Bug 1204653 - (CVE-2022-43750) VUL-0: CVE-2022-43750: kernel: memory corruption from user space in usbmon
(CVE-2022-43750)
VUL-0: CVE-2022-43750: kernel: memory corruption from user space in usbmon
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/346065/
CVSSv3.1:SUSE:CVE-2022-43750:6.7:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-10-24 11:04 UTC by Oliver Neukum
Modified: 2023-01-18 17:58 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
API fixup for 3.0 (1.83 KB, patch)
2022-10-26 09:02 UTC, Oliver Neukum
Details | Diff
patch to preserve kAPI for 3.12 and newer (1.14 KB, patch)
2022-10-26 09:29 UTC, Oliver Neukum
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Neukum 2022-10-24 11:04:20 UTC
This is from upstream:

commit a659daf63d16aa883be42f3f34ff84235c302198
Author: Tadeusz Struk <tadeusz.struk@linaro.org>
Date:   Mon Sep 19 14:59:57 2022 -0700

    usb: mon: make mmapped memory read only
    
    Syzbot found an issue in usbmon module, where the user space client can
    corrupt the monitor's internal memory, causing the usbmon module to
    crash the kernel with segfault, UAF, etc.
    
    The reproducer mmaps the /dev/usbmon memory to user space, and
    overwrites it with arbitrary data, which causes all kinds of issues.
    
    Return an -EPERM error from mon_bin_mmap() if the flag VM_WRTIE is set.
    Also clear VM_MAYWRITE to make it impossible to change it to writable
    later.

Normally this is restricted to the root user, but it still is not good. All kernels are affected.
Comment 4 Robert Frohl 2022-10-26 06:39:59 UTC
tracked as affected:

- SLE15-SP4
- cve/linux-5.3
- cve/linux-4.12
- cve/linux-4.4
- cve/linux-3.0
Comment 6 Karasulli 2022-10-26 07:55:30 UTC
@Oliver, is this already taken care of?
Comment 7 Oliver Neukum 2022-10-26 07:57:53 UTC
(In reply to Karasulli from comment #6)
> @Oliver, is this already taken care of?

No, this is open. I noticed it yesterday when I went through the list of fixes the checker script mails out.
Comment 8 Oliver Neukum 2022-10-26 09:02:09 UTC
Created attachment 862422 [details]
API fixup for 3.0

The original patch does not apply to 3.0 and it breaks existing apps that mmap for write without illicit intentions.
Comment 9 Oliver Neukum 2022-10-26 09:29:16 UTC
Created attachment 862423 [details]
patch to preserve kAPI for 3.12 and newer

The upstream fix can break existing code by disallowing an mmap. Fixup by silently dropping writeability.
Comment 13 Oliver Neukum 2022-11-02 12:06:25 UTC
Discussed with colleagues whether silently dropping unsafe mappings is the way to go and come up with a negative answer. If need be, patches to do so are to be found here.
Comment 14 Oliver Neukum 2022-11-02 12:07:01 UTC
Patc applied to all applicable trees
Comment 21 Swamp Workflow Management 2022-11-08 14:35:19 UTC
SUSE-SU-2022:3897-1: An update that solves 33 vulnerabilities, contains one feature and has 15 fixes is now available.

Category: security (important)
Bug References: 1032323,1065729,1152489,1196018,1198702,1200465,1200788,1201725,1202638,1202686,1202700,1203066,1203098,1203290,1203387,1203391,1203496,1203514,1203770,1203802,1204051,1204053,1204059,1204060,1204125,1204166,1204168,1204354,1204355,1204382,1204402,1204415,1204417,1204431,1204439,1204470,1204479,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204653,1204728,1204753,1204754
CVE References: CVE-2021-4037,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-3176,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3623,CVE-2022-3625,CVE-2022-3629,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-39189,CVE-2022-40768,CVE-2022-41674,CVE-2022-42703,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722,CVE-2022-43750
JIRA References: PED-1931
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.83.1, kernel-source-azure-5.3.18-150300.38.83.1, kernel-syms-azure-5.3.18-150300.38.83.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.83.1, kernel-source-azure-5.3.18-150300.38.83.1, kernel-syms-azure-5.3.18-150300.38.83.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2022-11-10 14:28:23 UTC
SUSE-SU-2022:3929-1: An update that solves 25 vulnerabilities, contains four features and has 13 fixes is now available.

