Bug 1188601 - (CVE-2021-37159) VUL-0: CVE-2021-37159: kernel-source,kernel-source-rt,kernel-source-azure: hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to
(CVE-2021-37159)
VUL-0: CVE-2021-37159: kernel-source,kernel-source-rt,kernel-source-azure: hs...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/304799/
CVSSv3.1:SUSE:CVE-2021-37159:5.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-07-22 07:03 UTC by Alexander Bergmann
Modified: 2022-01-26 16:47 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2021-07-22 07:03:57 UTC
CVE-2021-37159

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4
calls unregister_netdev without checking for the NETREG_REGISTERED state,
leading to a use-after-free and a double free.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37159
https://www.spinics.net/lists/linux-usb/msg202228.html
Comment 1 Petr Mladek 2021-07-23 12:00:09 UTC
There was a proposal to fix it but it was rejected, see
https://lore.kernel.org/netdev/20201004071433.GA212114@kroah.com/

The upstream commit a6ecfb39ba9d7316057c ("usb: hso: fix error handling
code of hso_create_net_device") might help but I am not sure if
it cover all cases.
Comment 2 Takashi Iwai 2021-07-23 12:54:08 UTC
Oliver seems to be involved in the original thread, so adding him to Cc.
Comment 3 Takashi Iwai 2021-07-23 12:56:36 UTC
(In reply to Petr Mladek from comment #1)
> The upstream commit a6ecfb39ba9d7316057c ("usb: hso: fix error handling
> code of hso_create_net_device") might help but I am not sure if
> it cover all cases.

I guess this covers all, but it's hard to say concretely since we have no PoC or whatever the detailed information about the bug itself.
Comment 5 Oliver Neukum 2021-10-25 13:42:16 UTC
You also need
5fcfb6d0bfcda17f0d0656e4e5b3710af2bbaae5
("(In reply to Takashi Iwai from comment #3)
> (In reply to Petr Mladek from comment #1)
> > The upstream commit a6ecfb39ba9d7316057c ("usb: hso: fix error handling
> > code of hso_create_net_device") might help but I am not sure if
> > it cover all cases.
> 
> I guess this covers all, but it's hard to say concretely since we have no
> PoC or whatever the detailed information about the bug itself.

It is complete, but on some kernels you will also need
dcb713d53e2eadf42b878c12a471e74dc6ed3145
if they have 5fcfb6d0bfcda17f0d0656e4e5b3710af2bbaae5
Comment 6 Borislav Petkov 2021-10-30 11:12:52 UTC
(In reply to Oliver Neukum from comment #5)
> It is complete, but on some kernels you will also need
> dcb713d53e2eadf42b878c12a471e74dc6ed3145
> if they have 5fcfb6d0bfcda17f0d0656e4e5b3710af2bbaae5

Can you please audit the security-relevant branches pls and backport it where needed?

Thx.
Comment 7 Oliver Neukum 2021-11-04 15:48:27 UTC
2.6.16 is not affected
Comment 8 Oliver Neukum 2021-11-04 16:09:20 UTC
v5.14 is not vulnerable

