Bugzilla – Bug 1195254
VUL-0: CVE-2022-0435: kernel-source: tipc: Remote Stack Overflow in Linux Kernel
Last modified: 2023-01-18 17:25:39 UTC
linux-distros: Hi all, Thanks Johannes for the reply, it looks like MS was mangling the PGP/MIME message, apologies. Switching to PGP/Inline, second time lucky! This is Samuel Page from the CANVAS team at Appgate – Immunity, please find below the details and suggested fix for a remote stack overflow I discovered in the TIPC networking module. With FORTIFY_SOURCE's stricter memcpy() bounds checking, this can be exploited to cause remote DOS via kernel panic on systems using TIPC. Prior to these bounds checks, and with a canary leak (or no CONFIG_STACKPROTECTOR), this can be exploited for RCE. The bug (in net/tipc.monitor.c) was introduced on Jun 15, 2016: https://github.com/torvalds/linux/commit/35c55c9877f8de0ab129fa1a309271d0ecc868b9 Due to the potential sensitivity of the bug, as outlined in the kernel docs, I'd like to send this report to both linux-distros@vs.openwall.org as well as security@kernel.org would anyone be able to inform me if the linux kernel security team has a PGP key for this distro? I propose a tentative embargo period of 7 days, for a public disclosure time of February 3rd, 2022 at 14:00 GMT. I would also like to request a CVE to be assigned for this vulnerability. ================================================================================================ Contents ================================================================================================ - Bug Details - Bug Impact - Suggested Fix - Further Information ================================================================================================ Bug Details ================================================================================================ Transparent Inter Process Communication (TIPC) is an IPC mechanism designed for intra-cluster communication. It represents the cluster topology using the concept of nodes and the links between these nodes. The monitoring framework introduced on Jun 15, 2016 uses a distributed "Overlapping Ring Supervision Algorithm" to monitor neighbouring nodes in the cluster. As part of this monitoring framework, neighbouring nodes, or peers, are able to transfer domain records in order to inform peers of their network view. This is represented via the following struct: ... /* struct tipc_mon_domain: domain record to be transferred between peers * @len: actual size of domain record * @gen: current generation of sender's domain * @ack_gen: most recent generation of self's domain acked by peer * @member_cnt: number of domain member nodes described in this record * @up_map: bit map indicating which of the members the sender considers up * @members: identity of the domain members */ struct tipc_mon_domain { u16 len; u16 gen; u16 ack_gen; u16 member_cnt; u64 up_map; u32 members[MAX_MON_DOMAIN]; }; ... Where the length of members is defined as follows: ... #define MAX_MON_DOMAIN 64 ... A TIPC node tracks peers in a circular linked list, as well as keeping a reference to their most up-to-date domain record, via the peer struct: ... /* struct tipc_peer: state of a peer node and its domain * @addr: tipc node identity of peer * @head_map: shows which other nodes currently consider peer 'up' * @domain: most recent domain record from peer * @hash: position in hashed lookup list * @list: position in linked list, in circular ascending order by 'addr' * @applied: number of reported domain members applied on this monitor list * @is_up: peer is up as seen from this node * @is_head: peer is assigned domain head as seen from this node * @is_local: peer is in local domain and should be continuously monitored * @down_cnt: - numbers of other peers which have reported this on lost */ struct tipc_peer { u32 addr; struct tipc_mon_domain *domain; struct hlist_node hash; struct list_head list; u8 applied; u8 down_cnt; bool is_up; bool is_head; bool is_local; }; ... Peers send these domain records in the body of TIPC packets which are ultimately processed by the function tipc_mon_rcv, which is where the vulnerability lies. The function signature is as follows: ... /* tipc_mon_rcv - process monitor domain event message * * @data: STATE_MSG body * @dlen: STATE_MSG body size (taken from TIPC header) */ void tipc_mon_rcv(struct net *net, void *data, u16 dlen, u32 addr, struct tipc_mon_state *state, int bearer_id) ... Where data is a pointer to the inbound packets body and dlen is the body size specified in the packet header. The function does some initial sanity checks on data, making sure that the packet body length and the domain len provided matches the size of the struct, given the member_cnt supplied. ... /* Sanity check received domain record */ if (dlen < dom_rec_len(arrv_dom, 0)) return; if (dlen != dom_rec_len(arrv_dom, new_member_cnt)) return; if (dlen < new_dlen || arrv_dlen != new_dlen) return; ... However, crucially, while we validate the various