Category: security (important)
Bug References: 1032323,1065729,1196018,1198702,1200465,1200788,1201725,1202686,1202700,1203066,1203098,1203387,1203391,1203496,1204053,1204166,1204168,1204354,1204355,1204382,1204402,1204415,1204417,1204431,1204439,1204470,1204479,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204653,1204728,1204753,1204754
CVE References: CVE-2021-4037,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3176,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3625,CVE-2022-3629,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-39189,CVE-2022-42703,CVE-2022-43750
JIRA References: PED-1931,SLE-13847,SLE-24559,SLE-9246
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-rt-5.3.18-150300.109.1
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.109.1, kernel-rt_debug-5.3.18-150300.109.1, kernel-source-rt-5.3.18-150300.109.1, kernel-syms-rt-5.3.18-150300.109.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.109.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.109.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2022-11-10 14:32:06 UTC
SUSE-SU-2022:3930-1: An update that solves 16 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1065729,1198702,1200788,1202686,1202972,1203387,1204241,1204354,1204355,1204402,1204415,1204431,1204439,1204479,1204574,1204635,1204646,1204647,1204653,1204755,1204868
CVE References: CVE-2021-4037,CVE-2022-2153,CVE-2022-2964,CVE-2022-3521,CVE-2022-3524,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3628,CVE-2022-3629,CVE-2022-3646,CVE-2022-3649,CVE-2022-43750
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.106.1, kernel-rt_debug-4.12.14-10.106.1, kernel-source-rt-4.12.14-10.106.1, kernel-syms-rt-4.12.14-10.106.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2022-11-15 20:27:08 UTC
SUSE-SU-2022:3998-1: An update that solves 37 vulnerabilities, contains 25 features and has 38 fixes is now available.

Category: security (important)
Bug References: 1065729,1071995,1152472,1152489,1188238,1194869,1196018,1196632,1199904,1200567,1200692,1200788,1202187,1202686,1202700,1202914,1203098,1203229,1203290,1203435,1203514,1203699,1203701,1203767,1203770,1203802,1203922,1203979,1204017,1204051,1204059,1204060,1204125,1204142,1204166,1204168,1204171,1204241,1204353,1204354,1204355,1204402,1204413,1204415,1204417,1204428,1204431,1204439,1204470,1204479,1204498,1204533,1204569,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204753,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970
CVE References: CVE-2022-1882,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-40476,CVE-2022-40768,CVE-2022-41674,CVE-2022-42703,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722,CVE-2022-43750
JIRA References: PED-1082,PED-1084,PED-1085,PED-1096,PED-1211,PED-1649,PED-634,PED-676,PED-678,PED-679,PED-707,PED-732,PED-813,PED-817,PED-822,PED-825,PED-833,PED-842,PED-846,PED-850,PED-851,PED-856,PED-857,SLE-13847,SLE-9246
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.21.2, kernel-source-azure-5.14.21-150400.14.21.1, kernel-syms-azure-5.14.21-150400.14.21.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.21.2, kernel-source-azure-5.14.21-150400.14.21.1, kernel-syms-azure-5.14.21-150400.14.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2022-11-17 20:26:58 UTC
SUSE-SU-2022:4053-1: An update that solves 24 vulnerabilities, contains four features and has 16 fixes is now available.

