Bug 1199507 - (CVE-2022-1729) VUL-0: CVE-2022-1729: kernel-source: kernel/core: race condition in perf_event_open leads to privilege escalation
(CVE-2022-1729)
VUL-0: CVE-2022-1729: kernel-source: kernel/core: race condition in perf_even...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/331771/
CVSSv3.1:SUSE:CVE-2022-1729:8.2:(AV:L...
:
Depends on:
Blocks: 1199697
  Show dependency treegraph
 
Reported: 2022-05-13 08:23 UTC by Gabriele Sonnu
Modified: 2022-08-02 19:18 UTC (History)
8 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 26 Gabriele Sonnu 2022-05-23 07:15:25 UTC
Public now:

Hello,

this is an announcement for a recently reported vulnerability (CVE-2022-1729) in the perf subsystem
of the Linux kernel. The issue is a race condition which was proven to allow for a local privilege
escalation to root on current kernel version >= 5.4.193, but the bug seems to exist since kernel
version 4.0-rc1 (patch fixes the commit to this version).
Fortunately, major Linux distributions often restrict the use of perf for unprivileged users by
setting the sysctl variable kernel.perf_event_paranoid >= 3, effectively rendering the
vulnerability harmless.

The patch can be found at
https://lkml.kernel.org/r/20220520183806.GV2578@worktop.programming.kicks-ass.net

Details
-------

The following syscall order triggers the bug:

1) fd0 = perf_event_open, type PERF_TYPE_TRACEPOINT is created.

Called simultaneously:

2) thread 1: fd1 = perf_event_open, type PERF_TYPE_HARDWARE, group leader fd0
3) thread 2: fd2 = perf_event_open, type PERF_TYPE_SOFTWARE, group leader fd0

4) thread 1: fd1 is of type PERF_TYPE_HARDWARE, and the group leader is of
	type PERF_TYPE_TRACEPOINT. Because fd1 is a hardware event in a software event group,
	the whole group is required to move to a hardware context, so move_group is set to 1.

5) thread 1: fd1 takes the context lock.

6) thread 2: fd2 is of type PERF_TYPE_SOFTWARE, so no group migration is needed and
	move_group is set to 0. This thread *waits* at the lock while it's held by fd1.

7) thread 1: all siblings of fd1 and the group leader fd0 are moved from
	the current software context to a new hardware context.

8) thread 1: creation of fd1 is finished and the lock released.

9) thread 2: fd2 acquires the lock, and it is still attached to the old software context,
	even though its group leader fd0 is attached to the new hardware context.

The following sequence of event closes leaves a dangling pointer in the hardware context:

1) close fd0
2) close fd1
	All of its siblings (fd2 in this case) are attached to a new context.
	Now, fd2 is in two contexts at the same time.
3) close fd2
	The event is removed from its old software context and freed, but a dangling pointer still persists
	in the newer context. For instance, merge_sched_in() can access this freed event when scheduling
	in events for the hardware context, leading to a use-after-free.
Comment 28 Jiri Slaby 2022-05-23 09:58:52 UTC
FTR, merged in upstream now as:
commit 3ac6487e584a1eb54071dbe1212e05b884136704
Author: Peter Zijlstra <peterz@infradead.org>
Date:   Fri May 20 20:38:06 2022 +0200

