Bug 1201726 - (CVE-2022-26373) VUL-0: CVE-2022-26373: CPU info leak via post-barrier RSB predictions
(CVE-2022-26373)
VUL-0: CVE-2022-26373: CPU info leak via post-barrier RSB predictions
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Michal Hocko
Security Team bot
https://smash.suse.de/issue/337835/
CVSSv3.1:SUSE:CVE-2022-26373:5.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-07-20 15:08 UTC by Marcus Meissner
Modified: 2022-12-02 09:24 UTC (History)
9 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
bpetkov: needinfo? (mhocko)
bpetkov: needinfo? (hhetter)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 9 Swamp Workflow Management 2022-08-12 19:17:47 UTC
SUSE-SU-2022:2803-1: An update that solves 5 vulnerabilities, contains 7 features and has 16 fixes is now available.

Category: security (important)
Bug References: 1190256,1190497,1199291,1199356,1199665,1201258,1201323,1201391,1201458,1201592,1201593,1201595,1201596,1201635,1201651,1201691,1201705,1201726,1201846,1201930,1202094
CVE References: CVE-2021-33655,CVE-2022-21505,CVE-2022-2585,CVE-2022-26373,CVE-2022-29581
JIRA References: SLE-21132,SLE-24569,SLE-24570,SLE-24571,SLE-24578,SLE-24635,SLE-24682
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.18.1, kernel-64kb-5.14.21-150400.24.18.1, kernel-debug-5.14.21-150400.24.18.1, kernel-default-5.14.21-150400.24.18.1, kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4, kernel-docs-5.14.21-150400.24.18.1, kernel-kvmsmall-5.14.21-150400.24.18.1, kernel-obs-build-5.14.21-150400.24.18.1, kernel-obs-qa-5.14.21-150400.24.18.1, kernel-source-5.14.21-150400.24.18.1, kernel-syms-5.14.21-150400.24.18.1, kernel-zfcpdump-5.14.21-150400.24.18.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.18.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.18.1, kernel-livepatch-SLE15-SP4_Update_2-1-150400.9.5.2
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.18.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.18.1, kernel-obs-build-5.14.21-150400.24.18.1, kernel-source-5.14.21-150400.24.18.1, kernel-syms-5.14.21-150400.24.18.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.18.1, kernel-default-5.14.21-150400.24.18.1, kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4, kernel-source-5.14.21-150400.24.18.1, kernel-zfcpdump-5.14.21-150400.24.18.1
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2022-09-14 07:21:14 UTC
SUSE-SU-2022:3263-1: An update that solves 11 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1133374,1191881,1196616,1201420,1201726,1201948,1202096,1202346,1202347,1202393,1202897,1202898,1203098,1203107
CVE References: CVE-2019-3900,CVE-2020-36516,CVE-2022-20368,CVE-2022-20369,CVE-2022-21385,CVE-2022-2588,CVE-2022-26373,CVE-2022-2991,CVE-2022-3028,CVE-2022-36879,CVE-2022-39188
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.174.1, kernel-source-4.4.180-94.174.1, kernel-syms-4.4.180-94.174.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2022-09-14 10:29:44 UTC
SUSE-SU-2022:3264-1: An update that solves 15 vulnerabilities, contains one feature and has 61 fixes is now available.

Category: security (important)
Bug References: 1023051,1065729,1156395,1179722,1179723,1181862,1191662,1191667,1191881,1192594,1192968,1194272,1194535,1197158,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199291,1200431,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201420,1201610,1201705,1201726,1201948,1202096,1202097,1202346,1202347,1202393,1202396,1202447,1202564,1202577,1202636,1202672,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1203063,1203098,1203107,1203116,1203117,1203135,1203136,1203137
CVE References: CVE-2016-3695,CVE-2020-27784,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190
JIRA References: SLE-24635
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.93.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.93.1, kernel-64kb-5.3.18-150300.59.93.1, kernel-debug-5.3.18-150300.59.93.1, kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1, kernel-docs-5.3.18-150300.59.93.1, kernel-kvmsmall-5.3.18-150300.59.93.1, kernel-obs-build-5.3.18-150300.59.93.1, kernel-obs-qa-5.3.18-150300.59.93.1, kernel-preempt-5.3.18-150300.59.93.1, kernel-source-5.3.18-150300.59.93.1, kernel-syms-5.3.18-150300.59.93.1, kernel-zfcpdump-5.3.18-150300.59.93.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.93.1, kernel-preempt-5.3.18-150300.59.93.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.93.1, kernel-livepatch-SLE15-SP3_Update_24-1-150300.7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.93.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.93.1, kernel-obs-build-5.3.18-150300.59.93.1, kernel-preempt-5.3.18-150300.59.93.1, kernel-source-5.3.18-150300.59.93.1, kernel-syms-5.3.18-150300.59.93.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.93.1, kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1, kernel-preempt-5.3.18-150300.59.93.1, kernel-source-5.3.18-150300.59.93.1, kernel-zfcpdump-5.3.18-150300.59.93.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.93.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2022-09-14 10:37:38 UTC
SUSE-SU-2022:3265-1: An update that solves 12 vulnerabilities and has 31 fixes is now available.

