Bug 1200598 - (CVE-2022-20166) VUL-0: CVE-2022-20166: kernel-source-rt,kernel-source,kernel-source-azure: possible out of bounds write due to sprintf unsafety
(CVE-2022-20166)
VUL-0: CVE-2022-20166: kernel-source-rt,kernel-source,kernel-source-azure: po...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/334765/
CVSSv3.1:SUSE:CVE-2022-20166:6.1:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-06-16 09:21 UTC by Carlos López
Modified: 2022-10-20 11:39 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-06-16 09:21:37 UTC
CVE-2022-20166

In various methods of kernel base drivers, there is a possible out of bounds
write due to a heap buffer overflow. This could lead to local escalation of
privilege with System execution privileges needed. User interaction is not
needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-182388481References: Upstream kernel

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20166
https://source.android.com/security/bulletin/pixel/2022-06-01
Comment 1 Carlos López 2022-06-16 09:40:20 UTC
Upstream fix:
https://github.com/torvalds/linux/commit/aa838896d87af561a33ecefea1caa4c15a68bc47

Cherrypicked Android fix:
https://android.googlesource.com/kernel/common/+/37c7c8d4f0856ca30c2583adead91f42711f9c2f%5E%21/

Android just patches the calls in drivers/base/power/wakeup_stats.c, which are also not fixed in cve/linux-5.3. There are instances of different unpatched s(n)printf calls going back to cve/linux-4.4. There are similar calls in cve/linux-3.0, perhaps it's worth to backport there as well.

SLE15-SP4 and newer already contain the upstream fix.

FTR I'm not sure why Android only fixed a subset of these calls.
Comment 4 Petr Mladek 2022-07-22 10:53:52 UTC
I have started working on it. It is more complicated than I thought.

The commit https://github.com/torvalds/linux/commit/aa838896d87af561a33ecefea1caa4c15a68bc47
is just one piece of a bigger series that fixed sysfs _show() callbacks
on many other locations.

I have backported the entire series for 5.3 but it was a lot of work
and it broke KABI.

Most of the changes are not actually needed because most sysfs
files show only some well defined short string and never overflow
PAGE_SIZE.

I am going to revisit it and probably backport only the parts
where _show() callback might eventually overflow PAGE_SIZE.
Comment 5 Petr Mladek 2022-07-28 11:14:38 UTC
I took the following upstream commits:

+ 2efc459d06f1630001e3984854848a5647086232 ("sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output")
+ aa838896d87af561a33ecefea1caa4c15a68bc47 ("drivers core: Use sysfs_emit and sysfs_emit_at for  show(device *...) functions")
+ 973c39115cb308b6b1fe64b4f342996f3eef06d0 ("drivers core: Remove strcat uses around sysfs_emit and neaten")
+ 948b3edba8988306b635578a72b0dab6091a5eb0 ("drivers core: Miscellaneous changes for sysfs_emit")
+ 7981593bf083801035b1f1377661849805acb216 ("mm: and drivers core: Convert hugetlb_report_node_meminfo to sysfs_emit")

Removed changes that did not fix any security problems. The more
secure API is not strictly needed when the PAGE_SIZE buffer could
never overflow, for example, it is used to show a single interger
or hardcoded string. Also I removed many pure clean up changes.

I have pushed it into all CVE branches cve/linux-3.0.