    perf: Fix sys_perf_event_open() race against self
Comment 50 Swamp Workflow Management 2022-06-14 22:19:13 UTC
SUSE-SU-2022:2077-1: An update that solves 29 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1055710,1065729,1084513,1087082,1126703,1158266,1173265,1182171,1183646,1183723,1187055,1191647,1196426,1197343,1198031,1198032,1198516,1198577,1198660,1198687,1198742,1199012,1199063,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2018-20784,CVE-2018-7755,CVE-2019-19377,CVE-2020-10769,CVE-2021-20292,CVE-2021-20321,CVE-2021-28688,CVE-2021-33061,CVE-2021-38208,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-28388,CVE-2022-28390,CVE-2022-30594
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.175.2, kernel-source-4.4.121-92.175.2, kernel-syms-4.4.121-92.175.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 51 Swamp Workflow Management 2022-06-14 22:22:47 UTC
SUSE-SU-2022:2080-1: An update that solves 18 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1024718,1055117,1061840,1065729,1129770,1158266,1162338,1162369,1173871,1188885,1194124,1195612,1195651,1196426,1196570,1197219,1197601,1198438,1198577,1198899,1198989,1199035,1199063,1199237,1199239,1199314,1199399,1199426,1199505,1199507,1199526,1199602,1199605,1199606,1199631,1199650,1199671,1199839,1200015,1200045,1200057,1200143,1200144,1200173,1200249
CVE References: CVE-2019-19377,CVE-2021-33061,CVE-2021-39711,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-24448,CVE-2022-30594
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.100.2, kernel-source-azure-4.12.14-16.100.1, kernel-syms-azure-4.12.14-16.100.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 52 Swamp Workflow Management 2022-06-14 22:27:25 UTC
SUSE-SU-2022:2082-1: An update that solves 29 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1051510,1055710,1065729,1084513,1087082,1126703,1158266,1173265,1182171,1183646,1183723,1187055,1191647,1195651,1196426,1197343,1198031,1198032,1198516,1198577,1198660,1198687,1198742,1198962,1198997,1199012,1199063,1199314,1199426,1199505,1199507,1199605,1199650,1199785,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2018-20784,CVE-2018-7755,CVE-2019-19377,CVE-2020-10769,CVE-2021-20292,CVE-2021-20321,CVE-2021-28688,CVE-2021-33061,CVE-2021-38208,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-28388,CVE-2022-28390,CVE-2022-30594
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.164.3
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 53 Swamp Workflow Management 2022-06-14 22:32:52 UTC
SUSE-SU-2022:2079-1: An update that solves 15 vulnerabilities, contains two features and has 36 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1103269,1118212,1152472,1152489,1153274,1154353,1156395,1158266,1167773,1176447,1178134,1180100,1183405,1188885,1195612,1195651,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198534,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200019,1200045,1200046,1200192,1200216
CVE References: CVE-2019-19377,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1972,CVE-2022-20008,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-24448,CVE-2022-30594
JIRA References: SLE-13521,SLE-16387
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.59.1, kernel-source-azure-5.3.18-150300.38.59.1, kernel-syms-azure-5.3.18-150300.38.59.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.59.1, kernel-source-azure-5.3.18-150300.38.59.1, kernel-syms-azure-5.3.18-150300.38.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 54 Swamp Workflow Management 2022-06-14 22:37:44 UTC
SUSE-SU-2022:2078-1: An update that solves 14 vulnerabilities, contains two features and has 32 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200019,1200045,1200046,1200192,1200216
CVE References: CVE-2019-19377,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1972,CVE-2022-20008,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594
JIRA References: SLE-13521,SLE-16387
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.71.1, kernel-preempt-5.3.18-150300.59.71.2
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.71.1, kernel-64kb-5.3.18-150300.59.71.2, kernel-debug-5.3.18-150300.59.71.2, kernel-default-5.3.18-150300.59.71.2, kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2, kernel-docs-5.3.18-150300.59.71.2, kernel-kvmsmall-5.3.18-150300.59.71.2, kernel-obs-build-5.3.18-150300.59.71.2, kernel-obs-qa-5.3.18-150300.59.71.1, kernel-preempt-5.3.18-150300.59.71.2, kernel-source-5.3.18-150300.59.71.2, kernel-syms-5.3.18-150300.59.71.1, kernel-zfcpdump-5.3.18-150300.59.71.2
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.71.2, kernel-preempt-5.3.18-150300.59.71.2
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.71.2, kernel-livepatch-SLE15-SP3_Update_19-1-150300.7.3.2
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.71.2
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.71.2, kernel-obs-build-5.3.18-150300.59.71.2, kernel-preempt-5.3.18-150300.59.71.2, kernel-source-5.3.18-150300.59.71.2, kernel-syms-5.3.18-150300.59.71.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.71.2, kernel-default-5.3.18-150300.59.71.2, kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2, kernel-preempt-5.3.18-150300.59.71.2, kernel-source-5.3.18-150300.59.71.2, kernel-zfcpdump-5.3.18-150300.59.71.2
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.71.2, kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.71.2, kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.71.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 55 Swamp Workflow Management 2022-06-16 19:19:19 UTC
SUSE-SU-2022:2103-1: An update that solves 26 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1028340,1055710,1071995,1087082,1114648,1158266,1172456,1183723,1187055,1191647,1191958,1195651,1196367,1196426,1197219,1197343,1198400,1198516,1198577,1198687,1198742,1198776,1198825,1199012,1199063,1199314,1199399,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2019-19377,CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-33061,CVE-2021-38208,CVE-2021-39711,CVE-2021-43389,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-30594
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.92.2, kernel-docs-4.12.14-150000.150.92.2, kernel-obs-build-4.12.14-150000.150.92.2, kernel-source-4.12.14-150000.150.92.2, kernel-syms-4.12.14-150000.150.92.2, kernel-vanilla-4.12.14-150000.150.92.2
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.92.2, kernel-docs-4.12.14-150000.150.92.2, kernel-obs-build-4.12.14-150000.150.92.2, kernel-source-4.12.14-150000.150.92.2, kernel-syms-4.12.14-150000.150.92.2, kernel-vanilla-4.12.14-150000.150.92.2, kernel-zfcpdump-4.12.14-150000.150.92.2
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.92.2, kernel-livepatch-SLE15_Update_30-1-150000.1.3.2
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.92.2, kernel-docs-4.12.14-150000.150.92.2, kernel-obs-build-4.12.14-150000.150.92.2, kernel-source-4.12.14-150000.150.92.2, kernel-syms-4.12.14-150000.150.92.2, kernel-vanilla-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.92.2, kernel-docs-4.12.14-150000.150.92.2, kernel-obs-build-4.12.14-150000.150.92.2, kernel-source-4.12.14-150000.150.92.2, kernel-syms-4.12.14-150000.150.92.2, kernel-vanilla-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.92.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 56 Swamp Workflow Management 2022-06-16 19:29:08 UTC
SUSE-SU-2022:2104-1: An update that solves 23 vulnerabilities, contains one feature and has 19 fixes is now available.