Category: security (important)
Bug References: 1032323,1065729,1152489,1198702,1200465,1200788,1201725,1202638,1202686,1202700,1203066,1203098,1203387,1203391,1203496,1203802,1204053,1204166,1204168,1204354,1204355,1204382,1204402,1204415,1204417,1204431,1204439,1204470,1204479,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204653,1204728,1204753,1204754
CVE References: CVE-2021-4037,CVE-2022-2153,CVE-2022-2964,CVE-2022-2978,CVE-2022-3176,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3625,CVE-2022-3629,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-39189,CVE-2022-42703,CVE-2022-43750
JIRA References: PED-1931,SLE-13847,SLE-24559,SLE-9246
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.101.1, kernel-default-base-5.3.18-150300.59.101.1.150300.18.58.1
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.101.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.101.1, kernel-64kb-5.3.18-150300.59.101.1, kernel-debug-5.3.18-150300.59.101.1, kernel-default-5.3.18-150300.59.101.1, kernel-default-base-5.3.18-150300.59.101.1.150300.18.58.1, kernel-docs-5.3.18-150300.59.101.1, kernel-kvmsmall-5.3.18-150300.59.101.1, kernel-obs-build-5.3.18-150300.59.101.1, kernel-obs-qa-5.3.18-150300.59.101.1, kernel-preempt-5.3.18-150300.59.101.1, kernel-source-5.3.18-150300.59.101.1, kernel-syms-5.3.18-150300.59.101.1, kernel-zfcpdump-5.3.18-150300.59.101.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.101.1, kernel-preempt-5.3.18-150300.59.101.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.101.1, kernel-livepatch-SLE15-SP3_Update_26-1-150300.7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.101.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.101.1, kernel-obs-build-5.3.18-150300.59.101.1, kernel-preempt-5.3.18-150300.59.101.1, kernel-source-5.3.18-150300.59.101.1, kernel-syms-5.3.18-150300.59.101.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.101.1, kernel-default-5.3.18-150300.59.101.1, kernel-default-base-5.3.18-150300.59.101.1.150300.18.58.1, kernel-preempt-5.3.18-150300.59.101.1, kernel-source-5.3.18-150300.59.101.1, kernel-zfcpdump-5.3.18-150300.59.101.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.101.1, kernel-default-base-5.3.18-150300.59.101.1.150300.18.58.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.101.1, kernel-default-base-5.3.18-150300.59.101.1.150300.18.58.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.101.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2022-11-18 17:30:59 UTC
SUSE-SU-2022:4072-1: An update that solves 32 vulnerabilities, contains 25 features and has 36 fixes is now available.