lengths line up, we never verify that member_cnt <= MAX_MON_DOMAIN before we kmalloc the new tipc_mon_domain and reference it in peer->domain. If this is the first domain record received from the peer, we will kmallocate the one we just received and reference it in the struct for this peer: ... /* Transform and store received domain record */ if (!dom || (dom->len < new_dlen)) { kfree(dom); dom = kmalloc(new_dlen, GFP_ATOMIC); peer->domain = dom; if (!dom) goto exit; } dom->len = new_dlen; dom->gen = new_gen; dom->member_cnt = new_member_cnt; dom->up_map = mon_le64_to_cpu(arrv_dom->up_map); for (i = 0; i < new_member_cnt; i++) dom->members[i] = mon_le32_to_cpu(arrv_dom->members[i]); ... Note, that dom->len is set to the len the peer supplied, which could be over the max size defined by MAX_MON_DOMAIN. If however, on receiving a new domain record, the peer has already got a domain record associated with it, before we kmalloc a new `peer->domain`, if there's an existing one, we cache the old copy briefly into a local struct: ... struct tipc_mon_domain dom_bef; ... /* Cache current domain record for later use */ dom_bef.member_cnt = 0; dom = peer->domain; if (dom) memcpy(&dom_bef, dom, dom->len); ... If we've previously submitted a domain record, now referenced by peer->domain, with a member_cnt greater than MAX_MON_DOMAIN, then length of peer->domain will be greater than the size of the local struct dom_bef; which is a 272 byte buffer on the stack. ================================================================================================ Bug Impact ================================================================================================ As touched on above, the bug was introduced on Jun 15, 2016: https://github.com/torvalds/linux/commit/35c55c9877f8de0ab129fa1a309271d0ecc8 The bug is still present, so versions affected are >=4.8 and 5.x. Triggering the bug requires the TIPC module to be loaded and for remote exploitation a TIPC bearer needs to be set up on the target i.e., vulnerability extends to systems actively using TIPC. With CONFIG_FORTIFY_SOURCE's strict memcpy() bounds checking, the impact is limited to remote DOS via kernel panic. Without this mitigation, a kernel stack canary leak is still required to gain code execution, otherwise the end result is still kernel panic. Without CONFIG_STACK PROTECTOR, only a KASLR leak is required to gain code execution. This vulnerability can be triggered locally or remotely by pretending to be another node, establishing a link and sending 2 crafted STATE_MSG packets with domain record payloads. The initial with large member_cnt (greater than MAX_MON_DOMAIN) and another one with a higher gen value (aka newer domain record) to trigger the replacement and memcpy() to cache, at which point we are copying out the first record we sent with an excessive size into the static 272 byte stack buffer. Note that as RedHat mentioned in their advisory for CVE-2021-43267, any configs in place that mitigate the ability for an attacker to spoof/imitated another node will limit the impact of this bug as triggering requires the attacker to interact as a peer node. ================================================================================================ Suggested Fix ================================================================================================ As far as I can tell, there is no need for a domain record count to be greater than MAX_MON_DOMAIN, a simple fix would be to add this check as part of the input sanitisation: --- monitor.c 2022-01-24 16:20:38.214731110 +0000 +++ monitor.c.new 2022-01-24 16:22:23.134975983 +0000 @@ -502,6 +502,8 @@ return; if (dlen < new_dlen || arrv_dlen != new_dlen) return; + if (new_member_cnt > MAX_MON_DOMAIN) + return; /* Synch generation numbers with peer if link just came up */ if (!state->synched) { ================================================================================================ Further Information ================================================================================================ Hopefully, the level of detail I have provided is sufficient. If you need any additional information or have any further questions then let me know and I would be happy to help. Kind Regards, Sam
Created attachment 855937 [details] [PATCH v3] tipc: improve size validations for received domain records There was some discussion in the linux-distos thread, adding v3 of the patch for completeness
Hi kernel team / Denis, I see that 5e4e31ed176ccf5463049d4f4fa9eac9412667d7 has been backported, which adds a check for `new_member_cnt`. > ⋮ 21 │+ if (new_member_cnt >= MAX_MON_DOMAIN) > ⋮ 22 │+ return; I also see there is a different patch under development in s@k.o shared with the subject '[PATCH v3] tipc: improve size validations for received domain records'. Do you see that one or should I attach it here? Do you think it makes more sense to backport that one instead of 5e4e31ed176ccf5463049d4f4fa9eac9412667d7 ?
