Bug 1201429 - (CVE-2020-36557) VUL-0: CVE-2020-36557: kernel use after free due to race condition in ioctl(VT_DISALLOCATE)
(CVE-2020-36557)
VUL-0: CVE-2020-36557: kernel use after free due to race condition in ioctl(V...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/337949/
CVSSv3.1:SUSE:CVE-2020-36557:7.8:(AV:...
:
Depends on:
Blocks: 1201742
  Show dependency treegraph
 
Reported: 2022-07-12 15:55 UTC by Martin Doucha
Modified: 2022-11-04 13:22 UTC (History)
4 users (show)

See Also:
Found By: openQA
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Doucha 2022-07-12 15:55:30 UTC
New LTP test pty06 has found that SLE-12SP3 LTSS kernel is vulnerable to a race condition between open()/close() and ioctl(VT_DISALLOCATE) which can result in use after free and kernel crash. Other SLE releases do not appear to be affected. This issue is different from bug 1199785

Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca4463bf8438b403596edd0ec961ca0d4fbe0220

https://openqa.suse.de/tests/9113106#step/pty06/9
dmesg output: https://openqa.suse.de/tests/9113106/logfile?filename=serial0.txt


Kernel backtrace:
[  329.002817] BUG: unable to handle kernel paging request at 000000100000002c
[  329.015953] IP: [<ffffffff81347399>] kobject_put+0x9/0x50
[  329.017315] PGD 800000006b360067 PUD 0 
[  329.018539] Oops: 0000 [#1] SMP 
[  329.019550] Modules linked in: n_gsm pps_ldisc pps_core slcan ppp_synctty n_hdlc ppp_async ppp_generic crc_ccitt slip slhc serport af_packet iscsi_ibft iscsi_boot_sysfs xfs libcrc32c hid_generic usbhid snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep ppdev snd_pcm joydev pcspkr snd_timer virtio_net snd soundcore i2c_piix4 parport_pc parport processor button nfsd auth_rpcgss nfs_acl lockd grace sunrpc sr_mod cdrom btrfs ata_generic xor raid6_pq bochs_drm virtio_blk virtio_scsi virtio_console virtio_rng drm_kms_helper syscopyarea sysfillrect ata_piix sysimgblt fb_sys_fops ttm xhci_pci xhci_hcd ahci libahci usbcore drm serio_raw floppy usb_common libata virtio_pci virtio_ring virtio sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua scsi_mod autofs4
[  329.037087] Supported: Yes
[  329.038185] CPU: 0 PID: 23025 Comm: kworker/0:0 Not tainted 4.4.180-94.167-default #1
[  329.040088] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014
[  329.042729] Workqueue: events release_one_tty
[  329.044127] task: ffff88007b10d080 ti: ffff8800614c0000 task.ti: ffff8800614c0000
[  329.046029] RIP: 0010:[<ffffffff81347399>]  [<ffffffff81347399>] kobject_put+0x9/0x50
[  329.048018] RSP: 0018:ffff8800614c3e20  EFLAGS: 00010206
[  329.049786] RAX: ffff88006988aa90 RBX: 0000000ffffffff0 RCX: ffff88006988aa90
[  329.051644] RDX: ffff88006988aa90 RSI: ffff88006988aa60 RDI: 0000000ffffffff0
[  329.053521] RBP: ffff880036dbd940 R08: ffff8800614c0000 R09: ffff88007fc19d80
[  329.055402] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88007fc19d80
[  329.057435] R13: ffffe8ffffc01800 R14: 0000000000000000 R15: 0000000000000000
