1179601 – (CVE-2020-27786) VUL-0: CVE-2020-27786: kernel-source: use-after-free in kernel midi subsystem snd_rawmidi_kernel_read1()

Bug 1179601 (CVE-2020-27786) - VUL-0: CVE-2020-27786: kernel-source: use-after-free in kernel midi subsystem snd_rawmidi_kernel_read1()

Summary: VUL-0: CVE-2020-27786: kernel-source: use-after-free in kernel midi subsystem...

Status:	RESOLVED FIXED

Alias:	CVE-2020-27786

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/272654/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-27786:7.8:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-12-04 12:26 UTC by Robert Frohl
Modified:	2024-06-25 15:29 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2020-12-04 12:26:01 UTC

rh#1900933

A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free.  A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.

This would only affect systems that have attached local MIDI hardware with the midi kernel modules loaded.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1900933
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27786
http://seclists.org/oss-sec/2020/q4/179
https://access.redhat.com/security/cve/CVE-2020-27786

Comment 1 Robert Frohl 2020-12-04 12:27:34 UTC

@Takashi: I am wondering if i missed the original bug, or if this is the first bug is the primary one

Comment 2 Takashi Iwai 2020-12-04 13:57:34 UTC

(In reply to Robert Frohl from comment #1)
> @Takashi: I am wondering if i missed the original bug, or if this is the
> first bug is the primary one

Sorry, which one are you referring to the original bug?

AFAIU, it's about the bug reported at
  https://lore.kernel.org/r/CAFcO6XMWpUVK_yzzCpp8_XP7+=oUpQvuBeCbMffEDkpe8jWrfg@mail.gmail.com

And the fix is the upstream commit c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d.

SLE15-SP1 and SLE15-SP2 already contain the fix.

Comment 3 Robert Frohl 2020-12-04 15:26:01 UTC

(In reply to Takashi Iwai from comment #2)
> (In reply to Robert Frohl from comment #1)
> > @Takashi: I am wondering if i missed the original bug, or if this is the
> > first bug is the primary one
> 
> Sorry, which one are you referring to the original bug?
> 
> AFAIU, it's about the bug reported at
>  
> https://lore.kernel.org/r/
> CAFcO6XMWpUVK_yzzCpp8_XP7+=oUpQvuBeCbMffEDkpe8jWrfg@mail.gmail.com
> 
> And the fix is the upstream commit c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d.
> 
> SLE15-SP1 and SLE15-SP2 already contain the fix.

I thought there might already have been a SUSE bug for it that I just did not locate.

Comment 4 Takashi Iwai 2020-12-04 15:30:30 UTC

The patch references are updated for SLE15-SP1 and SLE15-SP2.
The fix is backported to cve/linux-4.12, cve/linux-4.4, cve/linux-3.12, cve/linux-3.0, cve/linux-2.6.32 and cve/linux-2.6.16.

Reassigned back to security team.

Comment 6 Swamp Workflow Management 2020-12-11 17:30:35 UTC

SUSE-SU-2020:3764-1: An update that solves 11 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1139944,1149032,1152489,1153274,1154353,1155518,1158775,1160634,1161099,1167773,1170139,1171558,1173504,1174852,1175721,1175918,1175995,1176109,1176200,1176481,1176586,1176855,1176956,1177066,1177070,1177353,1177397,1177666,1178182,1178203,1178227,1178286,1178401,1178426,1178590,1178634,1178635,1178653,1178669,1178740,1178755,1178756,1178762,1178782,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179442,1179550,1179578,1179601,1179639
CVE References: CVE-2020-15436,CVE-2020-15437,CVE-2020-25669,CVE-2020-25705,CVE-2020-27777,CVE-2020-27786,CVE-2020-28915,CVE-2020-28941,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-19.1, kernel-rt_debug-5.3.18-19.1, kernel-source-rt-5.3.18-19.1, kernel-syms-rt-5.3.18-19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Swamp Workflow Management 2020-12-11 20:22:42 UTC

SUSE-SU-2020:3766-1: An update that solves 11 vulnerabilities and has 68 fixes is now available.

