Bug 1197227 - (CVE-2022-1015) VUL-0: CVE-2022-1015,CVE-2022-1016: kernel-source: Vulnerability in nf_tables can cause privilege escalation
(CVE-2022-1015)
VUL-0: CVE-2022-1015,CVE-2022-1016: kernel-source: Vulnerability in nf_tables...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/326549/
CVSSv3.1:SUSE:CVE-2022-1015:7.8:(AV:L...
:
Depends on:
Blocks: 1197335
  Show dependency treegraph
 
Reported: 2022-03-17 13:19 UTC by Gianluca Gabrielli
Modified: 2022-08-01 13:32 UTC (History)
7 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Proposed patch 1/2 (1008 bytes, patch)
2022-03-17 13:22 UTC, Gianluca Gabrielli
Details | Diff
Proposed patch 2/2 (2.22 KB, patch)
2022-03-17 13:22 UTC, Gianluca Gabrielli
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2022-03-17 13:19:40 UTC
From private linux-distros ML
-----------------------------

Hello, I'm mailing to report a vulnerability I found in nf_tables component
of the netfilter subsystem. The vulnerability gives an attacker a powerful
primitive that can be used to both read from and write to relative stack
data. This can lead to arbitrary code execution by an attacker.

In order for an unprivileged attacker to exploit this issue, unprivileged
user- and network namespaces access is required (CLONE_NEWUSER |
CLONE_NEWNET). The bug relies on a compiler optimization that introduces
behavior that the maintainer did not account for, and most likely only
occurs on kernels with `CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y`. I
successfully exploited the bug on x86_64 kernel version 5.16-rc3, but I
believe this vulnerability exists across different kernel versions and
architectures (more on this later).

Without further ado:

The bug resides in `linux/net/netfilter/nf_tables_api.c`, in the
`nft_validate_register_store` and `nft_validate_register_load` routines.
These routines are used to check if nft expression parameters supplied by
the user are sound and won't cause OOB stack accesses when evaluating the
expression.

From my 5.16-rc3 kernel source (d58071a8a76d779eedab38033ae4c821c30295a5:
Linux 5.16-rc3):

nft_validate_register_store:

```
static int nft_validate_register_store(const struct nft_ctx *ctx,
      enum nft_registers reg,
      const struct nft_data *data,
      enum nft_data_types type,
      unsigned int len)
{
int err;

switch (reg) {
        ...
default:
if (reg < NFT_REG_1 * NFT_REG_SIZE / NFT_REG32_SIZE)
return -EINVAL;
if (len == 0)
return -EINVAL;
if (reg * NFT_REG32_SIZE + len >
   sizeof_field(struct nft_regs, data))
return -ERANGE;

if (data != NULL && type != NFT_DATA_VALUE)
return -EINVAL;
return 0;
}
}
```

nft_validate_register_load:

```
static int nft_validate_register_load(enum nft_registers reg, unsigned int
len)
{
if (reg < NFT_REG_1 * NFT_REG_SIZE / NFT_REG32_SIZE)
return -EINVAL;
if (len == 0)
return -EINVAL;
if (reg * NFT_REG32_SIZE + len > sizeof_field(struct nft_regs, data))
return -ERANGE;

return 0;
}
```

The problem lies in the fact that `enum nft_registers reg` is not
guaranteed only be a single byte. As per the C89 specification, 3.1.3.3
Enumeration constants: `An identifier declared as an enumeration constant
has type int.`.

Effectively this implies that the compiler is free to emit code that
operates on `reg` as if it were a 32-bit value. If this is the case (and it
is on the kernel I tested), a user can forge an expression register value
that will overflow upon multiplication with `NFT_REG32_SIZE` (4) and upon
addition with `len`, will be a value smaller than `sizeof_field(struct
nft_regs, data)` (0x50). Once this check passes, the least significant byte
of `reg` can still contain a value that will index outside of the bounds of
the `struct nft_regs regs` that it will later be used with.

Take for example a `reg` value of `0xfffffff8` and a `len` value of `0x40`.
The expression `reg * 4 + len` will then result in `0xffffffe0 + 0x40 =
0x20`, which is lower than `0x50`. This makes that a value of `0xf8` is
recognized as a valid index, and is subsequently assigned to a register
value in the expression info structs.