Category: security (important)
Bug References: 1065729,1071995,1152472,1152489,1188238,1194869,1196018,1196632,1199904,1200567,1200692,1200788,1202187,1202686,1202700,1202914,1203098,1203229,1203290,1203435,1203514,1203699,1203767,1203802,1203922,1204017,1204142,1204166,1204168,1204171,1204241,1204353,1204354,1204355,1204402,1204413,1204415,1204417,1204428,1204431,1204439,1204470,1204479,1204498,1204533,1204569,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204753,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970
CVE References: CVE-2022-1882,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-40476,CVE-2022-40768,CVE-2022-42703,CVE-2022-43750
JIRA References: PED-1082,PED-1084,PED-1085,PED-1096,PED-1211,PED-1649,PED-634,PED-676,PED-678,PED-679,PED-707,PED-732,PED-813,PED-817,PED-822,PED-825,PED-833,PED-842,PED-846,PED-850,PED-851,PED-856,PED-857,SLE-13847,SLE-9246
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.33.1, kernel-64kb-5.14.21-150400.24.33.2, kernel-debug-5.14.21-150400.24.33.2, kernel-default-5.14.21-150400.24.33.2, kernel-default-base-5.14.21-150400.24.33.2.150400.24.11.4, kernel-docs-5.14.21-150400.24.33.2, kernel-kvmsmall-5.14.21-150400.24.33.2, kernel-obs-build-5.14.21-150400.24.33.1, kernel-obs-qa-5.14.21-150400.24.33.1, kernel-source-5.14.21-150400.24.33.1, kernel-syms-5.14.21-150400.24.33.1, kernel-zfcpdump-5.14.21-150400.24.33.2
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.33.2
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.33.2, kernel-livepatch-SLE15-SP4_Update_5-1-150400.9.3.4
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.33.2
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.33.2, kernel-obs-build-5.14.21-150400.24.33.1, kernel-source-5.14.21-150400.24.33.1, kernel-syms-5.14.21-150400.24.33.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.33.2, kernel-default-5.14.21-150400.24.33.2, kernel-default-base-5.14.21-150400.24.33.2.150400.24.11.4, kernel-source-5.14.21-150400.24.33.1, kernel-zfcpdump-5.14.21-150400.24.33.2
SUSE Linux Enterprise Micro 5.3 (src):    kernel-default-5.14.21-150400.24.33.2, kernel-default-base-5.14.21-150400.24.33.2.150400.24.11.4
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.33.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2022-11-29 17:32:19 UTC
SUSE-SU-2022:4272-1: An update that solves 20 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1032323,1065729,1198702,1200788,1202686,1202972,1203098,1203142,1203198,1203254,1203290,1203322,1203387,1203514,1203802,1204166,1204168,1204241,1204354,1204355,1204402,1204415,1204431,1204439,1204479,1204574,1204635,1204646,1204647,1204653,1204755
CVE References: CVE-2021-4037,CVE-2022-2153,CVE-2022-2964,CVE-2022-3169,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3629,CVE-2022-3646,CVE-2022-3649,CVE-2022-40307,CVE-2022-40768,CVE-2022-42703,CVE-2022-43750
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.139.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.139.1, kernel-obs-build-4.12.14-122.139.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.139.1, kernel-source-4.12.14-122.139.1, kernel-syms-4.12.14-122.139.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.139.1, kgraft-patch-SLE12-SP5_Update_37-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.139.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2022-11-29 17:37:20 UTC
SUSE-SU-2022:4273-1: An update that solves 21 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1032323,1065729,1196018,1198702,1200788,1202686,1202972,1203098,1203142,1203198,1203254,1203290,1203322,1203387,1203514,1203802,1204166,1204168,1204241,1204354,1204355,1204402,1204415,1204431,1204439,1204479,1204574,1204635,1204646,1204647,1204653,1204755
CVE References: CVE-2021-4037,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-3169,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3629,CVE-2022-3646,CVE-2022-3649,CVE-2022-40307,CVE-2022-40768,CVE-2022-42703,CVE-2022-43750
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.115.1, kernel-source-azure-4.12.14-16.115.1, kernel-syms-azure-4.12.14-16.115.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 48 Swamp Workflow Management 2022-12-19 17:24:12 UTC
SUSE-SU-2022:4561-1: An update that solves 31 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1012382,1129898,1177282,1196018,1198702,1202097,1202686,1203008,1203290,1203322,1203514,1203960,1203987,1204166,1204168,1204170,1204354,1204402,1204414,1204431,1204432,1204439,1204479,1204574,1204576,1204631,1204635,1204636,1204646,1204647,1204653,1204868,1205128,1205130,1205220,1205514,1205671,1205796,1206091
CVE References: CVE-2019-3874,CVE-2020-26541,CVE-2021-4037,CVE-2022-2663,CVE-2022-28748,CVE-2022-2964,CVE-2022-3169,CVE-2022-3424,CVE-2022-3524,CVE-2022-3542,CVE-2022-3565,CVE-2022-3567,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3628,CVE-2022-3629,CVE-2022-3635,CVE-2022-3646,CVE-2022-3649,CVE-2022-3903,CVE-2022-40307,CVE-2022-40768,CVE-2022-4095,CVE-2022-41848,CVE-2022-41850,CVE-2022-41858,CVE-2022-42703,CVE-2022-43750,CVE-2022-43945,CVE-2022-45934
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.196.2, kernel-source-4.4.121-92.196.2, kernel-syms-4.4.121-92.196.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 50 Swamp Workflow Management 2022-12-19 20:28:35 UTC