Category: security (important)
Bug References: 1050242,1050536,1050545,1050549,1056653,1056657,1056787,1064802,1066129,1067665,1103990,1103992,1104389,1104393,1109837,1110096,1111666,1112178,1112374,1118657,1122971,1136460,1136461,1139944,1158775,1170139,1170630,1172542,1172873,1174726,1174852,1175916,1176109,1176558,1176559,1176956,1177304,1177397,1177666,1177805,1177808,1177809,1177819,1177820,1178182,1178270,1178589,1178590,1178634,1178635,1178669,1178838,1178853,1178854,1178878,1178886,1178897,1178940,1178962,1179107,1179140,1179141,1179204,1179211,1179213,1179259,1179403,1179406,1179418,1179419,1179421,1179424,1179426,1179427,1179429,1179520,1179578,1179601,1179663
CVE References: CVE-2018-20669,CVE-2019-20934,CVE-2020-15436,CVE-2020-15437,CVE-2020-25669,CVE-2020-27777,CVE-2020-27786,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371,CVE-2020-4788
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.25.1, kernel-rt_debug-4.12.14-10.25.1, kernel-source-rt-4.12.14-10.25.1, kernel-syms-rt-4.12.14-10.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2020-12-14 23:28:35 UTC

SUSE-SU-2020:3798-1: An update that solves 11 vulnerabilities and has 80 fixes is now available.

Category: security (important)
Bug References: 1050242,1050536,1050545,1050549,1056653,1056657,1056787,1064802,1066129,1067665,1103990,1103992,1104389,1104393,1109837,1110096,1111666,1112178,1112374,1118657,1122971,1136460,1136461,1139944,1158775,1170139,1170630,1172542,1172694,1174726,1174852,1175916,1176109,1176558,1176559,1176956,1177304,1177397,1177666,1177805,1177808,1177819,1177820,1178182,1178270,1178589,1178590,1178634,1178635,1178669,1178853,1178854,1178878,1178886,1178897,1178940,1178962,1179107,1179140,1179141,1179204,1179211,1179213,1179259,1179403,1179406,1179418,1179419,1179421,1179424,1179426,1179427,1179429,1179520,1179578,1179601,1179616,1179663,1179666,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724
CVE References: CVE-2018-20669,CVE-2019-20934,CVE-2020-15436,CVE-2020-15437,CVE-2020-25669,CVE-2020-27777,CVE-2020-27786,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371,CVE-2020-4788
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.44.2, kernel-rt_debug-4.12.14-14.44.2, kernel-source-rt-4.12.14-14.44.2, kernel-syms-rt-4.12.14-14.44.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2021-01-12 23:26:36 UTC

SUSE-SU-2021:0098-1: An update that solves 14 vulnerabilities and has 86 fixes is now available.

Category: security (moderate)
Bug References: 1040855,1044120,1044767,1050242,1050536,1050545,1055117,1056653,1056657,1056787,1064802,1065729,1066129,1094840,1103990,1103992,1104389,1104393,1109695,1109837,1110096,1111666,1112178,1112374,1114648,1115431,1118657,1122971,1136460,1136461,1138374,1139944,1152457,1158775,1164780,1171078,1172538,1172694,1174784,1174852,1176558,1176559,1176956,1177666,1178270,1178401,1178590,1178634,1178762,1179014,1179015,1179045,1179082,1179107,1179141,1179142,1179204,1179403,1179406,1179418,1179419,1179421,1179429,1179444,1179520,1179578,1179601,1179616,1179663,1179666,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180117,1180258,1180506
CVE References: CVE-2018-20669,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-15436,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-29371,CVE-2020-29660,CVE-2020-29661,CVE-2020-4788
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.41.1, kernel-source-azure-4.12.14-16.41.1, kernel-syms-azure-4.12.14-16.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Swamp Workflow Management 2021-01-12 23:38:52 UTC

SUSE-SU-2021:0097-1: An update that solves 15 vulnerabilities and has 83 fixes is now available.

Category: security (moderate)
Bug References: 1040855,1044120,1044767,1050242,1050536,1050545,1055117,1056653,1056657,1056787,1064802,1065729,1066129,1094840,1103990,1103992,1104389,1104393,1109695,1109837,1110096,1111666,1112178,1112374,1115431,1118657,1122971,1136460,1136461,1138374,1139944,1144912,1152457,1158775,1164780,1168952,1171078,1172145,1172538,1172694,1173834,1174784,1174852,1176558,1176559,1176956,1177666,1178270,1178401,1178590,1178634,1178762,1179014,1179015,1179045,1179082,1179107,1179141,1179142,1179204,1179403,1179406,1179418,1179419,1179421,1179429,1179444,1179520,1179578,1179601,1179663,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506
CVE References: CVE-2018-20669,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-15436,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-29371,CVE-2020-29660,CVE-2020-29661,CVE-2020-4788
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.58.1, kernel-source-azure-4.12.14-8.58.1, kernel-syms-azure-4.12.14-8.58.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Swamp Workflow Management 2021-01-12 23:48:01 UTC

SUSE-SU-2021:0096-1: An update that solves 12 vulnerabilities and has 93 fixes is now available.