[  329.059329] FS:  0000000000000000(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
[  329.061363] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  329.063026] CR2: 000000100000002c CR3: 000000007097e000 CR4: 0000000000000670
[  329.064927] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  329.066823] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  329.068748] Stack:
[  329.069830]  ffff88006988a800 ffffffff81434f07 ffff88006988aa60 ffffffff810a1284
[  329.071881]  000000007b10d080 ffff88007fc19d80 ffff88007fc19d98 ffff880036dbd970
[  329.074179]  ffff88007b10d080 ffff88007b10d080 ffff880036dbd940 ffffffff810a1ea6
[  329.076257] Call Trace:
[  329.077479]  [<ffffffff81434f07>] free_tty_struct+0x17/0x40
[  329.079185]  [<ffffffff810a1284>] process_one_work+0x154/0x420
[  329.080949]  [<ffffffff810a1ea6>] worker_thread+0x116/0x4a0
[  329.082662]  [<ffffffff810a7659>] kthread+0xc9/0xe0
[  329.084263]  [<ffffffff8164e5c5>] ret_from_fork+0x55/0x80
[  329.087639] DWARF2 unwinder stuck at ret_from_fork+0x55/0x80
[  329.089429] 
[  329.090493] Leftover inexact backtrace:
[  329.090493] 
[  329.092976]  [<ffffffff810a7590>] ? kthread_park+0x60/0x60
[  329.094697] Code: 02 00 e9 0b ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 48 83 ef 38 e9 57 fe ff ff 0f 1f 80 00 00 00 00 48 85 ff 53 48 89 fb 74 0d <f6> 47 3c 01 74 16 3e 83 6b 38 01 74 06 5b e9 94 d7 30 00 48 89 
[  329.101080] RIP  [<ffffffff81347399>] kobject_put+0x9/0x50
[  329.102892]  RSP <ffff8800614c3e20>
[  329.104347] CR2: 000000100000002c
[  329.105777] ---[ end trace 10c6145a9116e7f5 ]---
[  329.107501] BUG: unable to handle kernel paging request at ffffffffffffffd8
[  329.109583] IP: [<ffffffff810a7eec>] kthread_data+0xc/0x20
[  329.111417] PGD 1e11067 PUD 1e13067 PMD 0 
[  329.113036] Oops: 0000 [#2] SMP 
[  329.114476] Modules linked in: n_gsm pps_ldisc pps_core slcan ppp_synctty n_hdlc ppp_async ppp_generic crc_ccitt slip slhc serport af_packet iscsi_ibft iscsi_boot_sysfs xfs libcrc32c hid_generic usbhid snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep ppdev snd_pcm joydev pcspkr snd_timer virtio_net snd soundcore i2c_piix4 parport_pc parport processor button nfsd auth_rpcgss nfs_acl lockd grace sunrpc sr_mod cdrom btrfs ata_generic xor raid6_pq bochs_drm virtio_blk virtio_scsi virtio_console virtio_rng drm_kms_helper syscopyarea sysfillrect ata_piix sysimgblt fb_sys_fops ttm xhci_pci xhci_hcd ahci libahci usbcore drm serio_raw floppy usb_common libata virtio_pci virtio_ring virtio sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua scsi_mod autofs4
[  329.134388] Supported: Yes
[  329.135709] CPU: 0 PID: 23025 Comm: kworker/0:0 Tainted: G      D            4.4.180-94.167-default #1
[  329.138092] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014
[  329.140861] task: ffff88007b10d080 ti: ffff8800614c0000 task.ti: ffff8800614c0000
[  329.143008] RIP: 0010:[<ffffffff810a7eec>]  [<ffffffff810a7eec>] kthread_data+0xc/0x20
[  329.145245] RSP: 0018:ffff8800614c3b98  EFLAGS: 00010002