SUSE-SU-2022:4574-1: An update that solves 36 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1198702,1199365,1200788,1200845,1201455,1202686,1203008,1203183,1203290,1203322,1203514,1203860,1203960,1204017,1204166,1204170,1204354,1204355,1204402,1204414,1204415,1204424,1204431,1204432,1204439,1204446,1204479,1204574,1204576,1204631,1204635,1204636,1204646,1204647,1204653,1204850,1204868,1205006,1205128,1205220,1205473,1205514,1205617,1205671,1205796,1206113,1206114,1206207
CVE References: CVE-2021-4037,CVE-2022-2153,CVE-2022-28693,CVE-2022-2964,CVE-2022-3169,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3567,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3628,CVE-2022-3629,CVE-2022-3635,CVE-2022-3643,CVE-2022-3646,CVE-2022-3649,CVE-2022-3903,CVE-2022-40307,CVE-2022-40768,CVE-2022-4095,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42703,CVE-2022-42895,CVE-2022-42896,CVE-2022-43750,CVE-2022-4378,CVE-2022-43945,CVE-2022-45934
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.131.1, kernel-default-4.12.14-150100.197.131.1, kernel-kvmsmall-4.12.14-150100.197.131.1, kernel-vanilla-4.12.14-150100.197.131.1, kernel-zfcpdump-4.12.14-150100.197.131.1
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.131.1, kernel-default-4.12.14-150100.197.131.1, kernel-kvmsmall-4.12.14-150100.197.131.1, kernel-vanilla-4.12.14-150100.197.131.1, kernel-zfcpdump-4.12.14-150100.197.131.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.131.1, kernel-docs-4.12.14-150100.197.131.1, kernel-obs-build-4.12.14-150100.197.131.1, kernel-source-4.12.14-150100.197.131.1, kernel-syms-4.12.14-150100.197.131.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.131.1, kernel-docs-4.12.14-150100.197.131.1, kernel-obs-build-4.12.14-150100.197.131.1, kernel-source-4.12.14-150100.197.131.1, kernel-syms-4.12.14-150100.197.131.1, kernel-zfcpdump-4.12.14-150100.197.131.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.131.1, kernel-docs-4.12.14-150100.197.131.1, kernel-obs-build-4.12.14-150100.197.131.1, kernel-source-4.12.14-150100.197.131.1, kernel-syms-4.12.14-150100.197.131.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.131.1, kernel-livepatch-SLE15-SP1_Update_36-1-150100.3.5.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.131.1, kernel-docs-4.12.14-150100.197.131.1, kernel-obs-build-4.12.14-150100.197.131.1, kernel-source-4.12.14-150100.197.131.1, kernel-syms-4.12.14-150100.197.131.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.131.1, kernel-docs-4.12.14-150100.197.131.1, kernel-obs-build-4.12.14-150100.197.131.1, kernel-source-4.12.14-150100.197.131.1, kernel-syms-4.12.14-150100.197.131.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.131.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.131.1, kernel-docs-4.12.14-150100.197.131.1, kernel-obs-build-4.12.14-150100.197.131.1, kernel-source-4.12.14-150100.197.131.1, kernel-syms-4.12.14-150100.197.131.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.131.1, kernel-docs-4.12.14-150100.197.131.1, kernel-obs-build-4.12.14-150100.197.131.1, kernel-source-4.12.14-150100.197.131.1, kernel-syms-4.12.14-150100.197.131.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 51 Swamp Workflow Management 2022-12-19 20:34:13 UTC
SUSE-SU-2022:4573-1: An update that solves 38 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1196018,1198702,1200692,1200788,1201455,1202686,1203008,1203183,1203290,1203322,1203514,1203960,1204166,1204168,1204170,1204354,1204355,1204402,1204414,1204415,1204424,1204431,1204432,1204439,1204479,1204574,1204576,1204631,1204635,1204636,1204646,1204647,1204653,1204868,1205006,1205128,1205130,1205220,1205473,1205514,1205671,1205705,1205709,1205796,1206113,1206114,1206207
CVE References: CVE-2021-4037,CVE-2022-2153,CVE-2022-28693,CVE-2022-28748,CVE-2022-2964,CVE-2022-3169,CVE-2022-33981,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3567,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3628,CVE-2022-3629,CVE-2022-3635,CVE-2022-3643,CVE-2022-3646,CVE-2022-3649,CVE-2022-3903,CVE-2022-40307,CVE-2022-40768,CVE-2022-4095,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42703,CVE-2022-42895,CVE-2022-42896,CVE-2022-43750,CVE-2022-4378,CVE-2022-43945,CVE-2022-45934
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.109.1, kernel-docs-4.12.14-150000.150.109.1, kernel-obs-build-4.12.14-150000.150.109.1, kernel-source-4.12.14-150000.150.109.1, kernel-syms-4.12.14-150000.150.109.1, kernel-vanilla-4.12.14-150000.150.109.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.109.1, kernel-docs-4.12.14-150000.150.109.1, kernel-obs-build-4.12.14-150000.150.109.1, kernel-source-4.12.14-150000.150.109.1, kernel-syms-4.12.14-150000.150.109.1, kernel-vanilla-4.12.14-150000.150.109.1, kernel-zfcpdump-4.12.14-150000.150.109.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.109.1, kernel-livepatch-SLE15_Update_35-1-150000.1.5.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.109.1, kernel-docs-4.12.14-150000.150.109.1, kernel-obs-build-4.12.14-150000.150.109.1, kernel-source-4.12.14-150000.150.109.1, kernel-syms-4.12.14-150000.150.109.1, kernel-vanilla-4.12.14-150000.150.109.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.109.1, kernel-docs-4.12.14-150000.150.109.1, kernel-obs-build-4.12.14-150000.150.109.1, kernel-source-4.12.14-150000.150.109.1, kernel-syms-4.12.14-150000.150.109.1, kernel-vanilla-4.12.14-150000.150.109.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.109.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 52 Swamp Workflow Management 2022-12-20 17:34:31 UTC
SUSE-SU-2022:4589-1: An update that solves 44 vulnerabilities and has 23 fixes is now available.