Category: security (important)
Bug References: 1028340,1065729,1071995,1158266,1177282,1191647,1195651,1195926,1196114,1196367,1196426,1196433,1196514,1196570,1196942,1197157,1197343,1197472,1197656,1197660,1197895,1198330,1198400,1198484,1198516,1198577,1198660,1198687,1198778,1198825,1199012,1199063,1199314,1199505,1199507,1199605,1199650,1199918,1200015,1200143,1200144,1200249
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-20321,CVE-2021-33061,CVE-2022-0168,CVE-2022-1011,CVE-2022-1158,CVE-2022-1184,CVE-2022-1353,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-28893,CVE-2022-30594
JIRA References: SLE-18234
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-livepatch-SLE15-SP2_Update_27-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.115.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 57 Swamp Workflow Management 2022-06-17 13:21:07 UTC
SUSE-SU-2022:2111-1: An update that solves 30 vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 1028340,1055710,1065729,1071995,1084513,1087082,1114648,1158266,1172456,1177282,1182171,1183723,1187055,1191647,1191958,1195065,1195651,1196018,1196367,1196426,1196999,1197219,1197343,1197663,1198400,1198516,1198577,1198660,1198687,1198742,1198777,1198825,1199012,1199063,1199314,1199399,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2018-7755,CVE-2019-19377,CVE-2019-20811,CVE-2020-26541,CVE-2021-20292,CVE-2021-20321,CVE-2021-33061,CVE-2021-38208,CVE-2021-39711,CVE-2021-43389,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-22942,CVE-2022-28748,CVE-2022-30594
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.114.2, kernel-default-4.12.14-150100.197.114.2, kernel-kvmsmall-4.12.14-150100.197.114.2, kernel-vanilla-4.12.14-150100.197.114.2, kernel-zfcpdump-4.12.14-150100.197.114.2
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.114.2, kernel-default-4.12.14-150100.197.114.2, kernel-kvmsmall-4.12.14-150100.197.114.2, kernel-vanilla-4.12.14-150100.197.114.2, kernel-zfcpdump-4.12.14-150100.197.114.2
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2, kernel-zfcpdump-4.12.14-150100.197.114.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.114.2, kernel-livepatch-SLE15-SP1_Update_31-1-150100.3.3.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.114.2
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 58 Swamp Workflow Management 2022-06-20 13:20:14 UTC
SUSE-SU-2022:2116-1: An update that solves 17 vulnerabilities and has 26 fixes is now available.