Reassining back to the security team for further tracking.
Comment 15 Swamp Workflow Management 2022-08-09 16:17:32 UTC
SUSE-SU-2022:2721-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1173514,1196973,1198829,1200598,1200762,1200910,1201251,1201429,1201635,1201636,1201742,1201752,1201930,1201940
CVE References: CVE-2020-15393,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2021-39713,CVE-2022-1462,CVE-2022-20166,CVE-2022-2318,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.181.1, kernel-source-4.4.121-92.181.1, kernel-syms-4.4.121-92.181.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2022-08-09 16:19:39 UTC
SUSE-SU-2022:2720-1: An update that solves 7 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1103269,1114648,1190812,1195775,1195926,1198484,1198829,1200442,1200598,1200644,1200651,1200910,1201196,1201381,1201429,1201635,1201636,1201644,1201651,1201742,1201752,1201930,1201940,1201954,1201958
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.106.1, kernel-source-azure-4.12.14-16.106.1, kernel-syms-azure-4.12.14-16.106.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2022-08-09 16:22:07 UTC
SUSE-SU-2022:2723-1: An update that solves 8 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1195775,1195926,1198484,1198829,1200442,1200598,1200910,1201050,1201429,1201635,1201636,1201926,1201930,1201940
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-26341,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.98.1, kernel-docs-4.12.14-150000.150.98.2, kernel-obs-build-4.12.14-150000.150.98.1, kernel-source-4.12.14-150000.150.98.1, kernel-syms-4.12.14-150000.150.98.1, kernel-vanilla-4.12.14-150000.150.98.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.98.1, kernel-docs-4.12.14-150000.150.98.2, kernel-obs-build-4.12.14-150000.150.98.1, kernel-source-4.12.14-150000.150.98.1, kernel-syms-4.12.14-150000.150.98.1, kernel-vanilla-4.12.14-150000.150.98.1, kernel-zfcpdump-4.12.14-150000.150.98.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.98.1, kernel-livepatch-SLE15_Update_32-1-150000.1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.98.1, kernel-docs-4.12.14-150000.150.98.2, kernel-obs-build-4.12.14-150000.150.98.1, kernel-source-4.12.14-150000.150.98.1, kernel-syms-4.12.14-150000.150.98.1, kernel-vanilla-4.12.14-150000.150.98.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.98.1, kernel-docs-4.12.14-150000.150.98.2, kernel-obs-build-4.12.14-150000.150.98.1, kernel-source-4.12.14-150000.150.98.1, kernel-syms-4.12.14-150000.150.98.1, kernel-vanilla-4.12.14-150000.150.98.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2022-08-09 16:25:41 UTC
SUSE-SU-2022:2719-1: An update that solves 7 vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1103269,1114648,1190812,1195775,1195926,1198484,1198829,1200442,1200598,1200644,1200651,1200910,1201196,1201381,1201429,1201635,1201636,1201644,1201651,1201930,1201940,1201954,1201958
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.130.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.130.2, kernel-obs-build-4.12.14-122.130.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.130.1, kernel-source-4.12.14-122.130.1, kernel-syms-4.12.14-122.130.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.130.1, kgraft-patch-SLE12-SP5_Update_34-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.130.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2022-08-10 13:17:44 UTC
SUSE-SU-2022:2741-1: An update that solves 16 vulnerabilities, contains one feature and has 15 fixes is now available.

Category: security (important)
Bug References: 1178134,1198829,1199364,1199647,1199665,1199670,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201458,1201635,1201636,1201644,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.75.1, kernel-source-azure-5.3.18-150300.38.75.1, kernel-syms-azure-5.3.18-150300.38.75.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.75.1, kernel-source-azure-5.3.18-150300.38.75.1, kernel-syms-azure-5.3.18-150300.38.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2022-08-16 19:16:26 UTC
SUSE-SU-2022:2827-1: An update that solves 7 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1195775,1195926,1198484,1198829,1200442,1200598,1200910,1201429,1201635,1201636,1201644,1201926,1201930,1201940
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-36946
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.120.1, kernel-default-4.12.14-150100.197.120.1, kernel-kvmsmall-4.12.14-150100.197.120.1, kernel-vanilla-4.12.14-150100.197.120.1, kernel-zfcpdump-4.12.14-150100.197.120.1
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.120.1, kernel-default-4.12.14-150100.197.120.1, kernel-kvmsmall-4.12.14-150100.197.120.1, kernel-vanilla-4.12.14-150100.197.120.1, kernel-zfcpdump-4.12.14-150100.197.120.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1, kernel-zfcpdump-4.12.14-150100.197.120.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.120.1, kernel-livepatch-SLE15-SP1_Update_33-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.120.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2022-08-18 13:16:46 UTC
SUSE-SU-2022:2840-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1173514,1196973,1198829,1200598,1200762,1200910,1201251,1201429,1201635,1201636,1201930,1201940
CVE References: CVE-2020-15393,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2021-39713,CVE-2022-1462,CVE-2022-20166,CVE-2022-2318,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.171.1, kernel-source-4.4.180-94.171.1, kernel-syms-4.4.180-94.171.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2022-08-23 16:20:55 UTC
SUSE-SU-2022:2875-1: An update that solves 18 vulnerabilities, contains one feature and has 18 fixes is now available.