Here is a snippet of the x86_64 assembly code that these functions might
generate:

```
Disassembly of section .text:

0000000000002ed0 <nft_validate_register_store>:
    2ed0: e8 00 00 00 00       callq  2ed5 <nft_validate_register_store+0x5>
    2ed5: 55                   push   %rbp
    2ed6: 48 89 e5             mov    %rsp,%rbp
    2ed9: 41 54                 push   %r12
    2edb: 85 f6                 test   %esi,%esi
    2edd: 75 2b                 jne    2f0a
<nft_validate_register_store+0x3a>
    2edf: 81 f9 00 ff ff ff     cmp    $0xffffff00,%ecx
    2ee5: 75 49                 jne    2f30
<nft_validate_register_store+0x60>
    2ee7: 45 31 e4             xor    %r12d,%r12d
    2eea: 48 85 d2             test   %rdx,%rdx
    2eed: 74 3a                 je     2f29
<nft_validate_register_store+0x59>
    2eef: 8b 02                 mov    (%rdx),%eax
    2ef1: 83 c0 04             add    $0x4,%eax
    2ef4: 83 f8 01             cmp    $0x1,%eax
    2ef7: 77 30                 ja     2f29
<nft_validate_register_store+0x59>
    2ef9: 48 8b 72 08           mov    0x8(%rdx),%rsi
    2efd: e8 7e da ff ff       callq  980 <nf_tables_check_loops>
    2f02: 85 c0                 test   %eax,%eax
    2f04: 44 0f 4e e0           cmovle %eax,%r12d
    2f08: eb 1f                 jmp    2f29
<nft_validate_register_store+0x59>
    2f0a: 83 fe 03             cmp    $0x3,%esi
    2f0d: 76 21                 jbe    2f30
<nft_validate_register_store+0x60>
    2f0f: 45 85 c0             test   %r8d,%r8d
    2f12: 74 1c                 je     2f30
<nft_validate_register_store+0x60>
    2f14: 41 8d 04 b0           lea    (%r8,%rsi,4),%eax
    2f18: 83 f8 50             cmp    $0x50,%eax
    2f1b: 77 1b                 ja     2f38
<nft_validate_register_store+0x68>
    2f1d: 48 85 d2             test   %rdx,%rdx
    2f20: 74 04                 je     2f26
<nft_validate_register_store+0x56>
    2f22: 85 c9                 test   %ecx,%ecx
    2f24: 75 0a                 jne    2f30
<nft_validate_register_store+0x60>
    2f26: 45 31 e4             xor    %r12d,%r12d
    2f29: 44 89 e0             mov    %r12d,%eax
    2f2c: 41 5c                 pop    %r12
    2f2e: 5d                   pop    %rbp
    2f2f: c3                   retq
    2f30: 41 bc ea ff ff ff     mov    $0xffffffea,%r12d
    2f36: eb f1                 jmp    2f29
<nft_validate_register_store+0x59>
    2f38: 41 bc de ff ff ff     mov    $0xffffffde,%r12d
    2f3e: eb e9                 jmp    2f29
<nft_validate_register_store+0x59>
```

the `lea` instruction at `2f14` will multiply `%rsi` (reg) by 4 and add
`%r8` len to it.

I created a working local privilege escalation exploit by using such an out
of bounds index to copy stack data to the actual register area (declared in
nf_tables_core.c:nft_do_chain). Then, I wrote a a few nft rules that drop
or accept packets depending on whether the targeted byte is greater than
the constant comparand in the rule or not. In this way I could create a
binary search procedure that could determine the value of the leaked byte
by registering whether the packet was dropped or not. This results in a
kernel address leak.

Finally, I used a nft payload expression to write my arbitrary data
supplied in a packet to the stack in order to overwrite a return address
and execute a ROP chain.

An alternative exploitation strategy would be to overwrite to verdict
register (including its chain pointer) to arbitrary values, as you can now
get an register index of 0 in the same manner.


My proposed fix is to change the `enum nft_registers reg` function argument
in both routines to `u8 nft_registers reg`. If it is desired to keep the
enum type in the argument list, explicitly downcast `reg` to a u8.

I have some difficulties determining which kernel versions are vulnerable,
practically speaking. Whether the compiler actually produces vulnerable
code, and whether the routines are actually called with a 32-bit argument
depends on compiler version, kernel config, target archicteture, etc. I've
tried locating the commit where this bug was first introduced (regardless
of its exploitability), but some help with this would be greatly
appreciated (`git bisect` seems to take *abnormally* long on my machine).

For now, I would like to propose **2022-03-25 17:00 PDT** (friday) as a
tentative disclosure date. I will request a CVE number in the coming days
(I am supposed to do this myself, right?)

