First Last Prev Next    This bug is not in your last search results.
Bug 1199564 - (CVE-2022-20008) VUL-0: CVE-2022-20008: kernel-source-rt,kernel-source-azure,kernel-source: possible to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c
(CVE-2022-20008)
VUL-0: CVE-2022-20008: kernel-source-rt,kernel-source-azure,kernel-source: po...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/331304/
CVSSv3.1:SUSE:CVE-2022-20008:6.2:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-05-16 08:56 UTC by Robert Frohl
Modified: 2023-01-18 17:40 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2022-05-16 08:56:50 UTC 
CVE-2022-20008

In mmc_blk_read_single of block.c, there is a possible way to read kernel heap
memory due to uninitialized data. This could lead to local information
disclosure if reading from an SD card that triggers errors, with no additional
execution privileges needed. User interaction is not needed for
exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-216481035References: Upstream kernel

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20008
https://source.android.com/security/bulletin/2022-05-01
Comment 2 Robert Frohl 2022-05-16 09:14:33 UTC 
tracking as affected: linux-5.3 and 15-SP4
Comment 3 Takashi Iwai 2022-05-16 09:58:03 UTC 
The corresponding upstream commit 54309fde1a352ad2674ebba004a79f7d20b9f037
I'll backport to relevant branches.
Comment 4 Takashi Iwai 2022-05-16 10:07:34 UTC 
Which CVSS is this?  Whether to merge to SLE15-SP4-GA depends on its score.
Comment 5 Robert Frohl 2022-05-16 11:20:47 UTC 
(In reply to Takashi Iwai from comment #4)
> Which CVSS is this?  Whether to merge to SLE15-SP4-GA depends on its score.

gave it a quick rating, should be synced any moment
Comment 6 Takashi Iwai 2022-05-16 11:27:16 UTC 
(In reply to Robert Frohl from comment #5)
> (In reply to Takashi Iwai from comment #4)
> > Which CVSS is this?  Whether to merge to SLE15-SP4-GA depends on its score.
> 
> gave it a quick rating, should be synced any moment

OK, for now it's 6.4, so it doesn't qualify for SLE15-SP4-GA.
The fix is already present in SLE15-SP4 branch and I updated the patch reference.

The fix was backported to SLE15-SP3 branch (in my */for-next).

Reassigned back to security team.  If CVSS goes over 7.0, let me know, I'll cherry-pick to SLE15-SP4-GA.
Comment 15 Swamp Workflow Management 2022-06-14 22:32:57 UTC 
SUSE-SU-2022:2079-1: An update that solves 15 vulnerabilities, contains two features and has 36 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1103269,1118212,1152472,1152489,1153274,1154353,1156395,1158266,1167773,1176447,1178134,1180100,1183405,1188885,1195612,1195651,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198534,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200019,1200045,1200046,1200192,1200216
CVE References: CVE-2019-19377,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1972,CVE-2022-20008,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-24448,CVE-2022-30594
JIRA References: SLE-13521,SLE-16387
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.59.1, kernel-source-azure-5.3.18-150300.38.59.1, kernel-syms-azure-5.3.18-150300.38.59.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.59.1, kernel-source-azure-5.3.18-150300.38.59.1, kernel-syms-azure-5.3.18-150300.38.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2022-06-14 22:37:49 UTC 
SUSE-SU-2022:2078-1: An update that solves 14 vulnerabilities, contains two features and has 32 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200019,1200045,1200046,1200192,1200216
CVE References: CVE-2019-19377,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1972,CVE-2022-20008,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594
JIRA References: SLE-13521,SLE-16387
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.71.1, kernel-preempt-5.3.18-150300.59.71.2
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.71.1, kernel-64kb-5.3.18-150300.59.71.2, kernel-debug-5.3.18-150300.59.71.2, kernel-default-5.3.18-150300.59.71.2, kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2, kernel-docs-5.3.18-150300.59.71.2, kernel-kvmsmall-5.3.18-150300.59.71.2, kernel-obs-build-5.3.18-150300.59.71.2, kernel-obs-qa-5.3.18-150300.59.71.1, kernel-preempt-5.3.18-150300.59.71.2, kernel-source-5.3.18-150300.59.71.2, kernel-syms-5.3.18-150300.59.71.1, kernel-zfcpdump-5.3.18-150300.59.71.2
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.71.2, kernel-preempt-5.3.18-150300.59.71.2
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.71.2, kernel-livepatch-SLE15-SP3_Update_19-1-150300.7.3.2
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.71.2
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.71.2, kernel-obs-build-5.3.18-150300.59.71.2, kernel-preempt-5.3.18-150300.59.71.2, kernel-source-5.3.18-150300.59.71.2, kernel-syms-5.3.18-150300.59.71.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.71.2, kernel-default-5.3.18-150300.59.71.2, kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2, kernel-preempt-5.3.18-150300.59.71.2, kernel-source-5.3.18-150300.59.71.2, kernel-zfcpdump-5.3.18-150300.59.71.2
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.71.2, kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.71.2, kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.71.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Swamp Workflow Management 2022-06-24 16:23:53 UTC 
SUSE-SU-2022:2177-1: An update that solves 20 vulnerabilities, contains three features and has 39 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1177282,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199365,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200015,1200019,1200045,1200046,1200143,1200144,1200192,1200206,1200207,1200216,1200249,1200259,1200263,1200529,1200549,1200604
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1975,CVE-2022-20008,CVE-2022-20141,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594,CVE-2022-32250
JIRA References: SLE-13521,SLE-16387,SLE-8371
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.93.1, kernel-rt_debug-5.3.18-150300.93.1, kernel-source-rt-5.3.18-150300.93.1, kernel-syms-rt-5.3.18-150300.93.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.93.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.93.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2022-09-01 14:20:34 UTC 
openSUSE-SU-2022:2177-1: An update that solves 20 vulnerabilities, contains three features and has 39 fixes is now available.

