Bug 1144162

Summary:	sendfile() fails when outgoing NIC has scatter-gather disabled (15.0 -> 15.1 regression)
Product:	[openSUSE] openSUSE Distribution	Reporter:	Jan Kardell <jan>
Component:	Kernel	Assignee:	Michal Kubeček <mkubecek>
Status:	RESOLVED FIXED	QA Contact:	E-mail List <qa-bugs>
Severity:	Normal
Priority:	P3 - Medium	CC:	ahasenkopf, hohmuth, jan, meissner, mkubecek, obs, pavel, pnovak, roberto.angelino, sebastian.kuhne, seife, tony
Version:	Leap 15.1
Target Milestone:	---
Hardware:	x86-64
OS:	SUSE Other
Whiteboard:
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	Athlon64-X2 ethtool -k on RTL-8110SC/8169SC Ryzen 2400G ethtool -k on RTL8111/8168/8411 Intel core i3 ethtool -k on Intel Corporation Centrino Advanced-N 6205 [Taylor Peak]

Description Jan Kardell 2019-08-03 19:05:45 UTC

It seems that the sendfile system call is not working on AMD CPUs. I found that out when trying to get apache to work, luckily the sendfile support can be disabled in the apache configuration. I found it by running apache under strace:

20:31:03 openat(AT_FDCWD, "/srv/www/htdocs/index.html", O_RDONLY|O_CLOEXEC) = 10
20:31:03 setsockopt(9, SOL_TCP, TCP_CORK, [1], 4) = 0
20:31:03 writev(9, [{iov_base="HTTP/1.1 200 OK\r\nDate: Sat, 03 A"..., iov_len=273}], 1) = 273
20:31:03 sendfile(9, 10, [0], 24371)    = -1 EOPNOTSUPP (Operation not supported)
20:31:03 setsockopt(9, SOL_TCP, TCP_CORK, [0], 4) = 0

Tested two on tho Athlon X2 machines and on one Ryzen 2400G, sendfile returns EOPNOTSUPP error. Thus it succeeds to send the headers, but no data. Oddly enough the sendfile syscall works for client on localhost or on the servers own network interface. The clients used when it fails sits on the same 192.168.xx subnet as the server.

However on an Intel core i3 sendfile works as expected.

On all machines kernel-default-4.12.14-lp151.28.10.1.x86_64 is used.

Comment 1 Michal Kubeček 2019-08-05 11:47:52 UTC

It doesn't seem likely that it would depend on CPU, I would rather expect
problems if outgoing network interface either did not support scatter-gather
or had it disabled. Could you check if there is an apparent difference in
netdev features shown by "ethtool -k" for the outgoing network device in
working and broken case?

Comment 2 Jan Kardell 2019-08-05 13:07:42 UTC

Created attachment 812810 [details]
Athlon64-X2 ethtool -k on  RTL-8110SC/8169SC

Comment 3 Jan Kardell 2019-08-05 13:11:02 UTC

Created attachment 812812 [details]
Ryzen 2400G ethtool -k on RTL8111/8168/8411

Comment 4 Jan Kardell 2019-08-05 13:13:38 UTC

Created attachment 812814 [details]
Intel core i3 ethtool -k on Intel Corporation Centrino Advanced-N 6205 [Taylor Peak]

Comment 5 Jan Kardell 2019-08-05 13:20:26 UTC

You are spot on. On the X2 apache works after doing the following:

ethtool -K eth0 tx-scatter-gather on

The chips used are:

X2: 02:0f.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8110SC/8169SC Gigabit Ethernet (rev 10)

Ryzen: 03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)

i3: 02:00.0 Network controller: Intel Corporation Centrino Advanced-N 6205 [Taylor Peak] (rev 34)

So are these defaults a bug, or is there a reason?

Comment 6 Jan Kardell 2019-08-06 10:32:33 UTC

Plugged in an Athlon64 from the junk pile and upgraded it to Leap 15.0, kernel kernel-default-4.12.14-lp150.11.4.x86_64. Tried with both tx-scatter-gather on and off, the sendfile call works in both cases. Is there a broken fallback in Leap 15.1?

