92.141.1, kernel-syms-4.4.121-92.141.1, kgraft-patch-SLE12-SP2_Update_37-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.141.1, kernel-source-4.4.121-92.141.1, kernel-syms-4.4.121-92.141.1, kgraft-patch-SLE12-SP2_Update_37-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.141.1, kernel-source-4.4.121-92.141.1, kernel-syms-4.4.121-92.141.1, kgraft-patch-SLE12-SP2_Update_37-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.141.1, kernel-source-4.4.121-92.141.1, kernel-syms-4.4.121-92.141.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.141.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Swamp Workflow Management 2020-09-09 10:43:14 UTC
SUSE-SU-2020:2579-1: An update that solves one vulnerability and has 6 fixes is now available.

Category: security (important)
Bug References: 1058115,1112178,1136666,1171558,1173060,1175691,1176069
CVE References: CVE-2020-14386
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.44.1, kernel-source-azure-4.12.14-8.44.1, kernel-syms-azure-4.12.14-8.44.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Swamp Workflow Management 2020-09-09 10:44:15 UTC
SUSE-SU-2020:2577-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1176069
CVE References: CVE-2020-14386
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.15.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.15.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.15.2, kernel-obs-build-5.3.18-24.15.1, kernel-preempt-5.3.18-24.15.1, kernel-source-5.3.18-24.15.1, kernel-syms-5.3.18-24.15.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.15.1, kernel-preempt-5.3.18-24.15.1, kernel-source-5.3.18-24.15.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Swamp Workflow Management 2020-09-09 10:51:56 UTC
SUSE-SU-2020:2580-1: An update that solves one vulnerability and has 30 fixes is now available.

Category: security (important)
Bug References: 1065600,1136666,1152148,1155798,1156395,1170232,1171000,1171073,1171558,1172419,1172873,1173060,1173267,1174029,1174110,1174111,1174484,1174486,1175263,1175667,1175787,1175952,1175996,1175997,1175998,1175999,1176000,1176001,1176022,1176063,1176069
CVE References: CVE-2020-14386
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.18.1, kernel-source-azure-5.3.18-18.18.1, kernel-syms-azure-5.3.18-18.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Swamp Workflow Management 2020-09-09 11:21:57 UTC
SUSE-SU-2020:2575-1: An update that solves 8 vulnerabilities and has 121 fixes is now available.

Category: security (important)
Bug References: 1058115,1065600,1065729,1071995,1083548,1085030,1111666,1112178,1113956,1120163,1133021,1136666,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171558,1171688,1171988,1172073,1172108,1172247,1172418,1172428,1172871,1172872,1172873,1172963,1173060,1173485,1173798,1173954,1174003,1174026,1174070,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175691,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873,1176069
CVE References: CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.56.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.56.1, kernel-livepatch-SLE15-SP1_Update_15-1-3.3.2
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.56.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.56.1, kernel-obs-build-4.12.14-197.56.1, kernel-source-4.12.14-197.56.1, kernel-syms-4.12.14-197.56.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.56.1, kernel-source-4.12.14-197.56.1, kernel-zfcpdump-4.12.14-197.56.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Swamp Workflow Management 2020-09-09 11:24:13 UTC
SUSE-SU-2020:2578-1: An update that solves one vulnerability and has 6 fixes is now available.