Category: security (moderate)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1165933,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1175995,1176396,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178590,1178612,1178634,1178660,1178756,1178780,1179204,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.32.1, kernel-source-azure-5.3.18-18.32.1, kernel-syms-azure-5.3.18-18.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 OBSbugzilla Bot 2021-01-13 07:54:14 UTC

This is an autogenerated message for OBS integration:
This bug (1179601) was mentioned in
https://build.opensuse.org/request/show/862807 15.1 / kernel-source

Comment 22 OBSbugzilla Bot 2021-01-13 16:25:26 UTC

This is an autogenerated message for OBS integration:
This bug (1179601) was mentioned in
https://build.opensuse.org/request/show/862934 15.2 / kernel-source

Comment 23 Swamp Workflow Management 2021-01-14 08:22:35 UTC

SUSE-SU-2021:0117-1: An update that solves 15 vulnerabilities and has 98 fixes is now available.

Category: security (moderate)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1163727,1165933,1167657,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1175995,1176396,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178372,1178590,1178612,1178634,1178660,1178756,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506,1180541,1180559,1180566
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28374,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.46.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.46.1, kernel-livepatch-SLE15-SP2_Update_9-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.46.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.46.1, kernel-obs-build-5.3.18-24.46.1, kernel-preempt-5.3.18-24.46.1, kernel-source-5.3.18-24.46.1, kernel-syms-5.3.18-24.46.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.46.1, kernel-default-base-5.3.18-24.46.1.9.19.1, kernel-preempt-5.3.18-24.46.1, kernel-source-5.3.18-24.46.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2021-01-14 08:35:20 UTC

SUSE-SU-2021:0118-1: An update that solves 14 vulnerabilities and has 77 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1050242,1050536,1050545,1055117,1056653,1056657,1056787,1064802,1065729,1066129,1094840,1103990,1103992,1104389,1104393,1109695,1109837,1110096,1112178,1112374,1115431,1118657,1129770,1136460,1136461,1138374,1139944,1144912,1152457,1163727,1164780,1171078,1172145,1172538,1172694,1174784,1174852,1176558,1176559,1176956,1178270,1178372,1178401,1178590,1178634,1178762,1179014,1179015,1179045,1179082,1179107,1179142,1179204,1179419,1179444,1179520,1179578,1179601,1179663,1179666,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559
CVE References: CVE-2018-20669,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28374,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.78.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.78.1, kernel-livepatch-SLE15-SP1_Update_21-1-3.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.78.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.78.1, kernel-obs-build-4.12.14-197.78.1, kernel-source-4.12.14-197.78.1, kernel-syms-4.12.14-197.78.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.78.1, kernel-source-4.12.14-197.78.1, kernel-zfcpdump-4.12.14-197.78.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.78.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2021-01-15 02:22:05 UTC

openSUSE-SU-2021:0060-1: An update that solves 17 vulnerabilities and has 99 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1163727,1165933,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175389,1175480,1175995,1176396,1176846,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178372,1178590,1178612,1178634,1178660,1178756,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179878,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506,1180541,1180559,1180566,1180773
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-25639,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-27835,CVE-2020-28374,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.60.1, kernel-default-5.3.18-lp152.60.1, kernel-docs-5.3.18-lp152.60.1, kernel-kvmsmall-5.3.18-lp152.60.1, kernel-obs-build-5.3.18-lp152.60.1, kernel-obs-qa-5.3.18-lp152.60.1, kernel-preempt-5.3.18-lp152.60.1, kernel-source-5.3.18-lp152.60.1, kernel-syms-5.3.18-lp152.60.1