If you have any questions or requests, be sure to let me know,

Regards,

David Bouman (dbouman03@gmail.com)

N.B I noticed that in net/netfilter/nf_tables_core.c:nft_do_chain, the
`struct nft_regs regs;` declaration is never properly initialized. I am
almost 100% positive you can use this to leak kernel pointers in the same
way as described in this report. Do I create a seperate parent mail for
this, or will you handle it in here?
Comment 2 Gianluca Gabrielli 2022-03-17 13:22:20 UTC
Created attachment 857133 [details]
Proposed patch 1/2

Please keep in mind that this patch should still be under review
Comment 3 Gianluca Gabrielli 2022-03-17 13:22:39 UTC
Created attachment 857134 [details]
Proposed patch 2/2

Please keep in mind that this patch should still be under review
Comment 4 Gianluca Gabrielli 2022-03-17 13:23:52 UTC
According to the reporter, the offending commit is 49499c3e6e18b7677a63316f3ff54a16533dc28f.

Therefore the following security-related branches are affected:
        SLE12-SP5
        SLE15-SP3
        SLE15-SP4
        SLE15-SP4-GA
        cve/linux-4.12
        cve/linux-4.4
        cve/linux-5.3
        stable
Comment 5 Gianluca Gabrielli 2022-03-18 10:20:15 UTC
Within the email 3d the two following fixing commits have been pointed out, but still not merged in mainline:
 - https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=4c905f6740a365464e91467aa50916555b28213d
 - https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=6e1acfa387b9ff82cfc7db8cc3b6959221a95851
Comment 8 Marcus Meissner 2022-03-19 11:27:42 UTC
2 cves assigned:

CVE-2022-1015: OOB indexing bug in nft_validate_register_load and nft_validate_register_store leads to out-of-bounds register indexing, can cause arbitrary code execution

CVE-2022-1016: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM.
Comment 9 Marcus Meissner 2022-03-19 11:28:58 UTC
A proposed embargo end date was set:
CRD: 2022-03-28

(just the 14 days default expiry of distros)

But it currently looks like the kernel folks might even want it earlier, e.g. in 5.17 release this sunday?
Comment 10 Gianluca Gabrielli 2022-03-28 10:57:01 UTC
CVE-2022-1015 is only exploitable if commit 345023b0db31 (v5.12) exists.
Comment 11 Gianluca Gabrielli 2022-03-28 10:57:44 UTC
*** Bug 1197335 has been marked as a duplicate of this bug. ***
Comment 12 Gianluca Gabrielli 2022-03-28 11:01:18 UTC
(In reply to Gianluca Gabrielli from comment #5)
> Within the email 3d the two following fixing commits have been pointed out,
> but still not merged in mainline:
>  -
> https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/
> ?id=4c905f6740a365464e91467aa50916555b28213d
>  -
> https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/
> ?id=6e1acfa387b9ff82cfc7db8cc3b6959221a95851

They both hit the Linus tree. The official vuln publication should be done later today, let's keep it under embargo until then.
Comment 15 Gianluca Gabrielli 2022-03-31 09:04:54 UTC
(In reply to Gianluca Gabrielli from comment #10)
> CVE-2022-1015 is only exploitable if commit 345023b0db31 (v5.12) exists.

Am I wrong if I say that 345023b0db31 is not present in cve/linux-4.4, therefore this branch is not vulnerable?
Comment 16 Michal Kubeček 2022-03-31 09:19:33 UTC
As far as I can see, mainline commit 345023b0db31 ("netfilter: nftables: add
nft_parse_register_store() and use it") has not been backported into any of
our pre-5.12 branches. However, I'm not so sure this is where the bug was
introduced as this commit seems to only combine two helper functions into one.
Comment 17 Gianluca Gabrielli 2022-03-31 11:00:57 UTC
As I said before, the offending commit is 49499c3e6e18b7677a63316f3ff54a16533dc28f, where the bug was introduced.

(In reply to Gianluca Gabrielli from comment #4)
> According to the reporter, the offending commit is
> 49499c3e6e18b7677a63316f3ff54a16533dc28f.

(In reply to Michal Kubeček from comment #16)
> As far as I can see, mainline commit 345023b0db31 ("netfilter: nftables: add
> nft_parse_register_store() and use it") has not been backported into any of
> our pre-5.12 branches. However, I'm not so sure this is where the bug was
> introduced as this commit seems to only combine two helper functions into
> one.

but 345023b0db31 seems to be needed to exploit the bug, and (you are right) this commit is only present in:
 - SLE15-SP4 
 - SLE15-SP4-GA
 - stable

So, my new guess it that only these branches are vulnerable. Could you confirm it?
Comment 18 Michal Kubeček 2022-04-04 22:35:38 UTC
(In reply to Gianluca Gabrielli from comment #10)
> CVE-2022-1015 is only exploitable if commit 345023b0db31 (v5.12) exists.