Category: security (important)
Bug References: 1054914,1065729,1078216,1093777,1094120,1107937,1120716,1141488,1179310,1181862,1189904,1190397,1191881,1194535,1196616,1197158,1198388,1199617,1199665,1201019,1201264,1201420,1201442,1201610,1201705,1201726,1201948,1202017,1202096,1202154,1202346,1202347,1202393,1202396,1202528,1202577,1202672,1202830,1202897,1202898,1203013,1203098,1203126
CVE References: CVE-2020-36516,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-21385,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-29581,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.133.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.133.2, kernel-obs-build-4.12.14-122.133.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.133.1, kernel-source-4.12.14-122.133.1, kernel-syms-4.12.14-122.133.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.133.1, kgraft-patch-SLE12-SP5_Update_35-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.133.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2022-09-14 13:20:53 UTC
SUSE-SU-2022:3274-1: An update that solves 15 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1172145,1177440,1188944,1191881,1194535,1196616,1200598,1200770,1200910,1201019,1201420,1201429,1201705,1201726,1201940,1201948,1202096,1202154,1202346,1202347,1202393,1202396,1202672,1202897,1202898,1203098
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-4203,CVE-2022-20166,CVE-2022-20368,CVE-2022-20369,CVE-2022-21385,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-36946
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.108.1, kernel-source-4.12.14-95.108.1, kernel-syms-4.12.14-95.108.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.108.1, kernel-source-4.12.14-95.108.1, kernel-syms-4.12.14-95.108.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.108.1, kernel-source-4.12.14-95.108.1, kernel-syms-4.12.14-95.108.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.108.1, kernel-source-4.12.14-95.108.1, kernel-syms-4.12.14-95.108.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.108.1, kgraft-patch-SLE12-SP4_Update_30-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.108.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2022-09-15 19:22:10 UTC
SUSE-SU-2022:3282-1: An update that solves 12 vulnerabilities and has 23 fixes is now available.

Category: security (important)
Bug References: 1054914,1065729,1120716,1179310,1190397,1191881,1194535,1196616,1197158,1199617,1199665,1201019,1201264,1201420,1201442,1201610,1201705,1201726,1201948,1202017,1202096,1202154,1202346,1202347,1202393,1202396,1202528,1202577,1202672,1202830,1202897,1202898,1203013,1203098,1203126
CVE References: CVE-2020-36516,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-21385,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-29581,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.109.1, kernel-source-azure-4.12.14-16.109.1, kernel-syms-azure-4.12.14-16.109.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Swamp Workflow Management 2022-09-16 13:24:42 UTC
SUSE-SU-2022:3288-1: An update that solves 25 vulnerabilities, contains four features and has 91 fixes is now available.