Category: security (important)
Bug References: 1058115,1112178,1136666,1171558,1173060,1175691,1176069
CVE References: CVE-2020-14386
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.28.1, kernel-source-azure-4.12.14-16.28.1, kernel-syms-azure-4.12.14-16.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2020-09-09 11:26:10 UTC
SUSE-SU-2020:2577-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1176069
CVE References: CVE-2020-14386
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.15.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.15.1, kernel-livepatch-SLE15-SP2_Update_3-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.15.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.15.2, kernel-obs-build-5.3.18-24.15.1, kernel-preempt-5.3.18-24.15.1, kernel-source-5.3.18-24.15.1, kernel-syms-5.3.18-24.15.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.15.1, kernel-preempt-5.3.18-24.15.1, kernel-source-5.3.18-24.15.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Swamp Workflow Management 2020-09-09 19:16:24 UTC
SUSE-SU-2020:2582-1: An update that solves 5 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1152107,1173798,1174205,1174757,1174771,1175112,1175127,1175228,1175691,1176069
CVE References: CVE-2019-16746,CVE-2020-14314,CVE-2020-14331,CVE-2020-14386,CVE-2020-16166
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.130.1, kernel-source-4.4.180-94.130.1, kernel-syms-4.4.180-94.130.1, kgraft-patch-SLE12-SP3_Update_35-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.130.1, kernel-source-4.4.180-94.130.1, kernel-syms-4.4.180-94.130.1, kgraft-patch-SLE12-SP3_Update_35-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.130.1, kernel-source-4.4.180-94.130.1, kernel-syms-4.4.180-94.130.1, kgraft-patch-SLE12-SP3_Update_35-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.130.1, kernel-source-4.4.180-94.130.1, kernel-syms-4.4.180-94.130.1, kgraft-patch-SLE12-SP3_Update_35-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.130.1, kernel-source-4.4.180-94.130.1, kernel-syms-4.4.180-94.130.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.130.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.130.1, kernel-source-4.4.180-94.130.1, kernel-syms-4.4.180-94.130.1, kgraft-patch-SLE12-SP3_Update_35-1-4.3.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.130.1, kernel-source-4.4.180-94.130.1, kernel-syms-4.4.180-94.130.1, kgraft-patch-SLE12-SP3_Update_35-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Swamp Workflow Management 2020-09-11 13:16:43 UTC
SUSE-SU-2020:2610-1: An update that solves 8 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1058115,1071995,1154366,1165629,1165631,1171988,1172428,1173798,1174205,1174757,1175112,1175122,1175128,1175204,1175213,1175515,1175518,1175691,1175992,1176069
CVE References: CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1, kernel-zfcpdump-4.12.14-150.58.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.58.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Swamp Workflow Management 2020-09-11 13:23:36 UTC
SUSE-SU-2020:2610-1: An update that solves 8 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1058115,1071995,1154366,1165629,1165631,1171988,1172428,1173798,1174205,1174757,1175112,1175122,1175128,1175204,1175213,1175515,1175518,1175691,1175992,1176069
CVE References: CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1, kernel-zfcpdump-4.12.14-150.58.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.58.1, kernel-livepatch-SLE15_Update_20-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.58.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Swamp Workflow Management 2020-09-14 16:17:05 UTC
SUSE-SU-2020:2623-1: An update that solves 8 vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 1058115,1071995,1144333,1154366,1165629,1171988,1172428,1172963,1173798,1173954,1174205,1174689,1174699,1174757,1174784,1174978,1175112,1175127,1175213,1175228,1175515,1175518,1175691,1175749,1176069
CVE References: CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.60.1, kgraft-patch-SLE12-SP4_Update_16-1-6.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Swamp Workflow Management 2020-09-14 16:20:17 UTC
SUSE-SU-2020:2623-1: An update that solves 8 vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 1058115,1071995,1144333,1154366,1165629,1171988,1172428,1172963,1173798,1173954,1174205,1174689,1174699,1174757,1174784,1174978,1175112,1175127,1175213,1175228,1175515,1175518,1175691,1175749,1176069
CVE References: CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.60.1, kernel-source-4.12.14-95.60.1, kernel-syms-4.12.14-95.60.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.60.1, kernel-source-4.12.14-95.60.1, kernel-syms-4.12.14-95.60.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.60.1, kernel-source-4.12.14-95.60.1, kernel-syms-4.12.14-95.60.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.60.1, kernel-source-4.12.14-95.60.1, kernel-syms-4.12.14-95.60.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.60.1, kgraft-patch-SLE12-SP4_Update_16-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.60.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 50 Richard Palethorpe 2020-09-30 15:10:52 UTC
Regression test accepted into LTP and failing on SLE15-SP3 48.1:
https://openqa.suse.de/tests/4755804#step/cve-2020-14386/6
Comment 52 Swamp Workflow Management 2020-10-11 19:17:08 UTC
openSUSE-SU-2020:1655-1: An update that solves 12 vulnerabilities and has 59 fixes is now available.

Category: security (important)
Bug References: 1055186,1065600,1065729,1094244,1112178,1113956,1154366,1167527,1168468,1169972,1171675,1171688,1171742,1173115,1174899,1175228,1175749,1175882,1176011,1176022,1176038,1176069,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176950,1176962,1176966,1176990,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296,962356
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14386,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-26088
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.71.2, kernel-default-4.12.14-lp151.28.71.2, kernel-docs-4.12.14-lp151.28.71.1, kernel-kvmsmall-4.12.14-lp151.28.71.2, kernel-obs-build-4.12.14-lp151.28.71.2, kernel-obs-qa-4.12.14-lp151.28.71.2, kernel-source-4.12.14-lp151.28.71.1, kernel-syms-4.12.14-lp151.28.71.1, kernel-vanilla-4.12.14-lp151.28.71.2
Comment 54 Swamp Workflow Management 2020-10-22 13:21:30 UTC
SUSE-SU-2020:2999-1: An update that solves 15 vulnerabilities and has 84 fixes is now available.