(In reply to Gianluca Gabrielli from comment #17)
> but 345023b0db31 seems to be needed to exploit the bug

Where does this information come from? I went through the description again
and I still don't see why the same couldn't be done before mainline commit
345023b0db31. The combined helper does the same as the original code and
while the type of dreg member in struct nft_bitwise and struct nft_byteorder
changed from an 8-bit bitfield to a u8, assigning a 32-bit value to either
of them results in the same code.
Comment 19 Gianluca Gabrielli 2022-04-05 08:38:33 UTC
it's coming from the 3d in the private linux-distros ML:

Thadeu Lima de Souza Cascardo wrote:
> On Thu, Mar 17, 2022 at 03:08:11AM +0100, David wrote:
>> Hello, I'm mailing to report a vulnerability I found in nf_tables component
>> My proposed fix is to change the `enum nft_registers reg` function argument
>> in both routines to `u8 nft_registers reg`. If it is desired to keep the
>> enum type in the argument list, explicitly downcast `reg` to a u8.
>>
>> I have some difficulties determining which kernel versions are vulnerable,
>> practically speaking. Whether the compiler actually produces vulnerable
>> code, and whether the routines are actually called with a 32-bit argument
>> depends on compiler version, kernel config, target archicteture, etc. I've
>> tried locating the commit where this bug was first introduced (regardless
>> of its exploitability), but some help with this would be greatly
>> appreciated (`git bisect` seems to take*abnormally*  long on my machine).
>>
> Perhaps, the following commit is required for the attack to work. Would
> you be able to confirm that, perhaps, by testing a kernel built at that
> commit, and then, at the previous commit?
> 
> 345023b0db315648ccc3c1a36aee88304a8b4d91 ("netfilter: nftables: add
> nft_parse_register_store() and use it")
> 
> My thinking here is that as callers to nft_validate_register_store have
> already limited reg to u8, the values one can use for the netlink
> attributes are very limited, whereas after that commit, many different
> values can be used, as the limit to dreg is to a u32 value.

and

David Bouman wrote:
> On 25-03-2022 18:13, Tyler Hicks wrote:
>> I think it would be good to wait until Monday to do the oss-security
>> posting and also, hopefully, allow David to include the exploitable
>> kernel versions in the post.
> I went ahead and ran some tests on different kernel versions. I can
> verify that yes, CVE-2022-1015 is only exploitable from v5.12 commit
> 345023b0db31. Thadeu's assertion was correct.

@Michal, would you agree?
Comment 30 Nicolai Stange 2022-04-07 07:45:28 UTC
(In reply to Gianluca Gabrielli from comment #19)

> > David Bouman wrote:
> > On 25-03-2022 18:13, Tyler Hicks wrote:
> >> I think it would be good to wait until Monday to do the oss-security
> >> posting and also, hopefully, allow David to include the exploitable
> >> kernel versions in the post.
> > I went ahead and ran some tests on different kernel versions. I can
> > verify that yes, CVE-2022-1015 is only exploitable from v5.12 commit
> > 345023b0db31. Thadeu's assertion was correct.
> 
> @Michal, would you agree?

Not being Michal, but to have a statement to refer to from the livepatching bsc# clone: I for my part do agree that 345023b0db31 is needed for the kernel being vulnerable to the CVE-2022-1015 OOB store issue. The vulnerability comes from a possible integer overflow involving the 'reg' enum (== int effectively) argument to nft_validate_register_store(). Before 345023b0db31, all callers of nft_validate_register_store() had some open coded sequence like

  priv->dreg = nft_parse_register(tb[NFTA_BITWISE_DREG]);
  err = nft_validate_register_store(..., priv->dreg, ...);

where priv->dreg is 8 bits wide (I verified that for all possible priv's and all kernels under active livepatching support). So the 'reg' argument to nft_validate_register_store() had been guaranteed to be < 256 in practice and the reported integer overflow did not exist.

With 345023b0db31 though, these open-coded sites have been replaced by the new nft_parse_register_store() wrapper around nft_parse_register() + nft_validate_register_store(), which more or less looks like this:

  int nft_parse_register_store(..., const struct nlattr *attr, u8 *dreg, ...)
  {
        int err;
        u32 reg;
 
        reg = nft_parse_register(attr);
        err = nft_validate_register_store(..., reg, ...);
        if (err < 0)
                return err;
 
        *dreg = reg;
        return 0;
  }

Note how the reg passed on to nft_validate_register_store() can be any u32 value now. The subsequent assignment to the u8 ->dreg at the end of the function won't help much, it only restricts the OOB range to indices < 256.