Comment 26 Swamp Workflow Management 2021-01-15 11:24:32 UTC

SUSE-SU-2021:0133-1: An update that solves 14 vulnerabilities and has 85 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1050242,1050536,1050545,1055117,1056653,1056657,1056787,1064802,1065729,1066129,1094840,1103990,1103992,1104389,1104393,1109695,1109837,1110096,1112178,1112374,1114648,1115431,1118657,1122971,1129770,1136460,1136461,1138374,1139944,1144912,1152457,1163727,1164780,1171078,1172145,1172538,1172694,1174784,1174852,1176558,1176559,1176956,1177666,1178270,1178372,1178401,1178590,1178634,1178762,1179014,1179015,1179045,1179082,1179107,1179142,1179204,1179403,1179406,1179418,1179419,1179421,1179444,1179520,1179578,1179601,1179616,1179663,1179666,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559
CVE References: CVE-2018-20669,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28374,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.57.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.57.1, kernel-obs-build-4.12.14-122.57.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.57.1, kernel-source-4.12.14-122.57.1, kernel-syms-4.12.14-122.57.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.57.1, kgraft-patch-SLE12-SP5_Update_14-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.57.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2021-01-16 14:22:13 UTC

openSUSE-SU-2021:0075-1: An update that solves 17 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1112178,1115431,1129770,1138374,1139944,1144912,1152457,1163727,1164780,1168952,1171078,1172145,1172538,1172694,1174784,1176558,1176559,1176846,1176956,1177666,1178049,1178270,1178372,1178401,1178590,1178634,1178762,1178900,1179014,1179015,1179045,1179082,1179107,1179142,1179204,1179444,1179508,1179509,1179520,1179575,1179578,1179601,1179663,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559,1180676
CVE References: CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-25639,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.91.1, kernel-default-4.12.14-lp151.28.91.1, kernel-docs-4.12.14-lp151.28.91.1, kernel-kvmsmall-4.12.14-lp151.28.91.1, kernel-obs-build-4.12.14-lp151.28.91.1, kernel-obs-qa-4.12.14-lp151.28.91.1, kernel-source-4.12.14-lp151.28.91.1, kernel-syms-4.12.14-lp151.28.91.1, kernel-vanilla-4.12.14-lp151.28.91.1

Comment 30 Takashi Iwai 2021-02-01 13:30:19 UTC

Nicolai pointed a bug in the backport to older kernels (cve/linux-4.12 and older branches) while SLE15-SP1 and newer are correct.

In the old code, the buffer resize is performed in both snd_rawmidi_input_params() and snd_rawmidi_output_params(), while the patch changes only the latter.  In the new code, it's unified in another helper, hence we needed to change only one place, while the old code needs the changes in both places.

The patch was refreshed and pushed out to my for-next branches.

Comment 38 Swamp Workflow Management 2021-02-05 21:41:45 UTC

openSUSE-SU-2021:0242-1: An update that solves 79 vulnerabilities and has 676 fixes is now available.