Comment 7 Michael Hohmuth 2019-08-17 14:25:30 UTC

I observed the same problem with an AMD A8-3850 and an Ethernet controller that identifies as:
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06)

"ethtool -K enp2s0 tx-scatter-gather on" fixes the problem.

Comment 8 Jan Kardell 2019-08-19 14:21:31 UTC

Played with the Athlon64 running Leap 15.0 a bit. It has an nVidia chipset and tx-scatter-gather is on by default:

00:05.0 Bridge: NVIDIA Corporation CK8S Ethernet Controller (rev a2)

I tried different kernels with tx-scatter-gather disabled and finds:

kernel-default-4.12.14-lp150.12.70.1.x86_64  sendfile works
kernel-default-4.12.14-lp151.26.4.x86_64  sendfile fails
kernel-default-4.12.14-lp151.27.3.x86_64  sendfile fails
kernel-default-4.12.14-lp151.28.4.1.x86_64  sendfile fails

So it seems to me that something is broken in the Leap 15.1 kernel.

Comment 9 Tony Skilton 2019-08-27 16:09:06 UTC

I just wanted to add.

I've seen the same behaviour on my server.

I'm running an Intel Celeron E1200 dual core CPU though.

And
Model: "Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC"

Running the ethtool command as described in this thread has fixed the problem.

Comment 10 Andreas Hasenkopf 2019-09-19 10:28:10 UTC

This problem also occurs with this combination:

* SLES 15 SP1
* Intel(R) Core(TM) i7-3770 
* SysKonnect SK-9872 Gigabit Ethernet Server Adapter (SK-NET GE-ZX dual link)

Comment 11 Stefan Seyfried 2020-02-22 11:46:12 UTC

bug#1164617 is probably a duplicate of this one.

Comment 12 Michal Kubeček 2020-02-23 01:26:20 UTC

Just a quick update: tracing results indicate that the problem seems to be
related to SLE15-SP1 (and therefore also openSUSE-15.1) having backport of
mainline commit

  306b13eb3cf9  proto_ops: Add locked held versions of sendmsg and sendpage

but not

  45f91bdcd5c5  net: add sendmsg_locked and sendpage_locked to af_inet6

(Apache uses IPv6 wildcard listening socket by default). I haven't checked if
the commit above fixes the issue but when I explicitly let Apache listen only
on and IPv4 address, sendfile() works fine even with scatter-gather disabled.

Comment 13 Michal Kubeček 2020-02-23 01:27:46 UTC

*** Bug 1164617 has been marked as a duplicate of this bug. ***

Comment 14 Michal Kubeček 2020-02-24 13:10:27 UTC

The long story is that we have this stack

  sock_sendpage()
    kernel_sendpage()
      inet_sendpage()
        tcp_sendpage()
          tcp_sendpage_locked()

and in tcp_sendpage_locked():

        if (!(sk->sk_route_caps & NETIF_F_SG) ||
            !sk_check_csum_caps(sk))
                return sock_no_sendpage_locked(sk, page, offset, size, flags);

so if scatter-gather is disabled, sock_no_sendpage_locked() is called...

            sock_no_sendpage_locked()
              kernel_sendmsg_locked()

and kernel_sendmsg_locked() has

        if (!sock->ops->sendmsg_locked)
                return sock_no_sendmsg_locked(sk, msg, size);

Now the tricky part is that even if it's a TCPv4 connection, Apache uses IPv6
wildcard socket by default so that sock-ops are inet6_stream_ops rather than
inet_stream_ops and without commit 45f91bdcd5c5 ("net: add sendmsg_locked and
sendpage_locked to af_inet6"), these have no sendmsg_locked callback so that
we call sock_no_sendmsg_locked() which just returns -EOPNOTSUPP.

Submitted the missing patch to SLE15-SP1 branch, SLE12-SP5 and openSUSE-15.1
will inherit it from there.

Comment 15 Michal Kubeček 2020-02-25 09:49:45 UTC

The fix is in openSUSE-15.1 git branch now so that it will reach a maintenance
update eventually. Closing.

Comment 18 Swamp Workflow Management 2020-02-27 17:33:55 UTC

SUSE-SU-2020:0511-1: An update that solves 34 vulnerabilities and has 170 fixes is now available.