So yes, AFAICT 345023b0db31 from v5.12 is a prerequisite for the CVE-2022-1015 OOB store issue and we don't have that backported to SLE15-SP3 and earlier. => only 15-SP4 and stable affected. For completeness, the original report mentions an information leak involving nft_parse_register_load(). This one had been introduced with 4f16d25c68ec, which is in analogy to (and the immediate parent of ) 345023b0db31, but handles the load side. We don't have that backported either to SLE15-SP3 and earlier.
Comment 39 Swamp Workflow Management 2022-04-12 16:25:56 UTC
SUSE-SU-2022:1163-1: An update that solves 25 vulnerabilities and has 33 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194589,1194625,1194649,1194943,1195051,1195353,1195640,1195926,1196018,1196130,1196196,1196478,1196488,1196761,1196823,1196956,1197227,1197243,1197245,1197300,1197302,1197331,1197343,1197366,1197389,1197460,1197462,1197501,1197534,1197661,1197675,1197677,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1198027,1198028,1198029,1198030,1198031,1198032,1198033,1198077
CVE References: CVE-2021-39698,CVE-2021-45402,CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-27223,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.53.1, kernel-source-azure-5.3.18-150300.38.53.1, kernel-syms-azure-5.3.18-150300.38.53.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.53.1, kernel-source-azure-5.3.18-150300.38.53.1, kernel-syms-azure-5.3.18-150300.38.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Swamp Workflow Management 2022-04-13 19:22:08 UTC
SUSE-SU-2022:1183-1: An update that solves 15 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194649,1195640,1195926,1196018,1196196,1196478,1196761,1196823,1197227,1197243,1197300,1197302,1197331,1197343,1197366,1197389,1197462,1197501,1197534,1197661,1197675,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1197914,1198027,1198028,1198029,1198030,1198031,1198032,1198033
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.63.1, kernel-64kb-5.3.18-150300.59.63.1, kernel-debug-5.3.18-150300.59.63.1, kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1, kernel-docs-5.3.18-150300.59.63.1, kernel-kvmsmall-5.3.18-150300.59.63.1, kernel-obs-build-5.3.18-150300.59.63.1, kernel-obs-qa-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-syms-5.3.18-150300.59.63.1, kernel-zfcpdump-5.3.18-150300.59.63.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-livepatch-SLE15-SP3_Update_17-1-150300.7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.63.1, kernel-obs-build-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-syms-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.63.1, kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-zfcpdump-5.3.18-150300.59.63.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2022-04-14 10:23:48 UTC
SUSE-SU-2022:1196-1: An update that solves 22 vulnerabilities, contains three features and has 39 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1191580,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196657,1196723,1196761,1196830,1196836,1196901,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1197914,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0001,CVE-2022-0002,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-23960,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.116.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.116.1, kernel-obs-build-4.12.14-122.116.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.116.1, kernel-source-4.12.14-122.116.1, kernel-syms-4.12.14-122.116.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.116.1, kgraft-patch-SLE12-SP5_Update_30-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.116.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Swamp Workflow Management 2022-04-14 13:22:10 UTC
SUSE-SU-2022:1197-1: An update that solves 21 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1179639,1189562,1193731,1194943,1195051,1195254,1195353,1195403,1195939,1196018,1196196,1196468,1196488,1196761,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1197914,1198031,1198032,1198033
CVE References: CVE-2021-0920,CVE-2021-39698,CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-livepatch-SLE15-SP2_Update_26-1-150200.5.5.1
SUSE Linux Enterprise Micro 5.0 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Swamp Workflow Management 2022-04-19 13:25:24 UTC
SUSE-SU-2022:1257-1: An update that solves 33 vulnerabilities, contains one feature and has 9 fixes is now available.

Category: security (important)
Bug References: 1179639,1189126,1189562,1193731,1194516,1194943,1195051,1195254,1195286,1195353,1195403,1195516,1195543,1195612,1195897,1195905,1195939,1195987,1196018,1196079,1196095,1196155,1196196,1196235,1196468,1196488,1196612,1196761,1196776,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1198031,1198032,1198033
CVE References: CVE-2021-0920,CVE-2021-39698,CVE-2021-44879,CVE-2021-45868,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390,CVE-2022-28748
JIRA References: SLE-23652
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-150200.79.2, kernel-rt_debug-5.3.18-150200.79.2, kernel-source-rt-5.3.18-150200.79.2, kernel-syms-rt-5.3.18-150200.79.1
SUSE Linux Enterprise Micro 5.0 (src):    kernel-rt-5.3.18-150200.79.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Swamp Workflow Management 2022-04-19 13:30:13 UTC
SUSE-SU-2022:1255-1: An update that solves 20 vulnerabilities, contains one feature and has three fixes is now available.