(In reply to Gianluca Gabrielli from comment #30) > Hi kernel team / Denis, > > I see that 5e4e31ed176ccf5463049d4f4fa9eac9412667d7 has been backported, > which adds a check for `new_member_cnt`. > > > ⋮ 21 │+ if (new_member_cnt >= MAX_MON_DOMAIN) > > ⋮ 22 │+ return; > > I also see there is a different patch under development in s@k.o shared with > the subject '[PATCH v3] tipc: improve size validations for received domain > records'. Do you see that one or should I attach it here? Do you think it > makes more sense to backport that one instead of > 5e4e31ed176ccf5463049d4f4fa9eac9412667d7 ? It seems that Robert and I ran into a race-condition :), I meant the patch he attached to comment#29
Just to recap, affected branches are: - SLE12-SP5 - SLE15-SP3 - SLE15-SP4 - cve/linux-4.12 - cve/linux-5.3 - stable
openSUSE-SU-2022:0366-1: An update that solves 27 vulnerabilities and has 23 fixes is now available. Category: security (critical) Bug References: 1071995,1124431,1167162,1169514,1172073,1179599,1184804,1185377,1186207,1186222,1187167,1189305,1189841,1190358,1190428,1191229,1191241,1191384,1191731,1192032,1192267,1192740,1192845,1192847,1192877,1192946,1193306,1193440,1193442,1193575,1193669,1193727,1193731,1193767,1193861,1193864,1193867,1193927,1194001,1194048,1194087,1194227,1194302,1194516,1194529,1194880,1194888,1194985,1195166,1195254 CVE References: CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-43975,CVE-2021-43976,CVE-2021-44733,CVE-2021-45095,CVE-2021-45486,CVE-2022-0322,CVE-2022-0330 JIRA References: Sources used: openSUSE Leap 15.4 (src): kernel-debug-4.12.14-197.105.1, kernel-default-4.12.14-197.105.1, kernel-kvmsmall-4.12.14-197.105.1, kernel-vanilla-4.12.14-197.105.1, kernel-zfcpdump-4.12.14-197.105.1 openSUSE Leap 15.3 (src): kernel-debug-4.12.14-197.105.1, kernel-default-4.12.14-197.105.1, kernel-kvmsmall-4.12.14-197.105.1, kernel-vanilla-4.12.14-197.105.1, kernel-zfcpdump-4.12.14-197.105.1
openSUSE-SU-2022:0363-1: An update that solves 12 vulnerabilities and has 20 fixes is now available. Category: security (critical) Bug References: 1154353,1154488,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371 CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-4159,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 JIRA References: Sources used: openSUSE Leap 15.3 (src): kernel-azure-5.3.18-150300.38.40.4, kernel-source-azure-5.3.18-150300.38.40.4, kernel-syms-azure-5.3.18-150300.38.40.1
SUSE-SU-2022:0365-1: An update that solves 7 vulnerabilities and has 9 fixes is now available. Category: security (critical) Bug References: 1177599,1183405,1185377,1188605,1193096,1193506,1193861,1193864,1193867,1194048,1194227,1194880,1195009,1195065,1195184,1195254 CVE References: CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-45095,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 JIRA References: Sources used: SUSE Manager Server 4.1 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-obs-build-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Manager Retail Branch Server 4.1 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Manager Proxy 4.1 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-obs-build-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-obs-build-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-24.102.1, kernel-livepatch-SLE15-SP2_Update_24-1-5.3.1 SUSE Linux Enterprise Micro 5.0 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-obs-build-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-obs-build-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-24.102.1 SUSE Enterprise Storage 7 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-obs-build-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0363-1: An update that solves 12 vulnerabilities and has 20 fixes is now available. Category: security (critical) Bug References: 1154353,1154488,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371 CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-4159,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 JIRA References: Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src): kernel-azure-5.3.18-150300.38.40.4, kernel-source-azure-5.3.18-150300.38.40.4, kernel-syms-azure-5.3.18-150300.38.40.