Category: security (important)
Bug References: 1023051,1032323,1065729,1156395,1189999,1190497,1192968,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198577,1198702,1198971,1199356,1199515,1200301,1200313,1200431,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201361,1201442,1201455,1201489,1201610,1201726,1201768,1201865,1201940,1201948,1201956,1202094,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202872,1202898,1202989,1203036,1203041,1203063,1203098,1203107,1203117,1203138,1203139,1203159
CVE References: CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-1184,CVE-2022-20368,CVE-2022-20369,CVE-2022-2585,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190
JIRA References: SLE-19359,SLE-23766,SLE-24572,SLE-24682
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.13.1, kernel-source-azure-5.14.21-150400.14.13.1, kernel-syms-azure-5.14.21-150400.14.13.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.13.1, kernel-source-azure-5.14.21-150400.14.13.1, kernel-syms-azure-5.14.21-150400.14.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Swamp Workflow Management 2022-09-16 19:21:13 UTC
SUSE-SU-2022:3291-1: An update that solves 13 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1169514,1177440,1188944,1191881,1194535,1196616,1201019,1201420,1201705,1201726,1201948,1202096,1202097,1202154,1202346,1202347,1202393,1202396,1202672,1202897,1202898,1203098,1203107
CVE References: CVE-2020-36516,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-21385,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-39188
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.101.1, kernel-docs-4.12.14-150000.150.101.1, kernel-obs-build-4.12.14-150000.150.101.1, kernel-source-4.12.14-150000.150.101.1, kernel-syms-4.12.14-150000.150.101.1, kernel-vanilla-4.12.14-150000.150.101.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.101.1, kernel-docs-4.12.14-150000.150.101.1, kernel-obs-build-4.12.14-150000.150.101.1, kernel-source-4.12.14-150000.150.101.1, kernel-syms-4.12.14-150000.150.101.1, kernel-vanilla-4.12.14-150000.150.101.1, kernel-zfcpdump-4.12.14-150000.150.101.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.101.1, kernel-livepatch-SLE15_Update_33-1-150000.1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.101.1, kernel-docs-4.12.14-150000.150.101.1, kernel-obs-build-4.12.14-150000.150.101.1, kernel-source-4.12.14-150000.150.101.1, kernel-syms-4.12.14-150000.150.101.1, kernel-vanilla-4.12.14-150000.150.101.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.101.1, kernel-docs-4.12.14-150000.150.101.1, kernel-obs-build-4.12.14-150000.150.101.1, kernel-source-4.12.14-150000.150.101.1, kernel-syms-4.12.14-150000.150.101.1, kernel-vanilla-4.12.14-150000.150.101.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.101.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Swamp Workflow Management 2022-09-16 22:20:35 UTC
SUSE-SU-2022:3294-1: An update that solves 11 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1133374,1191881,1196616,1201420,1201726,1201948,1202096,1202346,1202347,1202393,1202897,1202898,1203098,1203107
CVE References: CVE-2019-3900,CVE-2020-36516,CVE-2022-20368,CVE-2022-20369,CVE-2022-21385,CVE-2022-2588,CVE-2022-26373,CVE-2022-2991,CVE-2022-3028,CVE-2022-36879,CVE-2022-39188
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.188.1, kernel-source-4.4.121-92.188.1, kernel-syms-4.4.121-92.188.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Thomas Leroy 2022-09-23 09:31:38 UTC
Hi Boris, it seems that cve/linux-3.0 (thus SLE11-SP3-TD) didn't get the fix. Are these branches affected as well?
Comment 40 Swamp Workflow Management 2022-09-26 22:24:04 UTC
SUSE-SU-2022:3408-1: An update that solves 15 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1177440,1180153,1188944,1191881,1194535,1196616,1197158,1199482,1199665,1201019,1201420,1201705,1201726,1201948,1202096,1202097,1202154,1202335,1202346,1202347,1202393,1202396,1202672,1202897,1202898,1203098,1203107
CVE References: CVE-2020-36516,CVE-2021-4203,CVE-2022-1012,CVE-2022-20368,CVE-2022-20369,CVE-2022-21385,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-29581,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-39188
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.123.1, kernel-default-4.12.14-150100.197.123.1, kernel-kvmsmall-4.12.14-150100.197.123.1, kernel-vanilla-4.12.14-150100.197.123.1, kernel-zfcpdump-4.12.14-150100.197.123.1
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.123.1, kernel-default-4.12.14-150100.197.123.1, kernel-kvmsmall-4.12.14-150100.197.123.1, kernel-vanilla-4.12.14-150100.197.123.1, kernel-zfcpdump-4.12.14-150100.197.123.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.123.1, kernel-docs-4.12.14-150100.197.123.1, kernel-obs-build-4.12.14-150100.197.123.1, kernel-source-4.12.14-150100.197.123.1, kernel-syms-4.12.14-150100.197.123.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.123.1, kernel-docs-4.12.14-150100.197.123.1, kernel-obs-build-4.12.14-150100.197.123.1, kernel-source-4.12.14-150100.197.123.1, kernel-syms-4.12.14-150100.197.123.1, kernel-zfcpdump-4.12.14-150100.197.123.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.123.1, kernel-docs-4.12.14-150100.197.123.1, kernel-obs-build-4.12.14-150100.197.123.1, kernel-source-4.12.14-150100.197.123.1, kernel-syms-4.12.14-150100.197.123.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.123.1, kernel-livepatch-SLE15-SP1_Update_34-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.123.1, kernel-docs-4.12.14-150100.197.123.1, kernel-obs-build-4.12.14-150100.197.123.1, kernel-source-4.12.14-150100.197.123.1, kernel-syms-4.12.14-150100.197.123.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.123.1, kernel-docs-4.12.14-150100.197.123.1, kernel-obs-build-4.12.14-150100.197.123.1, kernel-source-4.12.14-150100.197.123.1, kernel-syms-4.12.14-150100.197.123.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.123.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.123.1, kernel-docs-4.12.14-150100.197.123.1, kernel-obs-build-4.12.14-150100.197.123.1, kernel-source-4.12.14-150100.197.123.1, kernel-syms-4.12.14-150100.197.123.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.123.1, kernel-docs-4.12.14-150100.197.123.1, kernel-obs-build-4.12.14-150100.197.123.1, kernel-source-4.12.14-150100.197.123.1, kernel-syms-4.12.14-150100.197.123.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2022-09-27 10:20:56 UTC
SUSE-SU-2022:3422-1: An update that solves 11 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 1054914,1065729,1120716,1179310,1190397,1191881,1194535,1197158,1199617,1201264,1201420,1201442,1201610,1201726,1201948,1202017,1202096,1202097,1202346,1202347,1202393,1202396,1202528,1202577,1202672,1202830,1202897,1202898,1203013,1203098,1203107,1203126
CVE References: CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-21385,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-39188
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.100.1, kernel-rt_debug-4.12.14-10.100.1, kernel-source-rt-4.12.14-10.100.1, kernel-syms-rt-4.12.14-10.100.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Swamp Workflow Management 2022-09-28 10:23:35 UTC
SUSE-SU-2022:3450-1: An update that solves 20 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1023051,1180153,1188944,1191881,1192968,1194272,1194535,1196616,1197158,1199482,1199665,1201726,1201948,1202096,1202097,1202154,1202346,1202347,1202393,1202396,1202564,1202672,1202860,1202895,1202898,1203098,1203107,1203159
CVE References: CVE-2016-3695,CVE-2020-27784,CVE-2020-36516,CVE-2021-4155,CVE-2021-4203,CVE-2022-1012,CVE-2022-20166,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-2905,CVE-2022-29581,CVE-2022-2977,CVE-2022-3028,CVE-2022-32250,CVE-2022-36879,CVE-2022-39188
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.129.1, kernel-livepatch-SLE15-SP2_Update_30-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.129.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Swamp Workflow Management 2022-10-18 13:25:48 UTC
SUSE-SU-2022:3609-1: An update that solves 26 vulnerabilities, contains two features and has 89 fixes is now available.