Category: security (important)
Bug References: 1024718,1055117,1061840,1065729,1129770,1158266,1162338,1162369,1173871,1188885,1194124,1195651,1196426,1196570,1197219,1197601,1198438,1198577,1198899,1199035,1199063,1199237,1199239,1199314,1199399,1199426,1199505,1199507,1199526,1199602,1199605,1199606,1199631,1199650,1199671,1199839,1200015,1200045,1200057,1200143,1200144,1200173,1200249
CVE References: CVE-2019-19377,CVE-2021-33061,CVE-2021-39711,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-30594
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.124.3
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.124.2, kernel-obs-build-4.12.14-122.124.3
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.124.3, kernel-source-4.12.14-122.124.2, kernel-syms-4.12.14-122.124.2
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.124.3, kgraft-patch-SLE12-SP5_Update_32-1-8.3.3
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.124.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 62 Swamp Workflow Management 2022-06-24 16:23:49 UTC
SUSE-SU-2022:2177-1: An update that solves 20 vulnerabilities, contains three features and has 39 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1177282,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199365,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200015,1200019,1200045,1200046,1200143,1200144,1200192,1200206,1200207,1200216,1200249,1200259,1200263,1200529,1200549,1200604
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1975,CVE-2022-20008,CVE-2022-20141,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594,CVE-2022-32250
JIRA References: SLE-13521,SLE-16387,SLE-8371
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.93.1, kernel-rt_debug-5.3.18-150300.93.1, kernel-source-rt-5.3.18-150300.93.1, kernel-syms-rt-5.3.18-150300.93.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.93.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.93.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 73 Swamp Workflow Management 2022-07-14 13:21:22 UTC
SUSE-SU-2022:2393-1: An update that solves 21 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1158266,1162338,1162369,1173871,1177282,1194013,1196901,1198577,1199426,1199487,1199507,1199657,1200059,1200143,1200144,1200249,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1200762,1201050,1201080,1201251
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-26341,CVE-2021-4157,CVE-2022-1184,CVE-2022-1679,CVE-2022-1729,CVE-2022-1974,CVE-2022-1975,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-21499,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33981
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.102.1, kernel-source-4.12.14-95.102.1, kernel-syms-4.12.14-95.102.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.102.1, kernel-source-4.12.14-95.102.1, kernel-syms-4.12.14-95.102.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.102.1, kernel-source-4.12.14-95.102.1, kernel-syms-4.12.14-95.102.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.102.1, kernel-source-4.12.14-95.102.1, kernel-syms-4.12.14-95.102.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.102.1, kgraft-patch-SLE12-SP4_Update_28-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.102.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 76 Swamp Workflow Management 2022-07-21 22:36:18 UTC
SUSE-SU-2022:2520-1: An update that solves 49 vulnerabilities, contains 26 features and has 207 