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0367-1: An update that solves 27 vulnerabilities and has 23 fixes is now available. Category: security (critical) Bug References: 1071995,1124431,1167162,1169514,1172073,1179599,1184804,1185377,1186207,1186222,1187167,1189305,1189841,1190358,1190428,1191229,1191241,1191384,1191731,1192032,1192267,1192740,1192845,1192847,1192877,1192946,1193306,1193440,1193442,1193506,1193575,1193669,1193727,1193731,1193767,1193861,1193864,1193867,1194001,1194048,1194087,1194227,1194302,1194516,1194529,1194880,1194888,1194985,1195166,1195254 CVE References: CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-43975,CVE-2021-43976,CVE-2021-44733,CVE-2021-45095,CVE-2021-45486,CVE-2022-0322,CVE-2022-0330,CVE-2022-0435 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): kernel-default-4.12.14-150.83.1, kernel-docs-4.12.14-150.83.1, kernel-obs-build-4.12.14-150.83.1, kernel-source-4.12.14-150.83.1, kernel-syms-4.12.14-150.83.1, kernel-vanilla-4.12.14-150.83.1 SUSE Linux Enterprise Server 15-LTSS (src): kernel-default-4.12.14-150.83.1, kernel-docs-4.12.14-150.83.1, kernel-obs-build-4.12.14-150.83.1, kernel-source-4.12.14-150.83.1, kernel-syms-4.12.14-150.83.1, kernel-vanilla-4.12.14-150.83.1, kernel-zfcpdump-4.12.14-150.83.1 SUSE Linux Enterprise Module for Live Patching 15 (src): kernel-default-4.12.14-150.83.1, kernel-livepatch-SLE15_Update_27-1-1.5.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): kernel-default-4.12.14-150.83.1, kernel-docs-4.12.14-150.83.1, kernel-obs-build-4.12.14-150.83.1, kernel-source-4.12.14-150.83.1, kernel-syms-4.12.14-150.83.1, kernel-vanilla-4.12.14-150.83.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): kernel-default-4.12.14-150.83.1, kernel-docs-4.12.14-150.83.1, kernel-obs-build-4.12.14-150.83.1, kernel-source-4.12.14-150.83.1, kernel-syms-4.12.14-150.83.1, kernel-vanilla-4.12.14-150.83.1 SUSE Linux Enterprise High Availability 15 (src): kernel-default-4.12.14-150.83.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0366-1: An update that solves 27 vulnerabilities and has 23 fixes is now available. Category: security (critical) Bug References: 1071995,1124431,1167162,1169514,1172073,1179599,1184804,1185377,1186207,1186222,1187167,1189305,1189841,1190358,1190428,1191229,1191241,1191384,1191731,1192032,1192267,1192740,1192845,1192847,1192877,1192946,1193306,1193440,1193442,1193575,1193669,1193727,1193731,1193767,1193861,1193864,1193867,1193927,1194001,1194048,1194087,1194227,1194302,1194516,1194529,1194880,1194888,1194985,1195166,1195254 CVE References: CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-43975,CVE-2021-43976,CVE-2021-44733,CVE-2021-45095,CVE-2021-45486,CVE-2022-0322,CVE-2022-0330 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1, kernel-zfcpdump-4.12.14-197.105.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1 SUSE Linux Enterprise Module for Live Patching 15-SP1 (src): kernel-default-4.12.14-197.105.1, kernel-livepatch-SLE15-SP1_Update_28-1-3.3.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1 SUSE Linux Enterprise High Availability 15-SP1 (src): kernel-default-4.12.14-197.105.1 SUSE Enterprise Storage 6 (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1 SUSE CaaS Platform 4.0 (src): kernel-default-4.12.14-197.105.1, kernel-docs-4.12.14-197.105.1, kernel-obs-build-4.12.14-197.105.1, kernel-source-4.12.14-197.105.1, kernel-syms-4.12.14-197.105.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0364-1: An update that solves 14 vulnerabilities and has 29 fixes is now available. Category: security (critical) Bug References: 1065729,1071995,1082555,1163405,1177599,1183405,1184209,1186207,1186222,1187428,1187723,1188605,1190973,1192729,1193096,1193234,1193235,1193242,1193507,1193660,1193669,1193727,1193767,1193861,1193864,1193927,1194001,1194027,1194227,1194302,1194410,1194493,1194516,1194529,1194814,1194880,1194888,1194965,1194985,1195065,1195073,1195254,1195272 CVE References: CVE-2020-28097,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-44733,CVE-2022-0322,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): kernel-default-4.12.14-122.110.