Category: security (important)
Bug References: 1046303,1050244,1050549,1051510,1051858,1061840,1065600,1065729,1071995,1083647,1085030,1086301,1086313,1086314,1088810,1090888,1103989,1103990,1103991,1104353,1104427,1104745,1105392,1109837,1111666,1112178,1112374,1112504,1113956,1114279,1114685,1115026,1118338,1118661,1123328,1126206,1127371,1127611,1127682,1129551,1133021,1133147,1134973,1140025,1142685,1143959,1144162,1144333,1151548,1151910,1151927,1152107,1152631,1153535,1153917,1154243,1154601,1154768,1154916,1155331,1155334,1155689,1156259,1156286,1156462,1157155,1157157,1157169,1157303,1157424,1157480,1157692,1157853,1157895,1157908,1157966,1158013,1158021,1158026,1158071,1158094,1158132,1158381,1158533,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159271,1159297,1159377,1159394,1159483,1159484,1159500,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160147,1160195,1160210,1160211,1160218,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161243,1161360,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1164051,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632
CVE References: CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-16746,CVE-2019-16994,CVE-2019-18808,CVE-2019-19036,CVE-2019-19045,CVE-2019-19051,CVE-2019-19054,CVE-2019-19066,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19526,CVE-2019-19527,CVE-2019-19532,CVE-2019-19533,CVE-2019-19535,CVE-2019-19537,CVE-2019-19767,CVE-2019-19927,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.27.1, kernel-source-azure-4.12.14-8.27.1, kernel-syms-azure-4.12.14-8.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Pavel Janik 2020-02-29 19:50:45 UTC

We were hit by this problem too.

In our case, Apache returned correct Content-Length but did not return any data afterwards (styles, javascript files etc). Setup is exactly as Michal describes, Apache listening on both IP4 and IP6. We disabled sendfile support in Apache and while investigating the issue in the kernel in the latest SUSE provided SP, we found this issue.

Michal perfectly described the issue and saved us a lot of time.

Thanks Michal. Greetings to ex-colleagues :-)

Comment 21 Swamp Workflow Management 2020-03-02 17:24:47 UTC

SUSE-SU-2020:0558-1: An update that solves 15 vulnerabilities and has 150 fixes is now available.

Category: security (important)
Bug References: 1050244,1050549,1051510,1051858,1061840,1065600,1065729,1071995,1083647,1085030,1086301,1086313,1086314,1088810,1104745,1105392,1109837,1111666,1112178,1112374,1112504,1113956,1114279,1114648,1114685,1118338,1123328,1127682,1129551,1133021,1133147,1140025,1142685,1144162,1144333,1151927,1153535,1153917,1154243,1154601,1156609,1157155,1157157,1157424,1157480,1157692,1157966,1158013,1158026,1158071,1159028,1159096,1159271,1159377,1159394,1159588,1159911,1159955,1160147,1160195,1160210,1160211,1160218,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161243,1161360,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161875,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139,1162171,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164051,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735
CVE References: CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-16994,CVE-2019-19036,CVE-2019-19045,CVE-2019-19054,CVE-2019-19318,CVE-2019-19927,CVE-2019-19965,CVE-2020-2732,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.10.1, kernel-source-azure-4.12.14-16.10.1, kernel-syms-azure-4.12.14-16.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Swamp Workflow Management 2020-03-02 20:21:02 UTC

SUSE-SU-2020:0560-1: An update that solves 36 vulnerabilities and has 196 fixes is now available.

Category: security (important)
Bug References: 1046303,1050244,1050549,1051510,1051858,1061840,1065600,1065729,1071995,1083647,1085030,1086301,1086313,1086314,1088810,1090888,1103989,1103990,1103991,1104353,1104427,1104745,1105392,1109837,1111666,1112178,1112374,1112504,1113956,1114279,1114685,1115026,1118338,1118661,1123328,1126206,1127371,1127611,1127682,1129551,1129770,1133021,1133147,1134973,1140025,1142685,1143959,1144162,1144333,1146519,1146544,1151548,1151910,1151927,1152107,1152631,1153535,1153917,1154243,1154601,1154768,1154916,1155331,1155334,1155689,1156259,1156286,1156462,1157155,1157157,1157169,1157303,1157424,1157480,1157692,1157853,1157895,1157908,1157966,1158013,1158021,1158026,1158071,1158094,1158132,1158381,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159271,1159297,1159377,1159394,1159483,1159484,1159500,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160147,1160195,1160210,1160211,1160218,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161243,1161360,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164051,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735
CVE References: CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-15213,CVE-2019-16746,CVE-2019-16994,CVE-2019-18808,CVE-2019-19036,CVE-2019-19045,CVE-2019-19051,CVE-2019-19054,CVE-2019-19066,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19526,CVE-2019-19527,CVE-2019-19532,CVE-2019-19533,CVE-2019-19535,CVE-2019-19537,CVE-2019-19767,CVE-2019-19927,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-2732,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.34.1, kernel-livepatch-SLE15-SP1_Update_9-1-3.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Swamp Workflow Management 2020-03-02 20:52:54 UTC