Category: security (important)
Bug References: 1055186,1058115,1065600,1065729,1094244,1112178,1113956,1136666,1152148,1154366,1163524,1165629,1166965,1167527,1168468,1169790,1169972,1170232,1171558,1171675,1171688,1171742,1172073,1172538,1172873,1173060,1173115,1174003,1174354,1174899,1175228,1175515,1175520,1175528,1175667,1175691,1175716,1175749,1175873,1175882,1176011,1176022,1176038,1176069,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176395,1176410,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176946,1176950,1176962,1176966,1176990,1177027,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296,1177340,1177511,802154
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14386,CVE-2020-14390,CVE-2020-1749,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.19.1, kernel-rt_debug-4.12.14-10.19.1, kernel-source-rt-4.12.14-10.19.1, kernel-syms-rt-4.12.14-10.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 55 Swamp Workflow Management 2020-10-23 13:19:30 UTC
SUSE-SU-2020:3014-1: An update that solves 14 vulnerabilities and has 78 fixes is now available.

Category: security (important)
Bug References: 1055186,1058115,1065600,1065729,1094244,1112178,1113956,1136666,1140683,1152148,1154366,1163524,1165629,1166965,1167527,1169972,1170232,1171558,1171688,1171742,1172073,1172538,1172873,1173060,1173115,1174748,1174899,1175228,1175520,1175667,1175691,1175749,1175882,1176011,1176022,1176038,1176069,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176395,1176400,1176410,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176946,1176950,1176962,1176966,1176990,1177027,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296,1177340,1177511
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14386,CVE-2020-14390,CVE-2020-1749,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.36.1, kernel-rt_debug-4.12.14-14.36.1, kernel-source-rt-4.12.14-14.36.1, kernel-syms-rt-4.12.14-14.36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 58 Swamp Workflow Management 2020-11-24 17:23:53 UTC
SUSE-SU-2020:3503-1: An update that solves 21 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 1065600,1083244,1121826,1121872,1157298,1160917,1170415,1175228,1175306,1175721,1175749,1176011,1176069,1176235,1176253,1176278,1176381,1176382,1176423,1176482,1176721,1176722,1176725,1176816,1176896,1176990,1177027,1177086,1177121,1177165,1177206,1177226,1177410,1177411,1177511,1177513,1177725,1177766,1177816,1178123,1178622,1178782
CVE References: CVE-2017-18204,CVE-2019-19063,CVE-2019-6133,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-12352,CVE-2020-14351,CVE-2020-14381,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25705,CVE-2020-26088,CVE-2020-8694
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1, kgraft-patch-SLE12-SP3_Update_36-1-4.5.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1, kgraft-patch-SLE12-SP3_Update_36-1-4.5.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1, kgraft-patch-SLE12-SP3_Update_36-1-4.5.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1, kgraft-patch-SLE12-SP3_Update_36-1-4.5.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.135.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1, kgraft-patch-SLE12-SP3_Update_36-1-4.5.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.135.1, kernel-source-4.4.180-94.135.1, kernel-syms-4.4.180-94.135.1, kgraft-patch-SLE12-SP3_Update_36-1-4.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 59 Wolfgang Frisch 2020-12-09 17:08:48 UTC
Released.
Comment 61 Swamp Workflow Management 2021-02-05 21:18:28 UTC
openSUSE-SU-2021:0242-1: An update that solves 79 vulnerabilities and has 676 fixes is now available.