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1071995,1089644,1103269,1118212,1121726,1137728,1156395,1157038,1157923,1175667,1179439,1179639,1180814,1183682,1183872,1184318,1184924,1187716,1188885,1189998,1190137,1190208,1190336,1190497,1190768,1190786,1190812,1191271,1191663,1192483,1193064,1193277,1193289,1193431,1193556,1193629,1193640,1193787,1193823,1193852,1194086,1194111,1194191,1194409,1194501,1194523,1194526,1194583,1194585,1194586,1194625,1194765,1194826,1194869,1195099,1195287,1195478,1195482,1195504,1195651,1195668,1195669,1195775,1195823,1195826,1195913,1195915,1195926,1195944,1195957,1195987,1196079,1196114,1196130,1196213,1196306,1196367,1196400,1196426,1196478,1196514,1196570,1196723,1196779,1196830,1196836,1196866,1196868,1196869,1196901,1196930,1196942,1196960,1197016,1197157,1197227,1197243,1197292,1197302,1197303,1197304,1197362,1197386,1197501,1197601,1197661,1197675,1197761,1197817,1197819,1197820,1197888,1197889,1197894,1197915,1197917,1197918,1197920,1197921,1197922,1197926,1198009,1198010,1198012,1198013,1198014,1198015,1198016,1198017,1198018,1198019,1198020,1198021,1198022,1198023,1198024,1198027,1198030,1198034,1198058,1198217,1198379,1198400,1198402,1198410,1198412,1198413,1198438,1198484,1198577,1198585,1198660,1198802,1198803,1198806,1198811,1198826,1198829,1198835,1198968,1198971,1199011,1199024,1199035,1199046,1199052,1199063,1199163,1199173,1199260,1199314,1199390,1199426,1199433,1199439,1199482,1199487,1199505,1199507,1199605,1199611,1199626,1199631,1199650,1199657,1199674,1199736,1199793,1199839,1199875,1199909,1200015,1200019,1200045,1200046,1200144,1200205,1200211,1200259,1200263,1200284,1200315,1200343,1200420,1200442,1200475,1200502,1200567,1200569,1200571,1200599,1200600,1200608,1200611,1200619,1200692,1200762,1200763,1200806,1200807,1200808,1200809,1200810,1200812,1200813,1200815,1200816,1200820,1200821,1200822,1200824,1200825,1200827,1200828,1200829,1200830,1200845,1200882,1200925,1201050,1201080,1201160,1201171,1201177,1201193,1201196,1201218,1201222,1201228,1201251,1201381,1201471,1201524
CVE References: CVE-2021-26341,CVE-2021-33061,CVE-2021-4204,CVE-2021-44879,CVE-2021-45402,CVE-2022-0264,CVE-2022-0494,CVE-2022-0617,CVE-2022-1012,CVE-2022-1016,CVE-2022-1184,CVE-2022-1198,CVE-2022-1205,CVE-2022-1462,CVE-2022-1508,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1998,CVE-2022-20132,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-23222,CVE-2022-26365,CVE-2022-26490,CVE-2022-29582,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33743,CVE-2022-33981,CVE-2022-34918
JIRA References: SLE-13513,SLE-13521,SLE-15442,SLE-17855,SLE-18194,SLE-18234,SLE-18375,SLE-18377,SLE-18378,SLE-18382,SLE-18385,SLE-18901,SLE-18938,SLE-18978,SLE-19001,SLE-19026,SLE-19242,SLE-19249,SLE-19253,SLE-19924,SLE-21315,SLE-23643,SLE-24072,SLE-24093,SLE-24350,SLE-24549
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.11.1, kernel-64kb-5.14.21-150400.24.11.1, kernel-debug-5.14.21-150400.24.11.1, kernel-default-5.14.21-150400.24.11.1, kernel-default-base-5.14.21-150400.24.11.1.150400.24.3.6, kernel-docs-5.14.21-150400.24.11.1, kernel-kvmsmall-5.14.21-150400.24.11.1, kernel-obs-build-5.14.21-150400.24.11.1, kernel-obs-qa-5.14.21-150400.24.11.1, kernel-source-5.14.21-150400.24.11.1, kernel-syms-5.14.21-150400.24.11.1, kernel-zfcpdump-5.14.21-150400.24.11.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.11.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.11.1, kernel-livepatch-SLE15-SP4_Update_1-1-150400.9.5.3
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.11.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.11.1, kernel-obs-build-5.14.21-150400.24.11.1, kernel-source-5.14.21-150400.24.11.1, kernel-syms-5.14.21-150400.24.11.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.11.1, kernel-default-5.14.21-150400.24.11.1, kernel-default-base-5.14.21-150400.24.11.1.150400.24.3.6, kernel-source-5.14.21-150400.24.11.1, kernel-zfcpdump-5.14.21-150400.24.11.1
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 78 Swamp Workflow Management 2022-08-01 13:38:38 UTC