Submitted patches to CVE branches and added number to patches for SLE12-SP5 and SLE15-SP2 already in the kernel trees due to stable fixes.
Comment 16 Swamp Workflow Management 2021-11-16 20:21:32 UTC
SUSE-SU-2021:3675-1: An update that solves 15 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1089118,1094840,1133021,1152472,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176447,1176774,1176914,1176940,1178134,1180100,1180749,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1188601,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191851,1191867,1191934,1191958,1191980,1192040,1192041,1192074,1192107,1192145,1192229,1192267,1192288,1192549
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056,CVE-2021-43389
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    kernel-default-5.3.18-59.34.1, kernel-default-base-5.3.18-59.34.1.18.21.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.34.1, kernel-preempt-5.3.18-59.34.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.34.1, kernel-livepatch-SLE15-SP3_Update_9-1-7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.34.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.34.1, kernel-obs-build-5.3.18-59.34.1, kernel-preempt-5.3.18-59.34.1, kernel-source-5.3.18-59.34.1, kernel-syms-5.3.18-59.34.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.34.1, kernel-default-5.3.18-59.34.1, kernel-default-base-5.3.18-59.34.1.18.21.1, kernel-preempt-5.3.18-59.34.1, kernel-source-5.3.18-59.34.1, kernel-zfcpdump-5.3.18-59.34.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2021-11-16 20:32:07 UTC
openSUSE-SU-2021:3675-1: An update that solves 15 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1065729,1085030,1089118,1094840,1133021,1152472,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176447,1176774,1176914,1176940,1178134,1180100,1180749,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1188601,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191851,1191867,1191934,1191958,1191980,1192040,1192041,1192074,1192107,1192145,1192229,1192267,1192288,1192549
CVE References: CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056,CVE-2021-43389
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-59.34.1, kernel-64kb-5.3.18-59.34.1, kernel-debug-5.3.18-59.34.1, kernel-default-5.3.18-59.34.1, kernel-default-base-5.3.18-59.34.1.18.21.1, kernel-docs-5.3.18-59.34.1, kernel-kvmsmall-5.3.18-59.34.1, kernel-obs-build-5.3.18-59.34.1, kernel-obs-qa-5.3.18-59.34.1, kernel-preempt-5.3.18-59.34.1, kernel-source-5.3.18-59.34.1, kernel-syms-5.3.18-59.34.1, kernel-zfcpdump-5.3.18-59.34.1
Comment 18 Swamp Workflow Management 2021-11-17 14:23:32 UTC
SUSE-SU-2021:3723-1: An update that solves 14 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1050549,1065729,1085030,1094840,1114648,1180624,1184673,1186063,1186109,1188563,1188601,1188983,1188985,1190006,1190067,1190317,1190349,1190351,1190479,1190620,1190795,1190941,1191241,1191315,1191317,1191349,1191450,1191452,1191455,1191500,1191579,1191628,1191662,1191667,1191713,1191801,1192145,1192379
CVE References: CVE-2018-13405,CVE-2021-33033,CVE-2021-34556,CVE-2021-3542,CVE-2021-35477,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.65.1, kernel-rt_debug-4.12.14-10.65.1, kernel-source-rt-4.12.14-10.65.1, kernel-syms-rt-4.12.14-10.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2021-11-19 20:35:02 UTC
SUSE-SU-2021:3748-1: An update that solves 13 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 1050549,1065729,1085030,1114648,1180624,1184673,1186063,1186109,1188563,1188601,1188983,1188985,1190006,1190067,1190317,1190349,1190397,1190479,1190620,1190795,1190941,1191241,1191315,1191317,1191349,1191450,1191452,1191455,1191500,1191579,1191628,1191662,1191667,1191713,1191801,1191888,1192145,1192267
CVE References: CVE-2018-13405,CVE-2021-33033,CVE-2021-34556,CVE-2021-3542,CVE-2021-35477,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.98.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.98.1, kernel-obs-build-4.12.14-122.98.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.98.1, kernel-source-4.12.14-122.98.1, kernel-syms-4.12.14-122.98.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.98.1, kgraft-patch-SLE12-SP5_Update_25-1-8.7.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 OBSbugzilla Bot 2021-11-22 23:40:39 UTC
This is an autogenerated message for OBS integration:
This bug (1188601) was mentioned in
https://build.opensuse.org/request/show/933172 15.2 / kernel-source
Comment 28 Swamp Workflow Management 2021-11-24 20:27:21 UTC
openSUSE-SU-2021:1501-1: An update that solves 6 vulnerabilities, contains one feature and has 22 fixes is now available.