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): kernel-docs-4.12.14-122.110.2, kernel-obs-build-4.12.14-122.110.1 SUSE Linux Enterprise Server 12-SP5 (src): kernel-default-4.12.14-122.110.1, kernel-source-4.12.14-122.110.1, kernel-syms-4.12.14-122.110.1 SUSE Linux Enterprise Live Patching 12-SP5 (src): kernel-default-4.12.14-122.110.1, kgraft-patch-SLE12-SP5_Update_28-1-8.3.2 SUSE Linux Enterprise High Availability 12-SP5 (src): kernel-default-4.12.14-122.110.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0370-1: An update that solves 11 vulnerabilities and has 29 fixes is now available. Category: security (critical) Bug References: 1154353,1154488,1156395,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371,1195476,1195477,1195478,1195479,1195480,1195481,1195482 CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): kernel-default-5.3.18-150300.59.49.1, kernel-preempt-5.3.18-150300.59.49.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 (src): kernel-default-5.3.18-150300.59.49.1, kernel-livepatch-SLE15-SP3_Update_14-1-150300.7.3.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): kernel-default-5.3.18-150300.59.49.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): kernel-docs-5.3.18-150300.59.49.1, kernel-obs-build-5.3.18-150300.59.49.1, kernel-preempt-5.3.18-150300.59.49.1, kernel-source-5.3.18-150300.59.49.1, kernel-syms-5.3.18-150300.59.49.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): kernel-64kb-5.3.18-150300.59.49.1, kernel-default-5.3.18-150300.59.49.1, kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1, kernel-preempt-5.3.18-150300.59.49.1, kernel-source-5.3.18-150300.59.49.1, kernel-zfcpdump-5.3.18-150300.59.49.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-default-5.3.18-150300.59.49.1, kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1 SUSE Linux Enterprise High Availability 15-SP3 (src): kernel-default-5.3.18-150300.59.49.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0370-1: An update that solves 11 vulnerabilities and has 29 fixes is now available. Category: security (critical) Bug References: 1154353,1154488,1156395,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371,1195476,1195477,1195478,1195479,1195480,1195481,1195482 CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 JIRA References: Sources used: openSUSE Leap 15.4 (src): dtb-aarch64-5.3.18-150300.59.49.1, kernel-preempt-5.3.18-150300.59.49.1 openSUSE Leap 15.3 (src): dtb-aarch64-5.3.18-150300.59.49.1, kernel-64kb-5.3.18-150300.59.49.1, kernel-debug-5.3.18-150300.59.49.1, kernel-default-5.3.18-150300.59.49.1, kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1, kernel-docs-5.3.18-150300.59.49.1, kernel-kvmsmall-5.3.18-150300.59.49.1, kernel-obs-build-5.3.18-150300.59.49.1, kernel-obs-qa-5.3.18-150300.59.49.1, kernel-preempt-5.3.18-150300.59.49.1, kernel-source-5.3.18-150300.59.49.1, kernel-syms-5.3.18-150300.59.49.1, kernel-zfcpdump-5.3.18-150300.59.49.1
SUSE-SU-2022:0371-1: An update that solves 27 vulnerabilities and has 22 fixes is now available. Category: security (important) Bug References: 1071995,1124431,1167162,1169514,1172073,1177101,1179599,1184804,1185377,1186207,1186222,1187167,1189305,1189841,1190358,1190428,1191229,1191384,1191731,1192032,1192267,1192740,1192845,1192847,1192877,1192946,1193306,1193440,1193442,1193507,1193575,1193669,1193727,1193731,1193767,1193861,1193864,1193867,1194001,1194048,1194087,1194227,1194302,1194516,1194529,1194880,1194888,1194985,1195254 CVE References: CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-43975,CVE-2021-43976,CVE-2021-44733,CVE-2021-45095,CVE-2021-45486,CVE-2022-0322,CVE-2022-0330,CVE-2022-0435 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): kernel-default-4.12.14-95.88.1, kernel-source-4.12.14-95.88.1, kernel-syms-4.12.14-95.88.1 SUSE OpenStack Cloud 9 (src): kernel-default-4.12.14-95.88.1, kernel-source-4.12.14-95.88.1, kernel-syms-4.12.14-95.88.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): kernel-default-4.12.14-95.88.1, kernel-source-4.12.14-95.88.1, kernel-syms-4.12.14-95.88.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): kernel-default-4.12.14-95.88.1, kernel-source-4.12.14-95.88.1, kernel-syms-4.12.14-95.88.1 SUSE Linux Enterprise Live Patching 12-SP4 (src): kernel-default-4.12.14-95.88.1, kgraft-patch-SLE12-SP4_Update_24-1-6.5.1 SUSE Linux Enterprise High Availability 12-SP4 (src): kernel-default-4.12.14-95.88.