Category: security (moderate)
Bug References: 1034995,1040855,1043347,1044120,1044767,1055014,1055117,1055186,1058115,1061843,1065600,1065729,1066382,1071995,1077428,1085030,1094244,1094840,1109695,1115431,1120163,1129923,1133021,1134760,1136666,1138374,1139944,1148868,1149032,1152148,1152457,1152472,1152489,1153274,1154353,1154488,1154492,1154824,1155518,1155798,1156315,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158775,1158983,1159058,1159781,1159867,1159886,1160388,1160634,1160947,1161099,1161495,1162002,1162063,1162209,1162400,1162702,1163592,1163727,1164648,1164777,1164780,1165211,1165455,1165629,1165692,1165933,1165975,1166146,1166166,1166340,1166965,1166985,1167030,1167104,1167527,1167651,1167657,1167773,1167851,1168230,1168461,1168468,1168779,1168838,1168952,1168959,1169021,1169094,1169194,1169263,1169514,1169681,1169763,1169771,1169790,1169795,1170011,1170139,1170232,1170284,1170415,1170442,1170617,1170621,1170774,1170879,1170891,1170895,1171000,1171068,1171073,1171078,1171117,1171150,1171156,1171189,1171191,1171218,1171219,1171220,1171236,1171242,1171246,1171285,1171293,1171374,1171390,1171391,1171392,1171417,1171426,1171507,1171513,1171514,1171529,1171530,1171558,1171634,1171644,1171662,1171675,1171688,1171699,1171709,1171730,1171732,1171736,1171739,1171742,1171743,1171759,1171773,1171774,1171775,1171776,1171777,1171778,1171779,1171780,1171781,1171782,1171783,1171784,1171785,1171786,1171787,1171788,1171789,1171790,1171791,1171792,1171793,1171794,1171795,1171796,1171797,1171798,1171799,1171810,1171827,1171828,1171832,1171833,1171834,1171835,1171839,1171840,1171841,1171842,1171843,1171844,1171849,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172108,1172145,1172169,1172170,1172197,1172201,1172208,1172223,1172247,1172317,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172418,1172419,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172733,1172739,1172751,1172757,1172759,1172775,1172781,1172782,1172783,1172814,1172823,1172841,1172871,1172873,1172938,1172939,1172940,1172956,1172963,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173017,1173068,1173074,1173085,1173115,1173139,1173206,1173267,1173271,1173280,1173284,1173428,1173438,1173461,1173468,1173485,1173514,1173552,1173573,1173625,1173746,1173776,1173798,1173813,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1173954,1174002,1174003,1174018,1174026,1174029,1174072,1174098,1174110,1174111,1174116,1174126,1174127,1174128,1174129,1174146,1174185,1174205,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174358,1174362,1174387,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174484,1174486,1174513,1174527,1174625,1174627,1174645,1174689,1174699,1174737,1174748,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174899,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175079,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175306,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175480,1175493,1175546,1175550,1175599,1175621,1175654,1175667,1175691,1175718,1175721,1175749,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175787,1175807,1175834,1175873,1175882,1175898,1175918,1175952,1175995,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176069,1176109,1176137,1176180,1176200,1176235,1176236,1176237,1176242,1176354,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176396,1176400,1176423,1176449,1176481,1176485,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176543,1176544,1176545,1176546,1176548,1176558,1176559,1176564,1176586,1176587,1176588,1176659,1176698,1176699,1176700,1176713,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176855,1176869,1176877,1176907,1176925,1176942,1176956,1176962,1176979,1176980,1176983,1176990,1177021,1177030,1177066,1177070,1177086,1177090,1177109,1177121,1177193,1177194,1177206,1177258,1177271,1177281,1177283,1177284,1177285,1177286,1177297,1177326,1177353,1177384,1177397,1177410,1177411,1177470,1177500,1177511,1177617,1177666,1177679,1177681,1177683,1177687,1177694,1177697,1177698,1177703,1177719,1177724,1177725,1177726,1177733,1177739,1177749,1177750,1177754,1177755,1177765,1177766,1177799,1177801,1177814,1177817,1177820,1177854,1177855,1177856,1177861,1178002,1178049,1178079,1178123,1178166,1178173,1178175,1178176,1178177,1178182,1178183,1178184,1178185,1178186,1178190,1178191,1178203,1178227,1178246,1178255,1178270,1178286,1178307,1178330,1178393,1178395,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178590,1178612,1178634,1178635,1178653,1178659,1178660,1178661,1178669,1178686,1178740,1178755,1178756,1178762,1178780,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179204,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179434,1179435,1179442,1179519,1179550,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179887,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180349,1180506,1180541,1180559,1180566,173030,744692,789311,954532,995541
CVE References: CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0110,CVE-2020-0305,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-0543,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-11668,CVE-2020-12351,CVE-2020-12352,CVE-2020-12652,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14314,CVE-2020-14331,CVE-2020-14351,CVE-2020-14356,CVE-2020-14385,CVE-2020-14386,CVE-2020-14390,CVE-2020-14416,CVE-2020-15393,CVE-2020-15436,CVE-2020-15437,CVE-2020-15780,CVE-2020-16120,CVE-2020-16166,CVE-2020-1749,CVE-2020-24490,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29370,CVE-2020-29371,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2020-8694
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-rt-5.3.18-lp152.3.5.1, kernel-rt_debug-5.3.18-lp152.3.5.1, kernel-source-rt-5.3.18-lp152.3.5.1, kernel-syms-rt-5.3.18-lp152.3.5.1

Comment 43 Swamp Workflow Management 2021-02-11 14:20:45 UTC

SUSE-SU-2021:0434-1: An update that solves 26 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1144912,1149032,1158775,1163727,1171979,1176395,1176846,1176962,1177304,1177666,1178036,1178182,1178198,1178372,1178589,1178590,1178684,1178886,1179107,1179140,1179141,1179419,1179429,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179878,1179895,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1180676,1181001,1181158,1181349,1181504,1181553,1181645
CVE References: CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25639,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27835,CVE-2020-28374,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.68.1, kernel-source-4.12.14-95.68.1, kernel-syms-4.12.14-95.68.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.68.1, kernel-source-4.12.14-95.68.1, kernel-syms-4.12.14-95.68.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.68.1, kernel-source-4.12.14-95.68.1, kernel-syms-4.12.14-95.68.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.68.1, kernel-source-4.12.14-95.68.1, kernel-syms-4.12.14-95.68.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.68.1, kgraft-patch-SLE12-SP4_Update_18-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 44 Swamp Workflow Management 2021-02-11 20:21:33 UTC