Category: security (important)
Bug References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1177282,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199365,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200015,1200019,1200045,1200046,1200143,1200144,1200192,1200206,1200207,1200216,1200249,1200259,1200263,1200529,1200549,1200604
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1975,CVE-2022-20008,CVE-2022-20141,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594,CVE-2022-32250
JIRA References: SLE-13521,SLE-16387,SLE-8371
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-rt-5.3.18-150300.93.1
Comment 30 Thomas Leroy 2022-09-14 09:57:38 UTC 
It seems that SLE15-SP2-LTSS branch didn't get the fix. Takashi, could you please add the patch there? :)
Comment 31 Takashi Iwai 2022-09-14 10:17:38 UTC 
My bad, the following branches missed the fix:
- SLE15-SP2-LTSS
- SLE15-SP1-LTSS
- SLE12-SP5

For SLE15-SP2-LTSS, I backported to cve/linux-5.3.
For SLE15-SP1-LTSS and SLE12-SP5, backported to each one, respectively, since cve/linux-4.4 doesn't contain the mmc blk-q support yet.
Comment 43 Swamp Workflow Management 2022-10-14 13:32:45 UTC 
SUSE-SU-2022:3587-1: An update that solves 8 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1124235,1129770,1154048,1190317,1199564,1201309,1202097,1202385,1202677,1202960,1203098,1203107,1203410,1203424,1203462,1203552,1203769,1203935,1203987
CVE References: CVE-2022-20008,CVE-2022-2503,CVE-2022-2663,CVE-2022-3239,CVE-2022-3303,CVE-2022-39188,CVE-2022-41218,CVE-2022-41848
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.136.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.136.1, kernel-obs-build-4.12.14-122.136.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.136.1, kernel-source-4.12.14-122.136.1, kernel-syms-4.12.14-122.136.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.136.1, kgraft-patch-SLE12-SP5_Update_36-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.136.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Swamp Workflow Management 2022-10-14 13:34:47 UTC 
SUSE-SU-2022:3584-1: An update that solves 8 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1124235,1129770,1154048,1190317,1199564,1201309,1202097,1202385,1202677,1202960,1203098,1203107,1203410,1203424,1203462,1203552,1203769,1203933,1203935,1203987
CVE References: CVE-2022-20008,CVE-2022-2503,CVE-2022-2663,CVE-2022-3239,CVE-2022-3303,CVE-2022-39188,CVE-2022-41218,CVE-2022-41848
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.112.1, kernel-source-azure-4.12.14-16.112.1, kernel-syms-azure-4.12.14-16.112.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 48 Swamp Workflow Management 2022-10-22 13:19:40 UTC 
SUSE-SU-2022:3693-1: An update that solves 7 vulnerabilities, contains one feature and has one errata is now available.