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0372-1: An update that solves 13 vulnerabilities and has 28 fixes is now available. Category: security (critical) Bug References: 1065729,1071995,1082555,1163405,1177599,1183405,1184209,1186207,1186222,1187428,1187723,1188605,1190973,1192729,1193096,1193234,1193235,1193242,1193507,1193660,1193727,1193767,1193861,1193864,1193927,1194027,1194227,1194302,1194410,1194493,1194516,1194529,1194814,1194880,1194888,1194965,1194985,1195065,1195073,1195254,1195272 CVE References: CVE-2020-28097,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4083,CVE-2021-4135,CVE-2021-4197,CVE-2021-4202,CVE-2021-44733,CVE-2022-0322,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): kernel-azure-4.12.14-16.88.1, kernel-source-azure-4.12.14-16.88.1, kernel-syms-azure-4.12.14-16.88.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
the upstream commit 9aa422ad326634b76309e8ff342c246800621216 pushed to: - SLE12-SP5 - SLE15-SP3 - SLE15-SP4 - cve/linux-4.12 - cve/linux-5.3 Reassigning back to security team
SUSE-SU-2022:0543-1: An update that solves 9 vulnerabilities and has 29 fixes is now available. Category: security (critical) Bug References: 1154353,1154488,1156395,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371,1195476,1195477,1195478,1195479,1195480,1195481,1195482 CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-22942 JIRA References: Sources used: SUSE Linux Enterprise Module for Realtime 15-SP3 (src): kernel-rt-5.3.18-150300.76.1, kernel-rt_debug-5.3.18-150300.76.1, kernel-source-rt-5.3.18-150300.76.1, kernel-syms-rt-5.3.18-150300.76.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-rt-5.3.18-150300.76.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0544-1: An update that solves 6 vulnerabilities and has 11 fixes is now available. Category: security (critical) Bug References: 1177599,1183405,1185377,1187428,1188605,1193096,1193506,1193861,1193864,1193867,1194048,1194227,1194880,1195009,1195065,1195184,1195254 CVE References: CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-45095,CVE-2022-0330,CVE-2022-22942 JIRA References: Sources used: SUSE Linux Enterprise Module for Realtime 15-SP2 (src): kernel-rt-5.3.18-73.1, kernel-rt_debug-5.3.18-73.1, kernel-source-rt-5.3.18-73.1, kernel-syms-rt-5.3.18-73.1 SUSE Linux Enterprise Micro 5.0 (src): kernel-rt-5.3.18-73.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
released
SUSE-SU-2022:0555-1: An update that solves 16 vulnerabilities and has 31 fixes is now available. Category: security (critical) Bug References: 1065729,1071995,1082555,1163405,1177599,1183405,1184209,1185377,1186207,1186222,1187428,1187723,1188605,1190973,1192729,1193096,1193234,1193235,1193242,1193507,1193660,1193669,1193727,1193767,1193861,1193864,1193867,1193927,1194001,1194027,1194048,1194227,1194302,1194410,1194493,1194516,1194529,1194814,1194880,1194888,1194965,1194985,1195065,1195073,1195254,1195272,1195612 CVE References: CVE-2020-28097,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-44733,CVE-2021-45095,CVE-2022-0322,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942,CVE-2022-24448 JIRA References: Sources used: SUSE Linux Enterprise Real Time Extension 12-SP5 (src): kernel-rt-4.12.14-10.78.1, kernel-rt_debug-4.12.14-10.78.1, kernel-source-rt-4.12.14-10.78.1, kernel-syms-rt-4.12.14-10.78.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0759-1: An update that solves 14 vulnerabilities, contains one feature and has 12 fixes is now available. Category: security (important) Bug References: 1189126,1191580,1192483,1194516,1195254,1195286,1195516,1195543,1195612,1195701,1195897,1195905,1195908,1195947,1195949,1195987,1195995,1196079,1196095,1196132,1196155,1196235,1196584,1196601,1196612,1196776 CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0847,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375 JIRA References: SLE-23652 Sources used: SUSE Manager Server 4.1 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Manager Retail Branch Server 4.1 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Manager