Category: security (important)
Bug References: 1094840,1133021,1152489,1169263,1170269,1188601,1190523,1190795,1191790,1191851,1191958,1191961,1191980,1192045,1192229,1192267,1192273,1192328,1192718,1192740,1192745,1192750,1192753,1192781,1192802,1192896,1192906,1192918
CVE References: CVE-2021-0941,CVE-2021-20322,CVE-2021-31916,CVE-2021-34981,CVE-2021-37159,CVE-2021-43389
JIRA References: SLE-22573
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.106.1, kernel-default-5.3.18-lp152.106.1, kernel-default-base-5.3.18-lp152.106.1.lp152.8.52.1, kernel-docs-5.3.18-lp152.106.1, kernel-kvmsmall-5.3.18-lp152.106.1, kernel-obs-build-5.3.18-lp152.106.1, kernel-obs-qa-5.3.18-lp152.106.1, kernel-preempt-5.3.18-lp152.106.1, kernel-source-5.3.18-lp152.106.1, kernel-syms-5.3.18-lp152.106.1
Comment 31 Swamp Workflow Management 2021-11-25 17:19:09 UTC
SUSE-SU-2021:3806-1: An update that solves 6 vulnerabilities, contains one feature and has 35 fixes is now available.

Category: security (important)
Bug References: 1094840,1133021,1152489,1154353,1157177,1167773,1169263,1170269,1176940,1180749,1184924,1188601,1190523,1190795,1191628,1191790,1191851,1191958,1191961,1191980,1192045,1192217,1192229,1192267,1192273,1192288,1192328,1192375,1192473,1192549,1192718,1192740,1192745,1192750,1192753,1192758,1192781,1192802,1192896,1192906,1192918
CVE References: CVE-2021-0941,CVE-2021-20322,CVE-2021-31916,CVE-2021-34981,CVE-2021-37159,CVE-2021-43389
JIRA References: SLE-22573
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.31.1, kernel-source-azure-5.3.18-38.31.1, kernel-syms-azure-5.3.18-38.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Swamp Workflow Management 2021-11-25 17:28:35 UTC
openSUSE-SU-2021:3806-1: An update that solves 6 vulnerabilities, contains one feature and has 35 fixes is now available.

Category: security (important)
Bug References: 1094840,1133021,1152489,1154353,1157177,1167773,1169263,1170269,1176940,1180749,1184924,1188601,1190523,1190795,1191628,1191790,1191851,1191958,1191961,1191980,1192045,1192217,1192229,1192267,1192273,1192288,1192328,1192375,1192473,1192549,1192718,1192740,1192745,1192750,1192753,1192758,1192781,1192802,1192896,1192906,1192918
CVE References: CVE-2021-0941,CVE-2021-20322,CVE-2021-31916,CVE-2021-34981,CVE-2021-37159,CVE-2021-43389
JIRA References: SLE-22573
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.31.1, kernel-source-azure-5.3.18-38.31.1, kernel-syms-azure-5.3.18-38.31.1
Comment 33 Swamp Workflow Management 2021-11-25 17:34:37 UTC
SUSE-SU-2021:3807-1: An update that solves 6 vulnerabilities and has 23 fixes is now available.

