Bug 1198033 – VUL-1: CVE-2022-28389: kernel-source: double free in mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c

Bug 1198033 - (CVE-2022-28389) VUL-1: CVE-2022-28389: kernel-source: double free in mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c

(CVE-2022-28389)
Summary:	VUL-1: CVE-2022-28389: kernel-source: double free in mcba_usb_start_xmit in d...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/327987/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-28389:7.0:(AV:...
Keywords:

Depends on:
Blocks:	1201657
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-04-04 14:38 UTC by Gabriele Sonnu
Modified:	2023-01-18 17:36 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gabriele Sonnu 2022-04-04 14:38:48 UTC

CVE-2022-28389

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel
through 5.17.1 has a double free.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28389
https://github.com/torvalds/linux/commit/04c9b00ba83594a29813d6b1fb8fdc93a3915174

Comment 1 Gabriele Sonnu 2022-04-04 15:35:28 UTC

Tracking as affected:

 - SLE12-SP5
 - cve/linux-4.12
 - cve/linux-5.3
 - stable

Comment 2 Takashi Iwai 2022-04-04 16:05:00 UTC

Backported to cve/linux-4.12, cve/linux-5.3 and stable branches.
SLE15-SP4 already had the fix via git-fixes, the patch reference was updated.

SLE12-SP5 will get the fix via linux-4.12 and SLE15-SP3 via cve/linux-5.3.

Let me know if the fix needs to be merged to SLE15-SP4-GA (CVSS>=7.0).

Comment 3 Gabriele Sonnu 2022-04-05 08:00:37 UTC

Hi Takashi, the CVSS is 5.3, no need to merge to SLE15-SP4-GA.

Comment 4 Takashi Iwai 2022-04-05 08:28:09 UTC

Thanks, then it's done.  Reassigned back to security team.

Comment 20 Swamp Workflow Management 2022-04-12 16:28:22 UTC

SUSE-SU-2022:1163-1: An update that solves 25 vulnerabilities and has 33 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194589,1194625,1194649,1194943,1195051,1195353,1195640,1195926,1196018,1196130,1196196,1196478,1196488,1196761,1196823,1196956,1197227,1197243,1197245,1197300,1197302,1197331,1197343,1197366,1197389,1197460,1197462,1197501,1197534,1197661,1197675,1197677,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1198027,1198028,1198029,1198030,1198031,1198032,1198033,1198077
CVE References: CVE-2021-39698,CVE-2021-45402,CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-27223,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.53.1, kernel-source-azure-5.3.18-150300.38.53.1, kernel-syms-azure-5.3.18-150300.38.53.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.53.1, kernel-source-azure-5.3.18-150300.38.53.1, kernel-syms-azure-5.3.18-150300.38.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Swamp Workflow Management 2022-04-13 19:24:44 UTC

SUSE-SU-2022:1183-1: An update that solves 15 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194649,1195640,1195926,1196018,1196196,1196478,1196761,1196823,1197227,1197243,1197300,1197302,1197331,1197343,1197366,1197389,1197462,1197501,1197534,1197661,1197675,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1197914,1198027,1198028,1198029,1198030,1198031,1198032,1198033
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.63.1, kernel-64kb-5.3.18-150300.59.63.1, kernel-debug-5.3.18-150300.59.63.1, kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1, kernel-docs-5.3.18-150300.59.63.1, kernel-kvmsmall-5.3.18-150300.59.63.1, kernel-obs-build-5.3.18-150300.59.63.1, kernel-obs-qa-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-syms-5.3.18-150300.59.63.1, kernel-zfcpdump-5.3.18-150300.59.63.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-livepatch-SLE15-SP3_Update_17-1-150300.7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.63.1, kernel-obs-build-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-syms-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.63.1, kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-zfcpdump-5.3.18-150300.59.63.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Swamp Workflow Management 2022-04-14 10:25:12 UTC

SUSE-SU-2022:1196-1: An update that solves 22 vulnerabilities, contains three features and has 39 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1191580,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196657,1196723,1196761,1196830,1196836,1196901,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1197914,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0001,CVE-2022-0002,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-23960,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.116.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.116.1, kernel-obs-build-4.12.14-122.116.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.116.1, kernel-source-4.12.14-122.116.1, kernel-syms-4.12.14-122.116.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.116.1, kgraft-patch-SLE12-SP5_Update_30-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.116.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Swamp Workflow Management 2022-04-14 13:22:54 UTC

SUSE-SU-2022:1197-1: An update that solves 21 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1179639,1189562,1193731,1194943,1195051,1195254,1195353,1195403,1195939,1196018,1196196,1196468,1196488,1196761,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1197914,1198031,1198032,1198033
CVE References: CVE-2021-0920,CVE-2021-39698,CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-livepatch-SLE15-SP2_Update_26-1-150200.5.5.1
SUSE Linux Enterprise Micro 5.0 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.112.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.112.1, kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2, kernel-docs-5.3.18-150200.24.112.1, kernel-obs-build-5.3.18-150200.24.112.1, kernel-preempt-5.3.18-150200.24.112.1, kernel-source-5.3.18-150200.24.112.1, kernel-syms-5.3.18-150200.24.112.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2022-04-19 13:26:03 UTC

SUSE-SU-2022:1257-1: An update that solves 33 vulnerabilities, contains one feature and has 9 fixes is now available.