Proxy 4.1 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-24.107.1, kernel-livepatch-SLE15-SP2_Update_25-1-5.5.1 SUSE Linux Enterprise Micro 5.0 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-24.107.1 SUSE Enterprise Storage 7 (src): kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1039-1: An update that solves 22 vulnerabilities and has 22 fixes is now available. Category: security (important) Bug References: 1176447,1176774,1178134,1179439,1181147,1191428,1192273,1193731,1193787,1193864,1194463,1194516,1194943,1195051,1195211,1195254,1195353,1195403,1195612,1195897,1195905,1195939,1195949,1195987,1196079,1196095,1196130,1196132,1196155,1196299,1196301,1196433,1196468,1196472,1196488,1196627,1196723,1196779,1196830,1196836,1196866,1196868,1196956,1196959 CVE References: CVE-2021-0920,CVE-2021-39657,CVE-2021-39698,CVE-2021-44879,CVE-2021-45402,CVE-2022-0487,CVE-2022-0617,CVE-2022-0644,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25636,CVE-2022-26490,CVE-2022-26966 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): kernel-default-5.3.18-150300.59.60.4, kernel-preempt-5.3.18-150300.59.60.4 SUSE Linux Enterprise Module for Live Patching 15-SP3 (src): kernel-default-5.3.18-150300.59.60.4, kernel-livepatch-SLE15-SP3_Update_16-1-150300.7.5.3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): kernel-default-5.3.18-150300.59.60.4 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): kernel-docs-5.3.18-150300.59.60.4, kernel-obs-build-5.3.18-150300.59.60.4, kernel-preempt-5.3.18-150300.59.60.4, kernel-source-5.3.18-150300.59.60.4, kernel-syms-5.3.18-150300.59.60.4 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): kernel-64kb-5.3.18-150300.59.60.4, kernel-default-5.3.18-150300.59.60.4, kernel-default-base-5.3.18-150300.59.60.4.150300.18.37.5, kernel-preempt-5.3.18-150300.59.60.4, kernel-source-5.3.18-150300.59.60.4, kernel-zfcpdump-5.3.18-150300.59.60.4 SUSE Linux Enterprise Micro 5.1 (src): kernel-default-5.3.18-150300.59.60.4, kernel-default-base-5.3.18-150300.59.60.4.150300.18.37.5 SUSE Linux Enterprise High Availability 15-SP3 (src): kernel-default-5.3.18-150300.59.60.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:1039-1: An update that solves 22 vulnerabilities and has 22 fixes is now available. Category: security (important) Bug References: 1176447,1176774,1178134,1179439,1181147,1191428,1192273,1193731,1193787,1193864,1194463,1194516,1194943,1195051,1195211,1195254,1195353,1195403,1195612,1195897,1195905,1195939,1195949,1195987,1196079,1196095,1196130,1196132,1196155,1196299,1196301,1196433,1196468,1196472,1196488,1196627,1196723,1196779,1196830,1196836,1196866,1196868,1196956,1196959 CVE References: CVE-2021-0920,CVE-2021-39657,CVE-2021-39698,CVE-2021-44879,CVE-2021-45402,CVE-2022-0487,CVE-2022-0617,CVE-2022-0644,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25636,CVE-2022-26490,CVE-2022-26966 JIRA References: Sources used: openSUSE Leap 15.4 (src): dtb-aarch64-5.3.18-150300.59.60.4, kernel-preempt-5.3.18-150300.59.60.4 openSUSE Leap 15.3 (src): dtb-aarch64-5.3.18-150300.59.60.4, kernel-64kb-5.3.18-150300.59.60.4, kernel-debug-5.3.18-150300.59.60.4, kernel-default-5.3.18-150300.59.60.4, kernel-default-base-5.3.18-150300.59.60.4.150300.18.37.5, kernel-docs-5.3.18-150300.59.60.4, kernel-kvmsmall-5.3.18-150300.59.60.4, kernel-obs-build-5.3.18-150300.59.60.4, kernel-obs-qa-5.3.18-150300.59.60.4, kernel-preempt-5.3.18-150300.59.60.4, kernel-source-5.3.18-150300.59.60.4, kernel-syms-5.3.18-150300.59.60.4, kernel-zfcpdump-5.3.18-150300.59.60.4
openSUSE-SU-2022:1037-1: An update that solves 12 vulnerabilities and has 25 fixes is now available. Category: security (important) Bug References: 1176447,1176774,1178134,1179439,1181147,1191428,1192273,1193731,1193787,1193864,1194463,1194516,1195211,1195254,1195403,1195612,1195897,1195905,1195939,1195949,1195987,1196079,1196095,1196132,1196155,1196299,1196301,1196433,1196468,1196472,1196627,1196723,1196779,1196830,1196836,1196866,1196868 CVE References: CVE-2021-0920,CVE-2021-39657,CVE-2021-44879,CVE-2022-0487,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25636,CVE-2022-26490 JIRA References: Sources used: openSUSE Leap 15.3 (src): kernel-azure-5.3.18-150300.38.50.1, kernel-source-azure-5.3.18-150300.38.50.1, kernel-syms-azure-5.3.18-150300.38.50.1