SUSE-SU-2021:0437-1: An update that solves 26 vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1070943,1121826,1121872,1157298,1168952,1173942,1176395,1176485,1177411,1178123,1178182,1178589,1178622,1178886,1179107,1179140,1179141,1179204,1179419,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1181349,969755
CVE References: CVE-2019-19063,CVE-2019-20934,CVE-2019-6133,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25285,CVE-2020-25668,CVE-2020-25669,CVE-2020-27068,CVE-2020-27673,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28915,CVE-2020-28974,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2021-3347
JIRA References: 
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.149.1, kernel-source-4.4.121-92.149.1, kernel-syms-4.4.121-92.149.1, kgraft-patch-SLE12-SP2_Update_39-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.149.1, kernel-source-4.4.121-92.149.1, kernel-syms-4.4.121-92.149.1, kgraft-patch-SLE12-SP2_Update_39-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.149.1, kernel-source-4.4.121-92.149.1, kernel-syms-4.4.121-92.149.1, kgraft-patch-SLE12-SP2_Update_39-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.149.1, kernel-source-4.4.121-92.149.1, kernel-syms-4.4.121-92.149.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.149.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 45 Swamp Workflow Management 2021-02-11 20:35:38 UTC

SUSE-SU-2021:0438-1: An update that solves 29 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1144912,1149032,1163840,1168952,1172199,1173074,1173942,1176395,1176846,1177666,1178182,1178272,1178372,1178589,1178590,1178684,1178886,1179071,1179107,1179140,1179141,1179419,1179429,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179878,1179895,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1180676,1181001,1181158,1181349,1181504,1181553,1181645
CVE References: CVE-2019-20806,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-10781,CVE-2020-11668,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25639,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27835,CVE-2020-28374,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1, kernel-zfcpdump-4.12.14-150.66.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.66.1, kernel-livepatch-SLE15_Update_22-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.66.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 47 Swamp Workflow Management 2021-02-12 20:18:04 UTC

SUSE-SU-2021:0452-1: An update that solves 25 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 1105322,1105323,1139944,1168952,1173942,1175306,1176395,1176485,1177440,1177666,1178182,1178272,1178589,1178886,1179107,1179140,1179141,1179204,1179419,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179878,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1180815,1181096,1181158,1181349,1181553,969755
CVE References: CVE-2018-10902,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25285,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27835,CVE-2020-28915,CVE-2020-28974,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.138.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 49 Swamp Workflow Management 2021-02-16 20:20:23 UTC

SUSE-SU-2021:14630-1: An update that solves 28 vulnerabilities and has 20 fixes is now available.

Category: security (important)
Bug References: 1152107,1168952,1173659,1173942,1174205,1174247,1174993,1175691,1176011,1176012,1176235,1176253,1176278,1176395,1176423,1176482,1176485,1176722,1176896,1177206,1177226,1177666,1177766,1177906,1178123,1178182,1178589,1178590,1178622,1178886,1179107,1179140,1179141,1179419,1179601,1179616,1179745,1179877,1180029,1180030,1180052,1180086,1180559,1180562,1181158,1181166,1181349,1181553
CVE References: CVE-2019-16746,CVE-2020-0404,CVE-2020-0431,CVE-2020-0465,CVE-2020-11668,CVE-2020-14331,CVE-2020-14353,CVE-2020-14381,CVE-2020-14390,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25284,CVE-2020-25285,CVE-2020-25643,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-28915,CVE-2020-28974,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.120.1, kernel-default-3.0.101-108.120.1, kernel-ec2-3.0.101-108.120.1, kernel-pae-3.0.101-108.120.1, kernel-ppc64-3.0.101-108.120.1, kernel-source-3.0.101-108.120.1, kernel-syms-3.0.101-108.120.1, kernel-trace-3.0.101-108.120.1, kernel-xen-3.0.101-108.120.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.120.1, kernel-pae-3.0.101-108.120.1, kernel-ppc64-3.0.101-108.120.1, kernel-trace-3.0.101-108.120.1, kernel-xen-3.0.101-108.120.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.120.1, kernel-default-3.0.101-108.120.1, kernel-ec2-3.0.101-108.120.1, kernel-pae-3.0.101-108.120.1, kernel-ppc64-3.0.101-108.120.1, kernel-trace-3.0.101-108.120.1, kernel-xen-3.0.101-108.120.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 58 Gabriele Sonnu 2022-04-07 13:10:33 UTC

Done.