SUSE-SU-2020:0560-1: An update that solves 36 vulnerabilities and has 196 fixes is now available.

Category: security (important)
Bug References: 1046303,1050244,1050549,1051510,1051858,1061840,1065600,1065729,1071995,1083647,1085030,1086301,1086313,1086314,1088810,1090888,1103989,1103990,1103991,1104353,1104427,1104745,1105392,1109837,1111666,1112178,1112374,1112504,1113956,1114279,1114685,1115026,1118338,1118661,1123328,1126206,1127371,1127611,1127682,1129551,1129770,1133021,1133147,1134973,1140025,1142685,1143959,1144162,1144333,1146519,1146544,1151548,1151910,1151927,1152107,1152631,1153535,1153917,1154243,1154601,1154768,1154916,1155331,1155334,1155689,1156259,1156286,1156462,1157155,1157157,1157169,1157303,1157424,1157480,1157692,1157853,1157895,1157908,1157966,1158013,1158021,1158026,1158071,1158094,1158132,1158381,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159271,1159297,1159377,1159394,1159483,1159484,1159500,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160147,1160195,1160210,1160211,1160218,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161243,1161360,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164051,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735
CVE References: CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-15213,CVE-2019-16746,CVE-2019-16994,CVE-2019-18808,CVE-2019-19036,CVE-2019-19045,CVE-2019-19051,CVE-2019-19054,CVE-2019-19066,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19526,CVE-2019-19527,CVE-2019-19532,CVE-2019-19533,CVE-2019-19535,CVE-2019-19537,CVE-2019-19767,CVE-2019-19927,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-2732,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.34.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-debug-4.12.14-197.34.1, kernel-default-4.12.14-197.34.1, kernel-docs-4.12.14-197.34.1, kernel-kvmsmall-4.12.14-197.34.1, kernel-obs-qa-4.12.14-197.34.1, kernel-source-4.12.14-197.34.1, kernel-vanilla-4.12.14-197.34.1, kernel-zfcpdump-4.12.14-197.34.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.34.1, kernel-livepatch-SLE15-SP1_Update_9-1-3.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.34.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.34.1, kernel-obs-build-4.12.14-197.34.1, kernel-source-4.12.14-197.34.1, kernel-syms-4.12.14-197.34.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.34.1, kernel-source-4.12.14-197.34.1, kernel-zfcpdump-4.12.14-197.34.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Michal Kubeček 2020-03-04 06:30:39 UTC

*** Bug 1160035 has been marked as a duplicate of this bug. ***

Comment 25 Pavel Novak 2020-03-05 23:26:26 UTC

Still can't find new kernel-default with this patch for 12SP5 (I see only the one for Azure). Do I something wrong or when can I see/find/ask/wait for it? I am sorry if it's an unrelated question here.

Comment 26 Swamp Workflow Management 2020-03-06 19:14:30 UTC

This is an autogenerated message for OBS integration:
This bug (1144162) was mentioned in
https://build.opensuse.org/request/show/782233 15.1 / kernel-source

Comment 28 Swamp Workflow Management 2020-03-13 11:47:13 UTC

SUSE-SU-2020:0667-1: An update that solves 6 vulnerabilities and has 102 fixes is now available.