Category: security (important)
Bug References: 1189562,1194943,1195051,1195353,1196018,1196114,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197131,1197227,1197331,1197366,1197391,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-0886,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-18234
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1, kernel-zfcpdump-4.12.14-150000.150.89.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.89.1, kernel-livepatch-SLE15_Update_29-1-150000.1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.89.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Swamp Workflow Management 2022-04-19 13:34:57 UTC
SUSE-SU-2022:1256-1: An update that solves 19 vulnerabilities, contains two features and has 6 fixes is now available.

Category: security (important)
Bug References: 1189562,1193738,1194943,1195051,1195254,1195353,1196018,1196114,1196433,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197227,1197331,1197366,1197391,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-18234,SLE-23652
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.111.1, kernel-default-4.12.14-150100.197.111.1, kernel-kvmsmall-4.12.14-150100.197.111.1, kernel-vanilla-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.111.1, kernel-default-4.12.14-150100.197.111.1, kernel-kvmsmall-4.12.14-150100.197.111.1, kernel-vanilla-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-livepatch-SLE15-SP1_Update_30-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.111.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Swamp Workflow Management 2022-04-19 16:29:35 UTC
SUSE-SU-2022:1266-1: An update that solves 20 vulnerabilities, contains three features and has 38 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196723,1196761,1196830,1196836,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197391,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.94.1, kernel-source-azure-4.12.14-16.94.1, kernel-syms-azure-4.12.14-16.94.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 47 Swamp Workflow Management 2022-04-19 16:33:48 UTC
SUSE-SU-2022:1267-1: An update that solves 20 vulnerabilities, contains one feature and has 7 fixes is now available.

Category: security (important)
Bug References: 1180153,1189562,1193738,1194943,1195051,1195353,1196018,1196114,1196468,1196488,1196514,1196573,1196639,1196761,1196830,1196836,1196942,1196973,1197211,1197227,1197331,1197366,1197391,1197462,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-18234
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.96.1, kgraft-patch-SLE12-SP4_Update_26-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.96.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 48 Swamp Workflow Management 2022-04-20 10:23:01 UTC
SUSE-SU-2022:1270-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 1189562,1196018,1196488,1196761,1196830,1196836,1197227,1197331,1197366
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.161.1, kernel-source-4.4.180-94.161.1, kernel-syms-4.4.180-94.161.1, kgraft-patch-SLE12-SP3_Update_44-1-4.5.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.161.1, kernel-source-4.4.180-94.161.1, kernel-syms-4.4.180-94.161.1, kgraft-patch-SLE12-SP3_Update_44-1-4.5.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.161.1, kernel-source-4.4.180-94.161.1, kernel-syms-4.4.180-94.161.1, kgraft-patch-SLE12-SP3_Update_44-1-4.5.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.161.1, kernel-source-4.4.180-94.161.1, kernel-syms-4.4.180-94.161.1, kgraft-patch-SLE12-SP3_Update_44-1-4.5.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.161.1, kernel-source-4.4.180-94.161.1, kernel-syms-4.4.180-94.161.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.161.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.161.1, kernel-source-4.4.180-94.161.1, kernel-syms-4.4.180-94.161.1, kgraft-patch-SLE12-SP3_Update_44-1-4.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 49 Swamp Workflow Management 2022-04-20 16:21:40 UTC
SUSE-SU-2022:1283-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 1189562,1196018,1196488,1196761,1196830,1196836,1197227,1197331,1197366
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.172.1, kernel-source-4.4.121-92.172.1, kernel-syms-4.4.121-92.172.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 52 Michal Kubeček 2022-04-22 18:24:30 UTC
OK, I'm convinced now. We are done here, then:

CVE-2022-1015 (privilege escalation) only affects SLE15-SP4 (fix submitted
against SLE15-SP4-GA) and stable (fix acquired with 5.17.1 stable update).

CVE-2022-1016 (information leak) has the fix submitted against SLE15-SP4 and
present in all relevant 5.3, 4.12 and 4.4 based branches (and also the April
round of maintenance updates). Older branches are not affected as first part
of nftables code was introduced in 3.13-rc1.