Category: security (important)
Bug References: 1094840,1152489,1169263,1170269,1188601,1190523,1190795,1191628,1191790,1191851,1191958,1191961,1191980,1192045,1192229,1192267,1192273,1192328,1192549,1192718,1192740,1192745,1192750,1192753,1192781,1192802,1192896,1192906,1192918
CVE References: CVE-2021-0941,CVE-2021-20322,CVE-2021-31916,CVE-2021-34981,CVE-2021-37159,CVE-2021-43389
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.75.1, kernel-source-azure-5.3.18-18.75.1, kernel-syms-azure-5.3.18-18.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2021-12-01 20:24:39 UTC
SUSE-SU-2021:14849-1: An update that solves 17 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1183089,1184673,1186109,1187050,1187215,1188172,1188563,1188601,1188876,1189057,1189262,1189399,1190117,1190351,1191315,1191660,1191958,1192036,1192267,904899,905100
CVE References: CVE-2014-7841,CVE-2020-36385,CVE-2021-20265,CVE-2021-33033,CVE-2021-3542,CVE-2021-3609,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3679,CVE-2021-37159,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.132.1, kernel-default-3.0.101-108.132.1, kernel-ec2-3.0.101-108.132.1, kernel-pae-3.0.101-108.132.1, kernel-ppc64-3.0.101-108.132.1, kernel-source-3.0.101-108.132.1, kernel-syms-3.0.101-108.132.1, kernel-trace-3.0.101-108.132.1, kernel-xen-3.0.101-108.132.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.132.1, kernel-pae-3.0.101-108.132.1, kernel-ppc64-3.0.101-108.132.1, kernel-trace-3.0.101-108.132.1, kernel-xen-3.0.101-108.132.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.132.1, kernel-default-3.0.101-108.132.1, kernel-ec2-3.0.101-108.132.1, kernel-pae-3.0.101-108.132.1, kernel-ppc64-3.0.101-108.132.1, kernel-trace-3.0.101-108.132.1, kernel-xen-3.0.101-108.132.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Swamp Workflow Management 2021-12-01 20:44:45 UTC
SUSE-SU-2021:3848-1: An update that solves 6 vulnerabilities, contains one feature and has 16 fixes is now available.

Category: security (important)
Bug References: 1094840,1114648,1141655,1188601,1190351,1190397,1190523,1190795,1191713,1191790,1191888,1191961,1192045,1192267,1192273,1192379,1192718,1192750,1192753,1192781,1192802,1192906
CVE References: CVE-2021-0941,CVE-2021-20322,CVE-2021-31916,CVE-2021-34981,CVE-2021-37159,CVE-2021-3772
JIRA References: SLE-22573
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.80.1, kernel-source-azure-4.12.14-16.80.1, kernel-syms-azure-4.12.14-16.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Swamp Workflow Management 2021-12-02 11:23:16 UTC
openSUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-197.102.2, kernel-default-4.12.14-197.102.2, kernel-kvmsmall-4.12.14-197.102.2, kernel-vanilla-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2
Comment 44 Swamp Workflow Management 2021-12-02 11:35:31 UTC
SUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-livepatch-SLE15-SP1_Update_27-1-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.102.2
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Swamp Workflow Management 2021-12-06 14:28:22 UTC
SUSE-SU-2021:3933-1: An update that solves 6 vulnerabilities, contains one feature and has 21 fixes is now available.