[  329.146982] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  329.149124] RDX: ffff88007d002320 RSI: 0000000000000000 RDI: ffff88007b10d080
[  329.151383] RBP: ffff8800614c3be8 R08: 0000000000800000 R09: 0000000000000008
[  329.153421] R10: 0000004ca0554bbf R11: ffffffff82408374 R12: ffff88007b10d080
[  329.155474] R13: 0000000000000000 R14: 000000000001a500 R15: 0000000000000000
[  329.157634] FS:  0000000000000000(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
[  329.159844] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  329.161716] CR2: 0000000000000028 CR3: 000000007097e000 CR4: 0000000000000670
[  329.163776] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  329.165851] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  329.167897] Stack:
[  329.169110]  ffffffff810a26ed ffff88007fc1a500 ffffffff81649bb5 ffffffff81089be1
[  329.171304]  ffff88007b10d080 ffff88007b10d080 ffff8800614c3c28 ffff88007b10d080
[  329.173535]  0000000000000046 ffff88007c960040 ffff8800614c3c00 ffffffff810b58e7
[  329.176099] Call Trace:
[  329.178082]  [<ffffffff810a26ed>] wq_worker_sleeping+0xd/0x90
[  329.180204]  [<ffffffff81649bb5>] thread_return+0x348/0x5d3
[  329.182639]  [<ffffffff810b58e7>] do_task_dead+0x37/0x40
[  329.184664]  [<ffffffff8108b332>] do_exit+0x682/0xb90
[  329.186384]  [<ffffffff8101b69c>] oops_end+0x9c/0xd0
[  329.188080]  [<ffffffff8106c75b>] no_context+0x10b/0x370
[  329.189854]  [<ffffffff8106d35c>] __do_page_fault+0x8c/0x4e0
[  329.191675]  [<ffffffff8106d86c>] trace_do_page_fault+0x3c/0x130
[  329.193598]  [<ffffffff81651932>] async_page_fault+0x32/0x60
[  329.196984] DWARF2 unwinder stuck at async_page_fault+0x32/0x60
[  329.198832] 
[  329.199957] Leftover inexact backtrace:
[  329.199957] 
[  329.202478]  [<ffffffff81347399>] ? kobject_put+0x9/0x50
[  329.204181]  [<ffffffff81434f07>] ? free_tty_struct+0x17/0x40
[  329.205962]  [<ffffffff810a1284>] ? process_one_work+0x154/0x420
[  329.207767]  [<ffffffff810a1ea6>] ? worker_thread+0x116/0x4a0
[  329.209632]  [<ffffffff810a1d90>] ? rescuer_thread+0x320/0x320
[  329.211567]  [<ffffffff810a1d90>] ? rescuer_thread+0x320/0x320
[  329.213387]  [<ffffffff810a7659>] ? kthread+0xc9/0xe0
[  329.215005]  [<ffffffff81649890>] ? thread_return+0x23/0x5d3
[  329.216751]  [<ffffffff810a7590>] ? kthread_park+0x60/0x60
[  329.218398]  [<ffffffff8164e5c5>] ? ret_from_fork+0x55/0x80
[  329.220003]  [<ffffffff810a7590>] ? kthread_park+0x60/0x60
[  329.221601] Code: 20 ba 01 00 00 00 75 bc 48 8b 43 08 eb 93 48 89 df e8 99 f7 ff ff eb aa 0f 1f 80 00 00 00 00 0f 1f 44 00 00 48 8b 87 78 09 00 00 <48> 8b 40 d8 e9 4b cc 5a 00 66 66 2e 0f 1f 84 00 00 00 00 00 0f 
[  329.227565] RIP  [<ffffffff810a7eec>] kthread_data+0xc/0x20
[  329.229210]  RSP <ffff8800614c3b98>
[  329.230448] CR2: ffffffffffffffd8
[  329.231660] ---[ end trace 10c6145a9116e7f6 ]---
[  329.233069] Fixing recursive fault but reboot is needed!
Comment 1 Takashi Iwai 2022-07-19 13:03:59 UTC
For backporting the fix to LTSS kernels, it's likely better to handle this as a security issue (possibly with a CVE).