Reassigning to security team.
Comment 53 Swamp Workflow Management 2022-04-26 10:22:50 UTC
SUSE-SU-2022:1402-1: An update that solves 20 vulnerabilities, contains three features and has 38 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196723,1196761,1196830,1196836,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197391,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.84.1, kernel-rt_debug-4.12.14-10.84.1, kernel-source-rt-4.12.14-10.84.1, kernel-syms-rt-4.12.14-10.84.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 54 Swamp Workflow Management 2022-04-26 16:21:10 UTC
SUSE-SU-2022:1407-1: An update that solves 15 vulnerabilities and has 34 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194625,1194649,1195640,1195926,1196018,1196196,1196478,1196761,1196823,1197227,1197243,1197300,1197302,1197331,1197343,1197366,1197389,1197462,1197501,1197534,1197661,1197675,1197677,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1198027,1198028,1198029,1198030,1198031,1198032,1198033,1198077
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.85.1, kernel-rt_debug-5.3.18-150300.85.1, kernel-source-rt-5.3.18-150300.85.1, kernel-syms-rt-5.3.18-150300.85.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.85.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.85.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 57 Gabriele Sonnu 2022-05-11 13:04:58 UTC
Done.
Comment 72 Swamp Workflow Management 2022-07-21 22:30:16 UTC
SUSE-SU-2022:2520-1: An update that solves 49 vulnerabilities, contains 26 features and has 207 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1071995,1089644,1103269,1118212,1121726,1137728,1156395,1157038,1157923,1175667,1179439,1179639,1180814,1183682,1183872,1184318,1184924,1187716,1188885,1189998,1190137,1190208,1190336,1190497,1190768,1190786,1190812,1191271,1191663,1192483,1193064,1193277,1193289,1193431,1193556,1193629,1193640,1193787,1193823,1193852,1194086,1194111,1194191,1194409,1194501,1194523,1194526,1194583,1194585,1194586,1194625,1194765,1194826,1194869,1195099,1195287,1195478,1195482,1195504,1195651,1195668,1195669,1195775,1195823,1195826,1195913,1195915,1195926,1195944,1195957,1195987,1196079,1196114,1196130,1196213,1196306,1196367,1196400,1196426,1196478,1196514,1196570,1196723,1196779,1196830,1196836,1196866,1196868,1196869,1196901,1196930,1196942,1196960,1197016,1197157,1197227,1197243,1197292,1197302,1197303,1197304,1197362,1197386,1197501,1197601,1197661,1197675,1197761,1197817,1197819,1197820,1197888,1197889,1197894,1197915,1197917,1197918,1197920,1197921,1197922,1197926,1198009,1198010,1198012,1198013,1198014,1198015,1198016,1198017,1198018,1198019,1198020,1198021,1198022,1198023,1198024,1198027,1198030,1198034,1198058,1198217,1198379,1198400,1198402,1198410,1198412,1198413,1198438,1198484,1198577,1198585,1198660,1198802,1198803,1198806,1198811,1198826,1198829,1198835,1198968,1198971,1199011,1199024,1199035,1199046,1199052,1199063,1199163,1199173,1199260,1199314,1199390,1199426,1199433,1199439,1199482,1199487,1199505,1199507,1199605,1199611,1199626,1199631,1199650,1199657,1199674,1199736,1199793,1199839,1199875,1199909,1200015,1200019,1200045,1200046,1200144,1200205,1200211,1200259,1200263,1200284,1200315,1200343,1200420,1200442,1200475,1200502,1200567,1200569,1200571,1200599,1200600,1200608,1200611,1200619,1200692,1200762,1200763,1200806,1200807,1200808,1200809,1200810,1200812,1200813,1200815,1200816,1200820,1200821,1200822,1200824,1200825,1200827,1200828,1200829,1200830,1200845,1200882,1200925,1201050,1201080,1201160,1201171,1201177,1201193,1201196,1201218,1201222,1201228,1201251,1201381,1201471,1201524
CVE References: CVE-2021-26341,CVE-2021-33061,CVE-2021-4204,CVE-2021-44879,CVE-2021-45402,CVE-2022-0264,CVE-2022-0494,CVE-2022-0617,CVE-2022-1012,CVE-2022-1016,CVE-2022-1184,CVE-2022-1198,CVE-2022-1205,CVE-2022-1462,CVE-2022-1508,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1998,CVE-2022-20132,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-23222,CVE-2022-26365,CVE-2022-26490,CVE-2022-29582,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33743,CVE-2022-33981,CVE-2022-34918
JIRA References: SLE-13513,SLE-13521,SLE-15442,SLE-17855,SLE-18194,SLE-18234,SLE-18375,SLE-18377,SLE-18378,SLE-18382,SLE-18385,SLE-18901,SLE-18938,SLE-18978,SLE-19001,SLE-19026,SLE-19242,SLE-19249,SLE-19253,SLE-19924,SLE-21315,SLE-23643,SLE-24072,SLE-24093,SLE-24350,SLE-24549