Category: security (important)
Bug References: 1196018,1198702,1199365,1200788,1200845,1201455,1201725,1202686,1202700,1203008,1203066,1203067,1203290,1203322,1203391,1203496,1203511,1203514,1203860,1203960,1204017,1204053,1204166,1204168,1204170,1204228,1204354,1204355,1204402,1204414,1204415,1204417,1204424,1204431,1204432,1204439,1204446,1204470,1204479,1204486,1204574,1204575,1204576,1204631,1204635,1204636,1204637,1204646,1204647,1204653,1204745,1204780,1204850,1204868,1205128,1205130,1205220,1205473,1205514,1205617,1205671,1205700,1205705,1205709,1205711,1205796,1206207
CVE References: CVE-2021-4037,CVE-2022-2153,CVE-2022-2602,CVE-2022-28693,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-3176,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3567,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3635,CVE-2022-3646,CVE-2022-3649,CVE-2022-3707,CVE-2022-3903,CVE-2022-39189,CVE-2022-40307,CVE-2022-40768,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42703,CVE-2022-42895,CVE-2022-42896,CVE-2022-43750,CVE-2022-4378,CVE-2022-43945,CVE-2022-45934
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.139.1, kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2, kernel-docs-5.3.18-150200.24.139.1, kernel-obs-build-5.3.18-150200.24.139.1, kernel-preempt-5.3.18-150200.24.139.1, kernel-source-5.3.18-150200.24.139.1, kernel-syms-5.3.18-150200.24.139.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.139.1, kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2, kernel-docs-5.3.18-150200.24.139.1, kernel-preempt-5.3.18-150200.24.139.1, kernel-source-5.3.18-150200.24.139.1, kernel-syms-5.3.18-150200.24.139.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.139.1, kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2, kernel-docs-5.3.18-150200.24.139.1, kernel-preempt-5.3.18-150200.24.139.1, kernel-source-5.3.18-150200.24.139.1, kernel-syms-5.3.18-150200.24.139.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.139.1, kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2, kernel-docs-5.3.18-150200.24.139.1, kernel-obs-build-5.3.18-150200.24.139.1, kernel-preempt-5.3.18-150200.24.139.1, kernel-source-5.3.18-150200.24.139.1, kernel-syms-5.3.18-150200.24.139.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.139.1, kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2, kernel-docs-5.3.18-150200.24.139.1, kernel-obs-build-5.3.18-150200.24.139.1, kernel-preempt-5.3.18-150200.24.139.1, kernel-source-5.3.18-150200.24.139.1, kernel-syms-5.3.18-150200.24.139.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.139.1, kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2, kernel-docs-5.3.18-150200.24.139.1, kernel-preempt-5.3.18-150200.24.139.1, kernel-source-5.3.18-150200.24.139.1, kernel-syms-5.3.18-150200.24.139.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.139.1, kernel-livepatch-SLE15-SP2_Update_32-1-150200.5.5.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.139.1, kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2, kernel-docs-5.3.18-150200.24.139.1, kernel-obs-build-5.3.18-150200.24.139.1, kernel-preempt-5.3.18-150200.24.139.1, kernel-source-5.3.18-150200.24.139.1, kernel-syms-5.3.18-150200.24.139.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.139.1, kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2, kernel-docs-5.3.18-150200.24.139.1, kernel-obs-build-5.3.18-150200.24.139.1, kernel-preempt-5.3.18-150200.24.139.1, kernel-source-5.3.18-150200.24.139.1, kernel-syms-5.3.18-150200.24.139.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.139.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.139.1, kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2, kernel-docs-5.3.18-150200.24.139.1, kernel-obs-build-5.3.18-150200.24.139.1, kernel-preempt-5.3.18-150200.24.139.1, kernel-source-5.3.18-150200.24.139.1, kernel-syms-5.3.18-150200.24.139.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 53 Swamp Workflow Management 2022-12-23 14:26:35 UTC