Tossed this to security team for handling it.

Meanwhile adding Jiri to Cc, as he was involved with the upstream fix.
Comment 2 Marcus Meissner 2022-07-20 15:44:49 UTC
reuqested cve
Comment 3 Takashi Iwai 2022-07-21 07:36:35 UTC
Jiri, could you handle this as well?  Thanks!
Comment 4 Marcus Meissner 2022-07-21 07:40:15 UTC
SUSE:SLE-15:Update still affected apparently.

SLES 15 SP1, SP2, SP3, SLES 12 SP4 and SP5 already fixed (Can you add CVE reference)?
SLES 15 SP4 not affected.

SLES 12 SP3 and older still affected.
Comment 5 Jiri Slaby 2022-07-21 10:20:47 UTC
Pushed to:
cve/linux-3.0
cve/linux-4.12
cve/linux-4.4
cve/linux-5.3 (only added a CVE reference)
Comment 20 Swamp Workflow Management 2022-08-09 16:17:49 UTC
SUSE-SU-2022:2721-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1173514,1196973,1198829,1200598,1200762,1200910,1201251,1201429,1201635,1201636,1201742,1201752,1201930,1201940
CVE References: CVE-2020-15393,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2021-39713,CVE-2022-1462,CVE-2022-20166,CVE-2022-2318,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.181.1, kernel-source-4.4.121-92.181.1, kernel-syms-4.4.121-92.181.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2022-08-09 16:20:07 UTC
SUSE-SU-2022:2720-1: An update that solves 7 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1103269,1114648,1190812,1195775,1195926,1198484,1198829,1200442,1200598,1200644,1200651,1200910,1201196,1201381,1201429,1201635,1201636,1201644,1201651,1201742,1201752,1201930,1201940,1201954,1201958
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.106.1, kernel-source-azure-4.12.14-16.106.1, kernel-syms-azure-4.12.14-16.106.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2022-08-09 16:22:19 UTC
SUSE-SU-2022:2723-1: An update that solves 8 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1195775,1195926,1198484,1198829,1200442,1200598,1200910,1201050,1201429,1201635,1201636,1201926,1201930,1201940
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-26341,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.98.1, kernel-docs-4.12.14-150000.150.98.2, kernel-obs-build-4.12.14-150000.150.98.1, kernel-source-4.12.14-150000.150.98.1, kernel-syms-4.12.14-150000.150.98.1, kernel-vanilla-4.12.14-150000.150.98.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.98.1, kernel-docs-4.12.14-150000.150.98.2, kernel-obs-build-4.12.14-150000.150.98.1, kernel-source-4.12.14-150000.150.98.1, kernel-syms-4.12.14-150000.150.98.1, kernel-vanilla-4.12.14-150000.150.98.1, kernel-zfcpdump-4.12.14-150000.150.98.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.98.1, kernel-livepatch-SLE15_Update_32-1-150000.1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.98.1, kernel-docs-4.12.14-150000.150.98.2, kernel-obs-build-4.12.14-150000.150.98.1, kernel-source-4.12.14-150000.150.98.1, kernel-syms-4.12.14-150000.150.98.1, kernel-vanilla-4.12.14-150000.150.98.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.98.1, kernel-docs-4.12.14-150000.150.98.2, kernel-obs-build-4.12.14-150000.150.98.1, kernel-source-4.12.14-150000.150.98.1, kernel-syms-4.12.14-150000.150.98.1, kernel-vanilla-4.12.14-150000.150.98.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2022-08-09 16:26:09 UTC
SUSE-SU-2022:2719-1: An update that solves 7 vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1103269,1114648,1190812,1195775,1195926,1198484,1198829,1200442,1200598,1200644,1200651,1200910,1201196,1201381,1201429,1201635,1201636,1201644,1201651,1201930,1201940,1201954,1201958
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.130.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.130.2, kernel-obs-build-4.12.14-122.130.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.130.1, kernel-source-4.12.14-122.130.1, kernel-syms-4.12.14-122.130.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.130.1, kgraft-patch-SLE12-SP5_Update_34-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.130.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2022-08-10 13:18:28 UTC
SUSE-SU-2022:2741-1: An update that solves 16 vulnerabilities, contains one feature and has 15 fixes is now available.

Category: security (important)
Bug References: 1178134,1198829,1199364,1199647,1199665,1199670,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201458,1201635,1201636,1201644,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.75.1, kernel-source-azure-5.3.18-150300.38.75.1, kernel-syms-azure-5.3.18-150300.38.75.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.75.1, kernel-source-azure-5.3.18-150300.38.75.1, kernel-syms-azure-5.3.18-150300.38.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2022-08-15 22:19:36 UTC
SUSE-SU-2022:2809-1: An update that solves 22 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1114648,1194013,1195478,1195775,1196472,1196901,1197362,1198829,1199487,1199489,1199647,1199648,1199657,1200263,1200442,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1200762,1200905,1200910,1201050,1201080,1201251,1201429,1201458,1201635,1201636,1201644,1201664,1201672,1201673,1201676,1201742,1201752,1201930,1201940
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-26341,CVE-2021-33655,CVE-2021-33656,CVE-2021-4157,CVE-2022-1116,CVE-2022-1462,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33981,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-livepatch-SLE15-SP2_Update_29-1-150200.5.5.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.126.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2022-08-16 19:16:35 UTC
SUSE-SU-2022:2827-1: An update that solves 7 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1195775,1195926,1198484,1198829,1200442,1200598,1200910,1201429,1201635,1201636,1201644,1201926,1201930,1201940
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-36946
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.120.1, kernel-default-4.12.14-150100.197.120.1, kernel-kvmsmall-4.12.14-150100.197.120.1, kernel-vanilla-4.12.14-150100.197.120.1, kernel-zfcpdump-4.12.14-150100.197.120.1
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.120.1, kernel-default-4.12.14-150100.197.120.1, kernel-kvmsmall-4.12.14-150100.197.120.1, kernel-vanilla-4.12.14-150100.197.120.1, kernel-zfcpdump-4.12.14-150100.197.120.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1, kernel-zfcpdump-4.12.14-150100.197.120.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.120.1, kernel-livepatch-SLE15-SP1_Update_33-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.120.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2022-08-18 13:17:04 UTC
SUSE-SU-2022:2840-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1173514,1196973,1198829,1200598,1200762,1200910,1201251,1201429,1201635,1201636,1201930,1201940
CVE References: CVE-2020-15393,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2021-39713,CVE-2022-1462,CVE-2022-20166,CVE-2022-2318,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.171.1, kernel-source-4.4.180-94.171.1, kernel-syms-4.4.180-94.171.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Swamp Workflow Management 2022-08-23 16:21:38 UTC
SUSE-SU-2022:2875-1: An update that solves 18 vulnerabilities, contains one feature and has 18 fixes is now available.