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.11.1, kernel-64kb-5.14.21-150400.24.11.1, kernel-debug-5.14.21-150400.24.11.1, kernel-default-5.14.21-150400.24.11.1, kernel-default-base-5.14.21-150400.24.11.1.150400.24.3.6, kernel-docs-5.14.21-150400.24.11.1, kernel-kvmsmall-5.14.21-150400.24.11.1, kernel-obs-build-5.14.21-150400.24.11.1, kernel-obs-qa-5.14.21-150400.24.11.1, kernel-source-5.14.21-150400.24.11.1, kernel-syms-5.14.21-150400.24.11.1, kernel-zfcpdump-5.14.21-150400.24.11.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.11.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.11.1, kernel-livepatch-SLE15-SP4_Update_1-1-150400.9.5.3
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.11.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.11.1, kernel-obs-build-5.14.21-150400.24.11.1, kernel-source-5.14.21-150400.24.11.1, kernel-syms-5.14.21-150400.24.11.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.11.1, kernel-default-5.14.21-150400.24.11.1, kernel-default-base-5.14.21-150400.24.11.1.150400.24.3.6, kernel-source-5.14.21-150400.24.11.1, kernel-zfcpdump-5.14.21-150400.24.11.1
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 74 Swamp Workflow Management 2022-08-01 13:32:02 UTC
SUSE-SU-2022:2615-1: An update that solves 48 vulnerabilities, contains 26 features and has 202 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1071995,1089644,1103269,1118212,1121726,1137728,1156395,1157038,1157923,1175667,1179439,1179639,1180814,1183682,1183872,1184318,1184924,1187716,1188885,1189998,1190137,1190208,1190336,1190497,1190768,1190786,1190812,1191271,1191663,1192483,1193064,1193277,1193289,1193431,1193556,1193629,1193640,1193787,1193823,1193852,1194086,1194111,1194191,1194409,1194501,1194523,1194526,1194583,1194585,1194586,1194625,1194765,1194826,1194869,1195099,1195287,1195478,1195482,1195504,1195651,1195668,1195669,1195775,1195823,1195826,1195913,1195915,1195926,1195944,1195957,1195987,1196079,1196114,1196130,1196213,1196306,1196367,1196400,1196426,1196478,1196514,1196570,1196723,1196779,1196830,1196836,1196866,1196868,1196869,1196901,1196930,1196942,1196960,1197016,1197157,1197227,1197243,1197292,1197302,1197303,1197304,1197362,1197386,1197501,1197601,1197661,1197675,1197761,1197817,1197819,1197820,1197888,1197889,1197894,1197915,1197917,1197918,1197920,1197921,1197922,1197926,1198009,1198010,1198012,1198013,1198014,1198015,1198016,1198017,1198018,1198019,1198020,1198021,1198022,1198023,1198024,1198027,1198030,1198034,1198058,1198217,1198379,1198400,1198402,1198412,1198413,1198438,1198484,1198577,1198585,1198660,1198802,1198803,1198806,1198811,1198826,1198835,1198968,1198971,1199011,1199024,1199035,1199046,1199052,1199063,1199163,1199173,1199260,1199314,1199390,1199426,1199433,1199439,1199482,1199487,1199505,1199507,1199605,1199611,1199626,1199631,1199650,1199657,1199674,1199736,1199793,1199839,1199875,1199909,1200015,1200019,1200045,1200046,1200144,1200205,1200211,1200259,1200263,1200284,1200315,1200343,1200420,1200442,1200475,1200502,1200567,1200569,1200571,1200572,1200599,1200600,1200608,1200611,1200619,1200692,1200762,1200763,1200806,1200807,1200808,1200809,1200810,1200812,1200815,1200816,1200820,1200822,1200824,1200825,1200827,1200828,1200829,1200830,1200845,1200882,1200925,1201050,1201160,1201171,1201177,1201193,1201196,1201218,1201222,1201228,1201251,150300
CVE References: CVE-2021-26341,CVE-2021-33061,CVE-2021-4204,CVE-2021-44879,CVE-2021-45402,CVE-2022-0264,CVE-2022-0494,CVE-2022-0617,CVE-2022-1012,CVE-2022-1016,CVE-2022-1184,CVE-2022-1198,CVE-2022-1205,CVE-2022-1508,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1998,CVE-2022-20132,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-23222,CVE-2022-26365,CVE-2022-26490,CVE-2022-29582,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33743,CVE-2022-33981,CVE-2022-34918
JIRA References: SLE-13513,SLE-13521,SLE-15442,SLE-17855,SLE-18194,SLE-18234,SLE-18375,SLE-18377,SLE-18378,SLE-18382,SLE-18385,SLE-18901,SLE-18938,SLE-18978,SLE-19001,SLE-19026,SLE-19242,SLE-19249,SLE-19253,SLE-19924,SLE-21315,SLE-23643,SLE-24072,SLE-24093,SLE-24350,SLE-24549
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.7.1, kernel-source-azure-5.14.21-150400.14.7.1, kernel-syms-azure-5.14.21-150400.14.7.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.7.1, kernel-source-azure-5.14.21-150400.14.7.1, kernel-syms-azure-5.14.21-150400.14.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.