Category: security (important)
Bug References: 1199564,1200288,1201309,1202677,1202960,1203552,1203769,1203987
CVE References: CVE-2022-20008,CVE-2022-2503,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-41218,CVE-2022-41848
JIRA References: PED-529
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.126.1, kernel-default-4.12.14-150100.197.126.1, kernel-kvmsmall-4.12.14-150100.197.126.1, kernel-vanilla-4.12.14-150100.197.126.1, kernel-zfcpdump-4.12.14-150100.197.126.1
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.126.1, kernel-default-4.12.14-150100.197.126.1, kernel-kvmsmall-4.12.14-150100.197.126.1, kernel-vanilla-4.12.14-150100.197.126.1, kernel-zfcpdump-4.12.14-150100.197.126.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.126.1, kernel-docs-4.12.14-150100.197.126.1, kernel-obs-build-4.12.14-150100.197.126.1, kernel-source-4.12.14-150100.197.126.1, kernel-syms-4.12.14-150100.197.126.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.126.1, kernel-docs-4.12.14-150100.197.126.1, kernel-obs-build-4.12.14-150100.197.126.1, kernel-source-4.12.14-150100.197.126.1, kernel-syms-4.12.14-150100.197.126.1, kernel-zfcpdump-4.12.14-150100.197.126.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.126.1, kernel-docs-4.12.14-150100.197.126.1, kernel-obs-build-4.12.14-150100.197.126.1, kernel-source-4.12.14-150100.197.126.1, kernel-syms-4.12.14-150100.197.126.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.126.1, kernel-livepatch-SLE15-SP1_Update_35-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.126.1, kernel-docs-4.12.14-150100.197.126.1, kernel-obs-build-4.12.14-150100.197.126.1, kernel-source-4.12.14-150100.197.126.1, kernel-syms-4.12.14-150100.197.126.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.126.1, kernel-docs-4.12.14-150100.197.126.1, kernel-obs-build-4.12.14-150100.197.126.1, kernel-source-4.12.14-150100.197.126.1, kernel-syms-4.12.14-150100.197.126.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.126.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.126.1, kernel-docs-4.12.14-150100.197.126.1, kernel-obs-build-4.12.14-150100.197.126.1, kernel-source-4.12.14-150100.197.126.1, kernel-syms-4.12.14-150100.197.126.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.126.1, kernel-docs-4.12.14-150100.197.126.1, kernel-obs-build-4.12.14-150100.197.126.1, kernel-source-4.12.14-150100.197.126.1, kernel-syms-4.12.14-150100.197.126.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 50 Swamp Workflow Management 2022-10-24 16:21:26 UTC 
SUSE-SU-2022:3704-1: An update that solves 15 vulnerabilities, contains one feature and has three fixes is now available.

Category: security (important)
Bug References: 1177471,1199564,1200288,1201309,1201310,1202095,1202385,1202677,1202960,1203552,1203622,1203769,1203770,1203987,1203992,1204051,1204059,1204060
CVE References: CVE-2020-16119,CVE-2022-20008,CVE-2022-2503,CVE-2022-2586,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721
JIRA References: PED-529
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-livepatch-SLE15-SP2_Update_31-1-150200.5.3.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.134.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 51 Swamp Workflow Management 2022-10-26 14:13:32 UTC 
SUSE-SU-2022:3775-1: An update that solves 17 vulnerabilities, contains one feature and has 29 fixes is now available.

Category: security (important)
Bug References: 1177471,1185032,1194023,1196444,1197659,1199564,1200313,1200622,1201309,1201310,1201489,1201645,1201865,1201990,1202095,1202341,1202385,1202677,1202960,1202984,1203159,1203290,1203313,1203389,1203410,1203424,1203514,1203552,1203622,1203737,1203769,1203770,1203906,1203909,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125,1204289,1204290,1204291,1204292
CVE References: CVE-2020-16119,CVE-2022-20008,CVE-2022-2503,CVE-2022-2586,CVE-2022-3169,CVE-2022-3239,CVE-2022-3303,CVE-2022-40768,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722
JIRA References: PED-529
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.98.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.98.1, kernel-64kb-5.3.18-150300.59.98.1, kernel-debug-5.3.18-150300.59.98.1, kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3, kernel-docs-5.3.18-150300.59.98.1, kernel-kvmsmall-5.3.18-150300.59.98.1, kernel-obs-build-5.3.18-150300.59.98.1, kernel-obs-qa-5.3.18-150300.59.98.1, kernel-preempt-5.3.18-150300.59.98.1, kernel-source-5.3.18-150300.59.98.1, kernel-syms-5.3.18-150300.59.98.1, kernel-zfcpdump-5.3.18-150300.59.98.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-preempt-5.3.18-150300.59.98.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-livepatch-SLE15-SP3_Update_25-1-150300.7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.98.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.98.1, kernel-obs-build-5.3.18-150300.59.98.1, kernel-preempt-5.3.18-150300.59.98.1, kernel-source-5.3.18-150300.59.98.1, kernel-syms-5.3.18-150300.59.98.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.98.1, kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3, kernel-preempt-5.3.18-150300.59.98.1, kernel-source-5.3.18-150300.59.98.1, kernel-zfcpdump-5.3.18-150300.59.98.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 52 Swamp Workflow Management 2022-10-31 14:36:08 UTC 
SUSE-SU-2022:3810-1: An update that solves 10 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1032323,1124235,1129770,1154048,1190317,1199564,1201309,1202385,1202677,1202960,1203142,1203198,1203254,1203290,1203322,1203410,1203424,1203462,1203514,1203552,1203769,1203802,1203935,1203987,1204166
CVE References: CVE-2022-20008,CVE-2022-2503,CVE-2022-3169,CVE-2022-3239,CVE-2022-3303,CVE-2022-3424,CVE-2022-40307,CVE-2022-40768,CVE-2022-41218,CVE-2022-41848
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.103.1, kernel-rt_debug-4.12.14-10.103.1, kernel-source-rt-4.12.14-10.103.1, kernel-syms-rt-4.12.14-10.103.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
First Last Prev Next    This bug is not in your last search results.