Category: security (important)
Bug References: 1050549,1051510,1061840,1065600,1065729,1071995,1085030,1088810,1105392,1111666,1112178,1112504,1114279,1114648,1118338,1127682,1129551,1133021,1133147,1140025,1142685,1144162,1152107,1153535,1154243,1156609,1157042,1157158,1157424,1157480,1157966,1158013,1159271,1159955,1160218,1160979,1161360,1161552,1161702,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1162067,1162109,1162139,1162171,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164051,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735
CVE References: CVE-2019-14895,CVE-2019-16746,CVE-2020-2732,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.5.1, kernel-rt_debug-4.12.14-10.5.1, kernel-source-rt-4.12.14-10.5.1, kernel-syms-rt-4.12.14-10.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Swamp Workflow Management 2020-03-13 12:07:58 UTC

openSUSE-SU-2020:0336-1: An update that solves 35 vulnerabilities and has 194 fixes is now available.

Category: security (important)
Bug References: 1046303,1050244,1050549,1051510,1051858,1060463,1061840,1065600,1065729,1071995,1083647,1085030,1086301,1086313,1086314,1088810,1090888,1103989,1103990,1103991,1103992,1104353,1104427,1104745,1105392,1109837,1111666,1112178,1112374,1112504,1113956,1114279,1114685,1115026,1118338,1118661,1123328,1126206,1127371,1127611,1127682,1129551,1129770,1133021,1133147,1134090,1134973,1136157,1136333,1140025,1142685,1143959,1144162,1144333,1146539,1151548,1151910,1151927,1152107,1152631,1153535,1153917,1154243,1154601,1154768,1154916,1155331,1155334,1155689,1156259,1156286,1156462,1157155,1157157,1157169,1157303,1157424,1157480,1157692,1157853,1157895,1157908,1157966,1158013,1158021,1158026,1158071,1158094,1158132,1158533,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159271,1159297,1159377,1159394,1159483,1159484,1159500,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160147,1160195,1160210,1160211,1160218,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160659,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161243,1161360,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1161951,1162028,1162067,1162109,1162139,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164051,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735,1165404,1165488,1165527,1165813,1165881
CVE References: CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-16746,CVE-2019-16994,CVE-2019-18808,CVE-2019-19036,CVE-2019-19045,CVE-2019-19051,CVE-2019-19054,CVE-2019-19066,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19526,CVE-2019-19527,CVE-2019-19532,CVE-2019-19533,CVE-2019-19535,CVE-2019-19537,CVE-2019-19767,CVE-2019-19927,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-2732,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.40.1, kernel-default-4.12.14-lp151.28.40.1, kernel-docs-4.12.14-lp151.28.40.1, kernel-kvmsmall-4.12.14-lp151.28.40.1, kernel-obs-build-4.12.14-lp151.28.40.1, kernel-obs-qa-4.12.14-lp151.28.40.1, kernel-source-4.12.14-lp151.28.40.1, kernel-syms-4.12.14-lp151.28.40.1, kernel-vanilla-4.12.14-lp151.28.40.1

Comment 30 Swamp Workflow Management 2020-03-13 18:24:40 UTC

SUSE-SU-2020:0688-1: An update that solves three vulnerabilities and has 84 fixes is now available.

Category: security (moderate)
Bug References: 1050549,1051510,1061840,1065600,1065729,1071995,1088810,1105392,1111666,1112178,1112504,1114279,1118338,1133021,1133147,1140025,1142685,1144162,1157424,1157480,1157966,1158013,1159271,1160218,1160979,1161360,1161702,1161907,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164051,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735
CVE References: CVE-2020-2732,CVE-2020-8648,CVE-2020-8992
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.20.1, kernel-rt_debug-4.12.14-14.20.1, kernel-source-rt-4.12.14-14.20.1, kernel-syms-rt-4.12.14-14.20.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-rt-4.12.14-14.20.1, kernel-rt_debug-4.12.14-14.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Ali Abdallah 2020-04-28 08:30:38 UTC