SUSE-SU-2022:2615-1: An update that solves 48 vulnerabilities, contains 26 features and has 202 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1071995,1089644,1103269,1118212,1121726,1137728,1156395,1157038,1157923,1175667,1179439,1179639,1180814,1183682,1183872,1184318,1184924,1187716,1188885,1189998,1190137,1190208,1190336,1190497,1190768,1190786,1190812,1191271,1191663,1192483,1193064,1193277,1193289,1193431,1193556,1193629,1193640,1193787,1193823,1193852,1194086,1194111,1194191,1194409,1194501,1194523,1194526,1194583,1194585,1194586,1194625,1194765,1194826,1194869,1195099,1195287,1195478,1195482,1195504,1195651,1195668,1195669,1195775,1195823,1195826,1195913,1195915,1195926,1195944,1195957,1195987,1196079,1196114,1196130,1196213,1196306,1196367,1196400,1196426,1196478,1196514,1196570,1196723,1196779,1196830,1196836,1196866,1196868,1196869,1196901,1196930,1196942,1196960,1197016,1197157,1197227,1197243,1197292,1197302,1197303,1197304,1197362,1197386,1197501,1197601,1197661,1197675,1197761,1197817,1197819,1197820,1197888,1197889,1197894,1197915,1197917,1197918,1197920,1197921,1197922,1197926,1198009,1198010,1198012,1198013,1198014,1198015,1198016,1198017,1198018,1198019,1198020,1198021,1198022,1198023,1198024,1198027,1198030,1198034,1198058,1198217,1198379,1198400,1198402,1198412,1198413,1198438,1198484,1198577,1198585,1198660,1198802,1198803,1198806,1198811,1198826,1198835,1198968,1198971,1199011,1199024,1199035,1199046,1199052,1199063,1199163,1199173,1199260,1199314,1199390,1199426,1199433,1199439,1199482,1199487,1199505,1199507,1199605,1199611,1199626,1199631,1199650,1199657,1199674,1199736,1199793,1199839,1199875,1199909,1200015,1200019,1200045,1200046,1200144,1200205,1200211,1200259,1200263,1200284,1200315,1200343,1200420,1200442,1200475,1200502,1200567,1200569,1200571,1200572,1200599,1200600,1200608,1200611,1200619,1200692,1200762,1200763,1200806,1200807,1200808,1200809,1200810,1200812,1200815,1200816,1200820,1200822,1200824,1200825,1200827,1200828,1200829,1200830,1200845,1200882,1200925,1201050,1201160,1201171,1201177,1201193,1201196,1201218,1201222,1201228,1201251,150300
CVE References: CVE-2021-26341,CVE-2021-33061,CVE-2021-4204,CVE-2021-44879,CVE-2021-45402,CVE-2022-0264,CVE-2022-0494,CVE-2022-0617,CVE-2022-1012,CVE-2022-1016,CVE-2022-1184,CVE-2022-1198,CVE-2022-1205,CVE-2022-1508,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1998,CVE-2022-20132,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-23222,CVE-2022-26365,CVE-2022-26490,CVE-2022-29582,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33743,CVE-2022-33981,CVE-2022-34918
JIRA References: SLE-13513,SLE-13521,SLE-15442,SLE-17855,SLE-18194,SLE-18234,SLE-18375,SLE-18377,SLE-18378,SLE-18382,SLE-18385,SLE-18901,SLE-18938,SLE-18978,SLE-19001,SLE-19026,SLE-19242,SLE-19249,SLE-19253,SLE-19924,SLE-21315,SLE-23643,SLE-24072,SLE-24093,SLE-24350,SLE-24549
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.7.1, kernel-source-azure-5.14.21-150400.14.7.1, kernel-syms-azure-5.14.21-150400.14.7.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.7.1, kernel-source-azure-5.14.21-150400.14.7.1, kernel-syms-azure-5.14.21-150400.14.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 79 Swamp Workflow Management 2022-08-02 19:18:56 UTC
SUSE-SU-2022:2629-1: An update that solves 33 vulnerabilities and has 41 fixes is now available.

Category: security (important)
Bug References: 1024718,1055117,1061840,1065729,1129770,1158266,1177282,1188885,1194013,1194124,1196426,1196570,1196901,1196964,1197170,1197219,1197601,1198438,1198577,1198866,1198899,1199035,1199063,1199237,1199239,1199314,1199399,1199426,1199482,1199487,1199505,1199507,1199526,1199605,1199631,1199650,1199657,1199671,1199839,1200015,1200045,1200143,1200144,1200173,1200249,1200343,1200549,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200762,1200806,1200807,1200809,1200810,1200813,1200820,1200821,1200822,1200829,1200868,1200869,1200870,1200871,1200872,1200873,1200925,1201050,1201080,1201251
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-26341,CVE-2021-33061,CVE-2021-39711,CVE-2021-4157,CVE-2022-1012,CVE-2022-1184,CVE-2022-1652,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1836,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.94.1, kernel-rt_debug-4.12.14-10.94.1, kernel-source-rt-4.12.14-10.94.1, kernel-syms-rt-4.12.14-10.94.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.