SUSE-SU-2022:4614-1: An update that solves 43 vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1198702,1199365,1200845,1201725,1202686,1202700,1203008,1203066,1203067,1203322,1203391,1203496,1203514,1203860,1203960,1204017,1204053,1204168,1204170,1204354,1204355,1204402,1204414,1204415,1204417,1204424,1204431,1204432,1204439,1204446,1204470,1204479,1204486,1204574,1204575,1204576,1204631,1204635,1204636,1204637,1204646,1204647,1204653,1204780,1204850,1205128,1205130,1205220,1205473,1205514,1205617,1205671,1205700,1205705,1205709,1205711,1205796,1206207,1206228
CVE References: CVE-2021-4037,CVE-2022-2153,CVE-2022-2602,CVE-2022-28693,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-3176,CVE-2022-3521,CVE-2022-3524,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3567,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3635,CVE-2022-3646,CVE-2022-3649,CVE-2022-3707,CVE-2022-3903,CVE-2022-39189,CVE-2022-40307,CVE-2022-40768,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42703,CVE-2022-42895,CVE-2022-42896,CVE-2022-43750,CVE-2022-4378,CVE-2022-43945,CVE-2022-45934
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.109.1, kernel-rt_debug-4.12.14-10.109.1, kernel-source-rt-4.12.14-10.109.1, kernel-syms-rt-4.12.14-10.109.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 54 Swamp Workflow Management 2022-12-23 14:33:14 UTC
SUSE-SU-2022:4615-1: An update that solves 38 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1196018,1198702,1200788,1201455,1202686,1203008,1203183,1203290,1203322,1203514,1203960,1203987,1204166,1204168,1204170,1204354,1204355,1204402,1204414,1204415,1204424,1204431,1204432,1204439,1204479,1204574,1204576,1204631,1204635,1204636,1204646,1204647,1204653,1204868,1205006,1205128,1205130,1205220,1205473,1205514,1205671,1205705,1205709,1205796,1206113,1206114,1206207
CVE References: CVE-2021-4037,CVE-2022-2153,CVE-2022-28693,CVE-2022-28748,CVE-2022-2964,CVE-2022-3169,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3567,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3628,CVE-2022-3629,CVE-2022-3635,CVE-2022-3643,CVE-2022-3646,CVE-2022-3649,CVE-2022-3903,CVE-2022-40307,CVE-2022-40768,CVE-2022-4095,CVE-2022-41848,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42703,CVE-2022-42895,CVE-2022-42896,CVE-2022-43750,CVE-2022-4378,CVE-2022-43945,CVE-2022-45934
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.114.1, kernel-source-4.12.14-95.114.1, kernel-syms-4.12.14-95.114.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.114.1, kernel-source-4.12.14-95.114.1, kernel-syms-4.12.14-95.114.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.114.1, kernel-source-4.12.14-95.114.1, kernel-syms-4.12.14-95.114.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.114.1, kernel-source-4.12.14-95.114.1, kernel-syms-4.12.14-95.114.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.114.1, kgraft-patch-SLE12-SP4_Update_32-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.114.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 55 Swamp Workflow Management 2022-12-23 14:53:00 UTC
SUSE-SU-2022:4611-1: An update that solves 31 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1129898,1177282,1196018,1198702,1201309,1202097,1202686,1203008,1203290,1203322,1203514,1203960,1203987,1204166,1204168,1204170,1204354,1204402,1204414,1204431,1204432,1204439,1204479,1204574,1204576,1204631,1204635,1204636,1204646,1204647,1204653,1204868,1205128,1205130,1205220,1205514,1205671,1205796,1206164
CVE References: CVE-2019-3874,CVE-2020-26541,CVE-2021-4037,CVE-2022-2663,CVE-2022-28748,CVE-2022-2964,CVE-2022-3169,CVE-2022-3424,CVE-2022-3524,CVE-2022-3542,CVE-2022-3565,CVE-2022-3567,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3628,CVE-2022-3629,CVE-2022-3635,CVE-2022-3646,CVE-2022-3649,CVE-2022-3903,CVE-2022-40307,CVE-2022-40768,CVE-2022-4095,CVE-2022-41848,CVE-2022-41850,CVE-2022-41858,CVE-2022-42703,CVE-2022-43750,CVE-2022-43945,CVE-2022-45934
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.182.1, kernel-source-4.4.180-94.182.1, kernel-syms-4.4.180-94.182.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 56 Swamp Workflow Management 2022-12-23 15:24:30 UTC
SUSE-SU-2022:4617-1: An update that solves 96 vulnerabilities, contains 50 features and has 246 fixes is now available.