Category: security (important)
Bug References: 1178134,1196616,1198829,1199364,1199647,1199665,1199670,1200015,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958,1202154
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.90.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.90.1, kernel-64kb-5.3.18-150300.59.90.1, kernel-debug-5.3.18-150300.59.90.1, kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1, kernel-docs-5.3.18-150300.59.90.1, kernel-kvmsmall-5.3.18-150300.59.90.1, kernel-obs-build-5.3.18-150300.59.90.1, kernel-obs-qa-5.3.18-150300.59.90.1, kernel-preempt-5.3.18-150300.59.90.1, kernel-source-5.3.18-150300.59.90.1, kernel-syms-5.3.18-150300.59.90.1, kernel-zfcpdump-5.3.18-150300.59.90.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-preempt-5.3.18-150300.59.90.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-livepatch-SLE15-SP3_Update_23-1-150300.7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.90.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.90.1, kernel-obs-build-5.3.18-150300.59.90.1, kernel-preempt-5.3.18-150300.59.90.1, kernel-source-5.3.18-150300.59.90.1, kernel-syms-5.3.18-150300.59.90.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.90.1, kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1, kernel-preempt-5.3.18-150300.59.90.1, kernel-source-5.3.18-150300.59.90.1, kernel-zfcpdump-5.3.18-150300.59.90.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.90.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Swamp Workflow Management 2022-08-25 13:22:00 UTC
SUSE-SU-2022:2892-1: An update that solves 17 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1178134,1196616,1196867,1198829,1199364,1199647,1199648,1199665,1199670,1199695,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201742,1201752,1201846,1201930,1201940,1201941,1201954,1201956,1201958,1202087,1202154,1202312
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.99.1, kernel-rt_debug-5.3.18-150300.99.1, kernel-source-rt-5.3.18-150300.99.1, kernel-syms-rt-5.3.18-150300.99.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.99.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.99.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Swamp Workflow Management 2022-08-26 13:18:10 UTC
SUSE-SU-2022:2910-1: An update that solves 10 vulnerabilities and has 26 fixes is now available.

Category: security (important)
Bug References: 1065729,1103269,1114648,1190812,1195775,1195926,1196616,1196867,1198484,1198829,1199665,1199695,1200442,1200598,1200644,1200651,1200910,1201019,1201196,1201381,1201429,1201635,1201636,1201644,1201651,1201705,1201742,1201752,1201930,1201940,1201941,1201954,1201958,1202087,1202154,1202312
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-2639,CVE-2022-29581,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.97.1, kernel-rt_debug-4.12.14-10.97.1, kernel-source-rt-4.12.14-10.97.1, kernel-syms-rt-4.12.14-10.97.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2022-09-01 15:04:48 UTC
SUSE-SU-2022:2892-2: An update that solves 17 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1178134,1196616,1196867,1198829,1199364,1199647,1199648,1199665,1199670,1199695,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201742,1201752,1201846,1201930,1201940,1201941,1201954,1201956,1201958,1202087,1202154,1202312
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-rt-5.3.18-150300.99.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Swamp Workflow Management 2022-09-01 15:23:43 UTC
SUSE-SU-2022:2875-2: An update that solves 18 vulnerabilities, contains one feature and has 18 fixes is now available.

Category: security (important)
Bug References: 1178134,1196616,1198829,1199364,1199647,1199665,1199670,1200015,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958,1202154
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Swamp Workflow Management 2022-09-14 13:20:43 UTC
SUSE-SU-2022:3274-1: An update that solves 15 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1172145,1177440,1188944,1191881,1194535,1196616,1200598,1200770,1200910,1201019,1201420,1201429,1201705,1201726,1201940,1201948,1202096,1202154,1202346,1202347,1202393,1202396,1202672,1202897,1202898,1203098
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-4203,CVE-2022-20166,CVE-2022-20368,CVE-2022-20369,CVE-2022-21385,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-36946
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.108.1, kernel-source-4.12.14-95.108.1, kernel-syms-4.12.14-95.108.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.108.1, kernel-source-4.12.14-95.108.1, kernel-syms-4.12.14-95.108.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.108.1, kernel-source-4.12.14-95.108.1, kernel-syms-4.12.14-95.108.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.108.1, kernel-source-4.12.14-95.108.1, kernel-syms-4.12.14-95.108.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.108.1, kgraft-patch-SLE12-SP4_Update_30-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.108.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Marcus Meissner 2022-11-04 13:22:18 UTC
released