SUSE-SU-2022:1037-1: An update that solves 12 vulnerabilities and has 25 fixes is now available. Category: security (important) Bug References: 1176447,1176774,1178134,1179439,1181147,1191428,1192273,1193731,1193787,1193864,1194463,1194516,1195211,1195254,1195403,1195612,1195897,1195905,1195939,1195949,1195987,1196079,1196095,1196132,1196155,1196299,1196301,1196433,1196468,1196472,1196627,1196723,1196779,1196830,1196836,1196866,1196868 CVE References: CVE-2021-0920,CVE-2021-39657,CVE-2021-44879,CVE-2022-0487,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25636,CVE-2022-26490 JIRA References: Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src): kernel-azure-5.3.18-150300.38.50.1, kernel-source-azure-5.3.18-150300.38.50.1, kernel-syms-azure-5.3.18-150300.38.50.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1197-1: An update that solves 21 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1179639,1189562,1193731,1194943,1195051,1195254,1195353,1195403,1195939,1196018,1196196,1196468,1196488,1196761,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1197914,1198031,1198032,1198033 CVE References: CVE-2021-0920,CVE-2021-39698,CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390 JIRA References: Sources used: SUSE Manager Server 4.1 (src): kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1 SUSE Manager Retail Branch Server 4.1 (src): kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1 SUSE Manager Proxy 4.1 (src): kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-150200.24.112.1, kernel-livepatch-SLE15-SP2_Update_26-1-150200.5.5.1 SUSE Linux Enterprise Micro 5.0 (src): kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-150200.24.112.1 SUSE Enterprise Storage 7 (src): kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1257-1: An update that solves 33 vulnerabilities, contains one feature and has 9 fixes is now available. Category: security (important) Bug References: 1179639,1189126,1189562,1193731,1194516,1194943,1195051,1195254,1195286,1195353,1195403,1195516,1195543,1195612,1195897,1195905,1195939,1195987,1196018,1196079,1196095,1196155,1196196,1196235,1196468,1196488,1196612,1196761,1196776,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1198031,1198032,1198033 CVE References: CVE-2021-0920,CVE-2021-39698,CVE-2021-44879,CVE-2021-45868,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390,CVE-2022-28748 JIRA References: SLE-23652 Sources used: SUSE Linux Enterprise Module for Realtime 15-SP2 (src): kernel-rt-5.3.18-150200.79.2, kernel-rt_debug-5.3.18-150200.79.2, kernel-source-rt-5.3.18-150200.79.2, kernel-syms-rt-5.3.18-150200.79.1 SUSE Linux Enterprise Micro 5.0 (src): kernel-rt-5.3.18-150200.79.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1256-1: An update that solves 19 vulnerabilities, contains two features and has 6 fixes is now available. Category: security (important) Bug References: 1189562,1193738,1194943,1195051,1195254,1195353,1196018,1196114,1196433,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197227,1197331,1197366,1197391,1198031,1198032,1198033 CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390 JIRA References: SLE-18234,SLE-23652 Sources used: openSUSE Leap 15.4 (src): kernel-debug-4.12.14-150100.197.111.1, kernel-default-4.12.14-150100.197.111.1, kernel-kvmsmall-4.12.14-150100.197.111.1, kernel-vanilla-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1 openSUSE Leap 15.3 (src): kernel-debug-4.12.14-150100.197.111.1, kernel-default-4.12.14-150100.197.111.1, kernel-kvmsmall-4.12.14-150100.197.111.1, kernel-vanilla-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1 SUSE Linux Enterprise Module for Live Patching 15-SP1 (src): kernel-default-4.12.14-150100.197.111.1, kernel-livepatch-SLE15-SP1_Update_30-1-150100.3.3.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1 SUSE Linux Enterprise High Availability 15-SP1 (src): kernel-default-4.12.14-150100.197.111.1 SUSE Enterprise Storage 6 (src): kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1 SUSE CaaS Platform 4.0 (src): kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.