Category: security (moderate)
Bug References: 1034995,1040855,1043347,1044120,1044767,1055014,1055117,1055186,1058115,1061843,1065600,1065729,1066382,1071995,1077428,1085030,1094244,1094840,1109695,1115431,1120163,1129923,1133021,1134760,1136666,1138374,1139944,1148868,1149032,1152148,1152457,1152472,1152489,1153274,1154353,1154488,1154492,1154824,1155518,1155798,1156315,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158775,1158983,1159058,1159781,1159867,1159886,1160388,1160634,1160947,1161099,1161495,1162002,1162063,1162209,1162400,1162702,1163592,1163727,1164648,1164777,1164780,1165211,1165455,1165629,1165692,1165933,1165975,1166146,1166166,1166340,1166965,1166985,1167030,1167104,1167527,1167651,1167657,1167773,1167851,1168230,1168461,1168468,1168779,1168838,1168952,1168959,1169021,1169094,1169194,1169263,1169514,1169681,1169763,1169771,1169790,1169795,1170011,1170139,1170232,1170284,1170415,1170442,1170617,1170621,1170774,1170879,1170891,1170895,1171000,1171068,1171073,1171078,1171117,1171150,1171156,1171189,1171191,1171218,1171219,1171220,1171236,1171242,1171246,1171285,1171293,1171374,1171390,1171391,1171392,1171417,1171426,1171507,1171513,1171514,1171529,1171530,1171558,1171634,1171644,1171662,1171675,1171688,1171699,1171709,1171730,1171732,1171736,1171739,1171742,1171743,1171759,1171773,1171774,1171775,1171776,1171777,1171778,1171779,1171780,1171781,1171782,1171783,1171784,1171785,1171786,1171787,1171788,1171789,1171790,1171791,1171792,1171793,1171794,1171795,1171796,1171797,1171798,1171799,1171810,1171827,1171828,1171832,1171833,1171834,1171835,1171839,1171840,1171841,1171842,1171843,1171844,1171849,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172108,1172145,1172169,1172170,1172197,1172201,1172208,1172223,1172247,1172317,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172418,1172419,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172733,1172739,1172751,1172757,1172759,1172775,1172781,1172782,1172783,1172814,1172823,1172841,1172871,1172873,1172938,1172939,1172940,1172956,1172963,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173017,1173068,1173074,1173085,1173115,1173139,1173206,1173267,1173271,1173280,1173284,1173428,1173438,1173461,1173468,1173485,1173514,1173552,1173573,1173625,1173746,1173776,1173798,1173813,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1173954,1174002,1174003,1174018,1174026,1174029,1174072,1174098,1174110,1174111,1174116,1174126,1174127,1174128,1174129,1174146,1174185,1174205,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174358,1174362,1174387,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174484,1174486,1174513,1174527,1174625,1174627,1174645,1174689,1174699,1174737,1174748,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174899,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175079,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175306,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175480,1175493,1175546,1175550,1175599,1175621,1175654,1175667,1175691,1175718,1175721,1175749,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175787,1175807,1175834,1175873,1175882,1175898,1175918,1175952,1175995,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176069,1176109,1176137,1176180,1176200,1176235,1176236,1176237,1176242,1176354,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176396,1176400,1176423,1176449,1176481,1176485,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176543,1176544,1176545,1176546,1176548,1176558,1176559,1176564,1176586,1176587,1176588,1176659,1176698,1176699,1176700,1176713,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176855,1176869,1176877,1176907,1176925,1176942,1176956,1176962,1176979,1176980,1176983,1176990,1177021,1177030,1177066,1177070,1177086,1177090,1177109,1177121,1177193,1177194,1177206,1177258,1177271,1177281,1177283,1177284,1177285,1177286,1177297,1177326,1177353,1177384,1177397,1177410,1177411,1177470,1177500,1177511,1177617,1177666,1177679,1177681,1177683,1177687,1177694,1177697,1177698,1177703,1177719,1177724,1177725,1177726,1177733,1177739,1177749,1177750,1177754,1177755,1177765,1177766,1177799,1177801,1177814,1177817,1177820,1177854,1177855,1177856,1177861,1178002,1178049,1178079,1178123,1178166,1178173,1178175,1178176,1178177,1178182,1178183,1178184,1178185,1178186,1178190,1178191,1178203,1178227,1178246,1178255,1178270,1178286,1178307,1178330,1178393,1178395,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178590,1178612,1178634,1178635,1178653,1178659,1178660,1178661,1178669,1178686,1178740,1178755,1178756,1178762,1178780,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179204,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179434,1179435,1179442,1179519,1179550,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179887,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180349,1180506,1180541,1180559,1180566,173030,744692,789311,954532,995541
CVE References: CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0110,CVE-2020-0305,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-0543,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-11668,CVE-2020-12351,CVE-2020-12352,CVE-2020-12652,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14314,CVE-2020-14331,CVE-2020-14351,CVE-2020-14356,CVE-2020-14385,CVE-2020-14386,CVE-2020-14390,CVE-2020-14416,CVE-2020-15393,CVE-2020-15436,CVE-2020-15437,CVE-2020-15780,CVE-2020-16120,CVE-2020-16166,CVE-2020-1749,CVE-2020-24490,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29370,CVE-2020-29371,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2020-8694
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-rt-5.3.18-lp152.3.5.1, kernel-rt_debug-5.3.18-lp152.3.5.1, kernel-source-rt-5.3.18-lp152.3.5.1, kernel-syms-rt-5.3.18-lp152.3.5.1