*** Bug 1167480 has been marked as a duplicate of this bug. ***

Comment 33 Swamp Workflow Management 2020-04-29 16:48:27 UTC

SUSE-SU-2020:1142-1: An update that solves 13 vulnerabilities and has 157 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065600,1065729,1083647,1085030,1088810,1103990,1103992,1104353,1104745,1104967,1109837,1109911,1111666,1111974,1112178,1112374,1112504,1113956,1114279,1114685,1118338,1119680,1120386,1123328,1127611,1133021,1134090,1134395,1136157,1136333,1137325,1141895,1142685,1144162,1144333,1145051,1145929,1146539,1148868,1154385,1156510,1157424,1158187,1158552,1158983,1159037,1159142,1159198,1159199,1159285,1160659,1161561,1161702,1161951,1162171,1162929,1162931,1163403,1163508,1163762,1163897,1163971,1164051,1164078,1164115,1164284,1164388,1164471,1164507,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735,1164777,1164780,1164893,1165019,1165111,1165182,1165185,1165211,1165404,1165488,1165527,1165581,1165741,1165813,1165823,1165873,1165929,1165949,1165950,1165980,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166658,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625
CVE References: CVE-2018-20836,CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-2732,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.20.1, kgraft-patch-SLE12-SP5_Update_4-1-8.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 34 Swamp Workflow Management 2020-04-29 17:12:55 UTC

SUSE-SU-2020:1142-1: An update that solves 13 vulnerabilities and has 157 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065600,1065729,1083647,1085030,1088810,1103990,1103992,1104353,1104745,1104967,1109837,1109911,1111666,1111974,1112178,1112374,1112504,1113956,1114279,1114685,1118338,1119680,1120386,1123328,1127611,1133021,1134090,1134395,1136157,1136333,1137325,1141895,1142685,1144162,1144333,1145051,1145929,1146539,1148868,1154385,1156510,1157424,1158187,1158552,1158983,1159037,1159142,1159198,1159199,1159285,1160659,1161561,1161702,1161951,1162171,1162929,1162931,1163403,1163508,1163762,1163897,1163971,1164051,1164078,1164115,1164284,1164388,1164471,1164507,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735,1164777,1164780,1164893,1165019,1165111,1165182,1165185,1165211,1165404,1165488,1165527,1165581,1165741,1165813,1165823,1165873,1165929,1165949,1165950,1165980,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166658,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625
CVE References: CVE-2018-20836,CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-2732,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.20.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.20.1, kernel-obs-build-4.12.14-122.20.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.20.1, kernel-source-4.12.14-122.20.1, kernel-syms-4.12.14-122.20.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.20.1, kgraft-patch-SLE12-SP5_Update_4-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 37 Swamp Workflow Management 2022-12-15 17:22:17 UTC

SUSE-FU-2022:4496-1: An update that solves 7 vulnerabilities, contains three features and has 54 fixes is now available.

Category: feature (moderate)
Bug References: 1045605,1124793,1131489,1138452,1144162,1152800,1154768,1154824,1155181,1155990,1156353,1157778,1158890,1159356,1159891,1162119,1163403,1163508,1164692,1167689,1175623,1176021,1176140,1176375,1176579,1177369,1177753,1179170,1180894,1182194,1182905,1182917,1183405,1183464,1184594,1185357,1185593,1185594,1185684,1185758,1185857,1186034,1186312,1186316,1186317,1186420,1186442,1186792,1187194,1187508,1187983,1189394,1189483,1189889,1190260,1190460,1191005,1191199,1193878,1196730,1196873
CVE References: CVE-2020-0543,CVE-2020-0548,CVE-2020-0549,CVE-2020-12351,CVE-2020-12352,CVE-2020-1472,CVE-2020-24490
JIRA References: SLE-21579,SLE-24335,SLE-25064
Sources used:
openSUSE Leap 15.3 (src):    sca-patterns-base-1.5.0-150300.10.3.1, sca-patterns-hae-1.5.1-150300.10.3.1, sca-patterns-sle11-1.5.1-150300.18.3.1, sca-patterns-sle12-1.5.1-150300.3.3.1, sca-patterns-sle15-1.5.1-150300.14.3.1, sca-patterns-suma-1.5.0-150300.9.3.1, sca-server-report-1.5.1-150300.11.3.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    sca-patterns-base-1.5.0-150300.10.3.1, sca-patterns-hae-1.5.1-150300.10.3.1, sca-patterns-sle11-1.5.1-150300.18.3.1, sca-patterns-sle12-1.5.1-150300.3.3.1, sca-patterns-sle15-1.5.1-150300.14.3.1, sca-patterns-suma-1.5.0-150300.9.3.1, sca-server-report-1.5.1-150300.11.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.