Category: security (important)
Bug References: 1178134,1196616,1198829,1199364,1199647,1199665,1199670,1200015,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958,1202154
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.90.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.90.1, kernel-64kb-5.3.18-150300.59.90.1, kernel-debug-5.3.18-150300.59.90.1, kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1, kernel-docs-5.3.18-150300.59.90.1, kernel-kvmsmall-5.3.18-150300.59.90.1, kernel-obs-build-5.3.18-150300.59.90.1, kernel-obs-qa-5.3.18-150300.59.90.1, kernel-preempt-5.3.18-150300.59.90.1, kernel-source-5.3.18-150300.59.90.1, kernel-syms-5.3.18-150300.59.90.1, kernel-zfcpdump-5.3.18-150300.59.90.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-preempt-5.3.18-150300.59.90.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-livepatch-SLE15-SP3_Update_23-1-150300.7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.90.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.90.1, kernel-obs-build-5.3.18-150300.59.90.1, kernel-preempt-5.3.18-150300.59.90.1, kernel-source-5.3.18-150300.59.90.1, kernel-syms-5.3.18-150300.59.90.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.90.1, kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1, kernel-preempt-5.3.18-150300.59.90.1, kernel-source-5.3.18-150300.59.90.1, kernel-zfcpdump-5.3.18-150300.59.90.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.90.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2022-08-25 13:21:14 UTC
SUSE-SU-2022:2892-1: An update that solves 17 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1178134,1196616,1196867,1198829,1199364,1199647,1199648,1199665,1199670,1199695,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201742,1201752,1201846,1201930,1201940,1201941,1201954,1201956,1201958,1202087,1202154,1202312
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.99.1, kernel-rt_debug-5.3.18-150300.99.1, kernel-source-rt-5.3.18-150300.99.1, kernel-syms-rt-5.3.18-150300.99.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.99.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.99.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2022-08-26 13:17:38 UTC
SUSE-SU-2022:2910-1: An update that solves 10 vulnerabilities and has 26 fixes is now available.

Category: security (important)
Bug References: 1065729,1103269,1114648,1190812,1195775,1195926,1196616,1196867,1198484,1198829,1199665,1199695,1200442,1200598,1200644,1200651,1200910,1201019,1201196,1201381,1201429,1201635,1201636,1201644,1201651,1201705,1201742,1201752,1201930,1201940,1201941,1201954,1201958,1202087,1202154,1202312
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-2639,CVE-2022-29581,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.97.1, kernel-rt_debug-4.12.14-10.97.1, kernel-source-rt-4.12.14-10.97.1, kernel-syms-rt-4.12.14-10.97.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2022-09-01 15:04:06 UTC
SUSE-SU-2022:2892-2: An update that solves 17 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1178134,1196616,1196867,1198829,1199364,1199647,1199648,1199665,1199670,1199695,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201742,1201752,1201846,1201930,1201940,1201941,1201954,1201956,1201958,1202087,1202154,1202312
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-rt-5.3.18-150300.99.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2022-09-01 15:22:58 UTC
SUSE-SU-2022:2875-2: An update that solves 18 vulnerabilities, contains one feature and has 18 fixes is now available.

Category: security (important)
Bug References: 1178134,1196616,1198829,1199364,1199647,1199665,1199670,1200015,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958,1202154
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2022-09-14 13:20:18 UTC
SUSE-SU-2022:3274-1: An update that solves 15 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1172145,1177440,1188944,1191881,1194535,1196616,1200598,1200770,1200910,1201019,1201420,1201429,1201705,1201726,1201940,1201948,1202096,1202154,1202346,1202347,1202393,1202396,1202672,1202897,1202898,1203098
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-4203,CVE-2022-20166,CVE-2022-20368,CVE-2022-20369,CVE-2022-21385,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-36946
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.108.1, kernel-source-4.12.14-95.108.1, kernel-syms-4.12.14-95.108.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.108.1, kernel-source-4.12.14-95.108.1, kernel-syms-4.12.14-95.108.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.108.1, kernel-source-4.12.14-95.108.1, kernel-syms-4.12.14-95.108.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.108.1, kernel-source-4.12.14-95.108.1, kernel-syms-4.12.14-95.108.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.108.1, kgraft-patch-SLE12-SP4_Update_30-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.108.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.