Category: security (important)
Bug References: 1023051,1065729,1156395,1177471,1179722,1179723,1181862,1185032,1191662,1191667,1191881,1192594,1194023,1194272,1194535,1196444,1196616,1196867,1197158,1197659,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199255,1199291,1200084,1200313,1200431,1200622,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201309,1201310,1201420,1201442,1201489,1201610,1201645,1201705,1201726,1201865,1201948,1201990,1202095,1202096,1202097,1202154,1202341,1202346,1202347,1202385,1202393,1202396,1202447,1202577,1202636,1202672,1202677,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1202960,1202984,1203063,1203098,1203107,1203116,1203117,1203135,1203136,1203137,1203159,1203313,1203389,1203410,1203424,1203552,1203622,1203737,1203769,1203906,1203909,1203933,1203935,1203939,1203987,1203992
CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-27784,CVE-2020-36516,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2503,CVE-2022-2586,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-3239,CVE-2022-3303,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190,CVE-2022-41218,CVE-2022-41222,CVE-2022-41848,CVE-2022-41849
JIRA References: PED-529,SLE-24635
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.80.1, kernel-source-azure-5.3.18-150300.38.80.1, kernel-syms-azure-5.3.18-150300.38.80.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.80.1, kernel-source-azure-5.3.18-150300.38.80.1, kernel-syms-azure-5.3.18-150300.38.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 49 Swamp Workflow Management 2022-10-31 14:29:10 UTC
SUSE-SU-2022:3809-1: An update that solves 32 vulnerabilities, contains two features and has 84 fixes is now available.

Category: security (important)
Bug References: 1023051,1065729,1152489,1156395,1177471,1179722,1179723,1181862,1185032,1191662,1191667,1191881,1192594,1194023,1194272,1194535,1196444,1197158,1197659,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199291,1200288,1200313,1200431,1200622,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201309,1201310,1201420,1201489,1201610,1201705,1201726,1201865,1201948,1201990,1202095,1202096,1202097,1202341,1202346,1202347,1202385,1202393,1202396,1202447,1202577,1202636,1202638,1202672,1202677,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1202960,1202984,1203063,1203098,1203107,1203117,1203135,1203136,1203137,1203159,1203290,1203389,1203410,1203424,1203514,1203552,1203622,1203737,1203769,1203770,1203802,1203906,1203909,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125
CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-27784,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2503,CVE-2022-2586,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-3169,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190,CVE-2022-40768,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722
JIRA References: PED-529,SLE-24635
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-rt-5.3.18-150300.106.1
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.106.1, kernel-rt_debug-5.3.18-150300.106.1, kernel-source-rt-5.3.18-150300.106.1, kernel-syms-rt-5.3.18-150300.106.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.106.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.106.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.