Category: security (important)
Bug References: 1023051,1032323,1065729,1071995,1152472,1152489,1156395,1164051,1177471,1184350,1185032,1188238,1189297,1189999,1190256,1190497,1190969,1192968,1193629,1194023,1194592,1194869,1194904,1195480,1195917,1196018,1196444,1196616,1196632,1196867,1196869,1197158,1197391,1197659,1197755,1197756,1197757,1197763,1198189,1198410,1198577,1198702,1198971,1199086,1199364,1199515,1199670,1199904,1200015,1200058,1200268,1200288,1200301,1200313,1200431,1200465,1200494,1200544,1200567,1200622,1200644,1200651,1200692,1200788,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201309,1201310,1201361,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201726,1201768,1201865,1201940,1201941,1201948,1201954,1201956,1201958,1202095,1202096,1202097,1202113,1202131,1202154,1202187,1202262,1202265,1202312,1202341,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202623,1202636,1202672,1202681,1202685,1202686,1202700,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202872,1202874,1202898,1202914,1202960,1202989,1202992,1202993,1203002,1203008,1203036,1203039,1203041,1203063,1203066,1203067,1203098,1203101,1203107,1203116,1203117,1203138,1203139,1203159,1203183,1203197,1203208,1203229,1203263,1203290,1203338,1203360,1203361,1203389,1203391,1203410,1203435,1203505,1203511,1203514,1203552,1203606,1203664,1203693,1203699,1203767,1203769,1203770,1203794,1203798,1203802,1203829,1203893,1203902,1203906,1203908,1203922,1203935,1203939,1203960,1203969,1203987,1203992,1203994,1204017,1204051,1204059,1204060,1204092,1204125,1204132,1204142,1204166,1204168,1204170,1204171,1204183,1204228,1204241,1204289,1204290,1204291,1204292,1204353,1204354,1204355,1204402,1204405,1204413,1204414,1204415,1204417,1204424,1204428,1204431,1204432,1204439,1204470,1204479,1204486,1204498,1204533,1204569,1204574,1204575,1204576,1204619,1204624,1204631,1204635,1204636,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204745,1204753,1204780,1204810,1204850,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,1205007,1205100,1205111,1205113,1205128,1205130,1205149,1205153,1205220,1205257,1205264,1205282,1205313,1205331,1205332,1205427,1205428,1205473,1205496,1205507,1205514,1205521,1205567,1205616,1205617,1205653,1205671,1205679,1205683,1205700,1205705,1205709,1205711,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206045,1206046,1206047,1206048,1206049,1206050,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,1206273,1206391
CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-1184,CVE-2022-1263,CVE-2022-1882,CVE-2022-20368,CVE-2022-20369,CVE-2022-2153,CVE-2022-2586,CVE-2022-2588,CVE-2022-2602,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-28748,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2964,CVE-2022-2977,CVE-2022-2978,CVE-2022-3028,CVE-2022-3078,CVE-2022-3114,CVE-2022-3169,CVE-2022-3176,CVE-2022-3202,CVE-2022-32250,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3566,CVE-2022-3567,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3635,CVE-2022-3640,CVE-2022-3643,CVE-2022-3646,CVE-2022-3649,CVE-2022-36879,CVE-2022-36946,CVE-2022-3707,CVE-2022-3903,CVE-2022-39188,CVE-2022-39189,CVE-2022-39190,CVE-2022-40476,CVE-2022-40768,CVE-2022-4095,CVE-2022-41218,CVE-2022-4129,CVE-2022-4139,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42703,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722,CVE-2022-42895,CVE-2022-42896,CVE-2022-43750,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934
JIRA References: PED-1082,PED-1084,PED-1085,PED-1096,PED-1211,PED-1573,PED-1649,PED-1706,PED-1936,PED-2684,PED-387,PED-529,PED-611,PED-634,PED-652,PED-664,PED-676,PED-678,PED-679,PED-682,PED-688,PED-707,PED-720,PED-729,PED-732,PED-755,PED-763,PED-813,PED-817,PED-822,PED-824,PED-825,PED-833,PED-842,PED-846,PED-849,PED-850,PED-851,PED-856,PED-857,SLE-13847,SLE-18130,SLE-19359,SLE-19924,SLE-20183,SLE-23766,SLE-24572,SLE-24682,SLE-24814,SLE-9246
Sources used:
openSUSE Leap Micro 5.3 (src):    kernel-rt-5.14.21-150400.15.5.1
openSUSE Leap 15.4 (src):    kernel-rt-5.14.21-150400.15.5.1, kernel-rt_debug-5.14.21-150400.15.5.1, kernel-source-rt-5.14.21-150400.15.5.1, kernel-syms-rt-5.14.21-150400.15.5.1
SUSE Linux Enterprise Module for Realtime 15-SP4 (src):    kernel-rt-5.14.21-150400.15.5.1, kernel-rt_debug-5.14.21-150400.15.5.1, kernel-source-rt-5.14.21-150400.15.5.1, kernel-syms-rt-5.14.21-150400.15.5.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-livepatch-SLE15-SP4-RT_Update_1-1-150400.1.3.1
SUSE Linux Enterprise Micro 5.3 (src):    kernel-rt-5.14.21-150400.15.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.