Category: security (important)
Bug References: 1179639,1189126,1189562,1193731,1194516,1194943,1195051,1195254,1195286,1195353,1195403,1195516,1195543,1195612,1195897,1195905,1195939,1195987,1196018,1196079,1196095,1196155,1196196,1196235,1196468,1196488,1196612,1196761,1196776,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1198031,1198032,1198033
CVE References: CVE-2021-0920,CVE-2021-39698,CVE-2021-44879,CVE-2021-45868,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390,CVE-2022-28748
JIRA References: SLE-23652
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-150200.79.2, kernel-rt_debug-5.3.18-150200.79.2, kernel-source-rt-5.3.18-150200.79.2, kernel-syms-rt-5.3.18-150200.79.1
SUSE Linux Enterprise Micro 5.0 (src):    kernel-rt-5.3.18-150200.79.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2022-04-19 13:30:42 UTC

SUSE-SU-2022:1255-1: An update that solves 20 vulnerabilities, contains one feature and has three fixes is now available.

Category: security (important)
Bug References: 1189562,1194943,1195051,1195353,1196018,1196114,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197131,1197227,1197331,1197366,1197391,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-0886,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-18234
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1, kernel-zfcpdump-4.12.14-150000.150.89.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.89.1, kernel-livepatch-SLE15_Update_29-1-150000.1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.89.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2022-04-19 13:35:25 UTC

SUSE-SU-2022:1256-1: An update that solves 19 vulnerabilities, contains two features and has 6 fixes is now available.

Category: security (important)
Bug References: 1189562,1193738,1194943,1195051,1195254,1195353,1196018,1196114,1196433,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197227,1197331,1197366,1197391,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-18234,SLE-23652
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.111.1, kernel-default-4.12.14-150100.197.111.1, kernel-kvmsmall-4.12.14-150100.197.111.1, kernel-vanilla-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.111.1, kernel-default-4.12.14-150100.197.111.1, kernel-kvmsmall-4.12.14-150100.197.111.1, kernel-vanilla-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-livepatch-SLE15-SP1_Update_30-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.111.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2022-04-19 16:31:02 UTC

SUSE-SU-2022:1266-1: An update that solves 20 vulnerabilities, contains three features and has 38 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196723,1196761,1196830,1196836,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197391,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.94.1, kernel-source-azure-4.12.14-16.94.1, kernel-syms-azure-4.12.14-16.94.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Swamp Workflow Management 2022-04-19 16:34:21 UTC

SUSE-SU-2022:1267-1: An update that solves 20 vulnerabilities, contains one feature and has 7 fixes is now available.

Category: security (important)
Bug References: 1180153,1189562,1193738,1194943,1195051,1195353,1196018,1196114,1196468,1196488,1196514,1196573,1196639,1196761,1196830,1196836,1196942,1196973,1197211,1197227,1197331,1197366,1197391,1197462,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-18234
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.96.1, kgraft-patch-SLE12-SP4_Update_26-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.96.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Swamp Workflow Management 2022-04-26 10:24:15 UTC

SUSE-SU-2022:1402-1: An update that solves 20 vulnerabilities, contains three features and has 38 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196723,1196761,1196830,1196836,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197391,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.84.1, kernel-rt_debug-4.12.14-10.84.1, kernel-source-rt-4.12.14-10.84.1, kernel-syms-rt-4.12.14-10.84.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 33 Swamp Workflow Management 2022-04-26 16:23:23 UTC

SUSE-SU-2022:1407-1: An update that solves 15 vulnerabilities and has 34 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194625,1194649,1195640,1195926,1196018,1196196,1196478,1196761,1196823,1197227,1197243,1197300,1197302,1197331,1197343,1197366,1197389,1197462,1197501,1197534,1197661,1197675,1197677,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1198027,1198028,1198029,1198030,1198031,1198032,1198033,1198077
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.85.1, kernel-rt_debug-5.3.18-150300.85.1, kernel-source-rt-5.3.18-150300.85.1, kernel-syms-rt-5.3.18-150300.85.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.85.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.85.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 54 Marcus Meissner 2022-11-04 13:12:25 UTC

done