Category: security (important)
Bug References: 1094840,1133021,1152489,1169263,1170269,1188601,1190523,1190795,1191790,1191851,1191958,1191961,1191980,1192045,1192229,1192273,1192328,1192718,1192740,1192745,1192750,1192753,1192781,1192802,1192896,1192906,1192918
CVE References: CVE-2021-0941,CVE-2021-20322,CVE-2021-31916,CVE-2021-34981,CVE-2021-37159,CVE-2021-43389
JIRA References: SLE-22573
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.96.1, kernel-default-base-5.3.18-24.96.1.9.44.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.96.1, kernel-preempt-5.3.18-24.96.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.96.1, kernel-livepatch-SLE15-SP2_Update_22-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.96.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.96.1, kernel-obs-build-5.3.18-24.96.1, kernel-preempt-5.3.18-24.96.1, kernel-source-5.3.18-24.96.1, kernel-syms-5.3.18-24.96.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.96.1, kernel-default-base-5.3.18-24.96.1.9.44.1, kernel-preempt-5.3.18-24.96.1, kernel-source-5.3.18-24.96.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.96.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Swamp Workflow Management 2021-12-06 14:36:59 UTC
SUSE-SU-2021:3929-1: An update that solves 36 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1068032,1087082,1098425,1100416,1119934,1129735,1171217,1171420,1173346,1176724,1183089,1184673,1186109,1186390,1188172,1188325,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189706,1190023,1190025,1190067,1190117,1190159,1190276,1190349,1190351,1190601,1191193,1191315,1191790,1191958,1191961,1192781,802154
CVE References: CVE-2017-5753,CVE-2018-13405,CVE-2018-16882,CVE-2020-0429,CVE-2020-12655,CVE-2020-14305,CVE-2020-3702,CVE-2021-20265,CVE-2021-20322,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-3896,CVE-2021-40490,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.161.1, kernel-source-4.4.121-92.161.1, kernel-syms-4.4.121-92.161.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 47 Swamp Workflow Management 2021-12-06 18:15:05 UTC
SUSE-SU-2021:3935-1: An update that solves 38 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1073928,1098425,1100416,1119934,1129735,1171217,1171420,1173346,1176724,1177666,1181158,1181854,1181855,1183089,1184673,1185726,1185727,1185758,1185973,1186109,1186390,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189278,1189291,1189399,1189420,1189706,1190022,1190023,1190025,1190067,1190117,1190159,1190194,1190349,1190351,1190601,1190717,1191193,1191315,1191790,1191801,1191958,1191961,1192267,1192400,1192775,1192781
CVE References: CVE-2017-17862,CVE-2017-17864,CVE-2018-13405,CVE-2018-16882,CVE-2020-0429,CVE-2020-12655,CVE-2020-14305,CVE-2020-3702,CVE-2020-4788,CVE-2021-20265,CVE-2021-20322,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-3896,CVE-2021-40490,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.150.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 48 Swamp Workflow Management 2021-12-07 20:23:34 UTC
SUSE-SU-2021:3969-1: An update that solves 37 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 1085235,1085308,1087078,1087082,1100394,1102640,1105412,1108488,1129898,1133374,1171420,1173489,1174161,1181854,1184804,1185377,1185726,1185758,1186109,1186482,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190117,1190159,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191790,1191800,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-3639,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20320,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1, kernel-zfcpdump-4.12.14-150.78.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.78.1, kernel-livepatch-SLE15_Update_26-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.78.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 49 Swamp Workflow Management 2021-12-08 14:21:38 UTC
SUSE-SU-2021:3972-1: An update that solves 40 vulnerabilities and has 47 fixes is now available.

Category: security (important)
Bug References: 1087082,1100416,1108488,1129735,1129898,1133374,1153720,1171420,1176724,1176931,1180624,1181854,1181855,1183050,1183861,1184673,1184804,1185377,1185677,1185726,1185727,1185758,1185973,1186063,1186482,1186483,1186672,1188026,1188172,1188563,1188601,1188613,1188838,1188842,1188876,1188983,1188985,1189057,1189262,1189278,1189291,1189399,1189400,1189418,1189420,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190118,1190159,1190276,1190349,1190350,1190351,1190432,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191318,1191529,1191530,1191628,1191660,1191790,1191801,1191813,1191961,1192036,1192045,1192048,1192267,1192379,1192400,1192444,1192549,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.83.2, kgraft-patch-SLE12-SP4_Update_23-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.83.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 50 Swamp Workflow Management 2021-12-09 14:17:35 UTC
SUSE-SU-2021:3978-1: An update that solves 7 vulnerabilities, contains one feature and has 27 fixes is now available.

Category: security (important)
Bug References: 1094840,1133021,1152489,1153275,1169263,1169514,1170269,1176940,1179599,1188601,1190523,1190795,1191790,1191851,1191958,1191961,1191980,1192045,1192229,1192273,1192328,1192718,1192740,1192745,1192750,1192753,1192781,1192802,1192896,1192906,1192918,1192987,1192998,1193002
CVE References: CVE-2020-27820,CVE-2021-0941,CVE-2021-20322,CVE-2021-31916,CVE-2021-34981,CVE-2021-37159,CVE-2021-43389
JIRA References: SLE-22573
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-5.3.18-62.2
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-62.2, kernel-rt_debug-5.3.18-62.3, kernel-source-rt-5.3.18-62.3, kernel-syms-rt-5.3.18-62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.