1179508 – (CVE-2020-29568) VUL-0: CVE-2020-29568: kernel-source: Frontends can trigger OOM in Backends by update a watched path (XSA-349 v3)

Bug 1179508 (CVE-2020-29568) - VUL-0: CVE-2020-29568: kernel-source: Frontends can trigger OOM in Backends by update a watched path (XSA-349 v3)

Summary: VUL-0: CVE-2020-29568: kernel-source: Frontends can trigger OOM in Backends b...

Status:	RESOLVED FIXED

Alias:	CVE-2020-29568

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/272608/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-29568:6.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-12-02 09:34 UTC by Robert Frohl
Modified:	2024-06-25 15:28 UTC (History)
CC List:	9 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
SLE11-SP4 backports (4.85 KB, application/octet-stream) 2022-05-25 12:24 UTC, Jan Beulich	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 3 Wolfgang Frisch 2020-12-15 13:14:29 UTC

via oss-security:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

            Xen Security Advisory CVE-2020-29568 / XSA-349
                               version 3

 Frontends can trigger OOM in Backends by update a watched path

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

Some OSes (such as Linux, FreeBSD, NetBSD) are processing watch events
using a single thread.  If the events are received faster than the thread
is able to handle, they will get queued.

As the queue is unbound, a guest may be able to trigger a OOM in
the backend.

IMPACT
======

A malicious guest can trigger an OOM in backends.

VULNERABLE SYSTEMS
==================

All systems with a FreeBSD, Linux, NetBSD dom0 are vulnerable.

All version of those OSes are vulnerable.

MITIGATION
==========

There is no known mitigation.

CREDITS
=======

This issue was discovered by Michael Kurth and Pawel Wieczorkiewicz of
Amazon.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue for Linux.

Fixes for FreeBSD and NetBSD will be handled through their own
security process.

Fixes for FreeBSD and NetBSD will be handled through their own security
process.

xsa349/xsa349-linux-?.patch   Linux

$ sha256sum xsa349*/*
76f69574553137af8c9c7aecca3025d135b49c4a5316cc541e9e355576a21599  xsa349/xsa349-linux-1.patch
3ce2e1a88321993a3698b4608d2332fb5d43e0d82de73bc9f1700202782eba30  xsa349/xsa349-linux-2.patch
4bbaf62ed5e3442b310f80344b9d3ccd37f0a07827ed41907b44228130a610da  xsa349/xsa349-linux-3.patch
a7648214cea5d0340a29552df224230cf214d698fe2d7a8798f57444225afe32  xsa349/xsa349-linux-4.patch
ac32d02129821ed7db1b71c39b2c708399c0af809eefdb5bf0709f00736e7959  xsa349/xsa349-linux-5.patch
$

DEPLOYMENT DURING EMBARGO
=========================

Deployment of the patches and/or mitigations described above (or
others which are substantially similar) is permitted during the
embargo, even on public-facing systems with untrusted guest users and
administrators.

But: Distribution of updated software is prohibited (except to other
members of the predisclosure list).

Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
Team.


(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable.  This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)

For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
  http://www.xenproject.org/security-policy.html
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl/Yqd8MHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZxv0IAI1ELk5Zbx9SD7obwWo7r9G0QOE2fP6DtZnlIDsL
AsD1bssyosT5L0Xkk5+8tmt6gwRN3fjpAj24QNO/DrytHFSa42ELPmpEeQ63/LJL
UJwxC+fbAwWrk8JM99WqWQbgASBka9VSktVML/yU3K+IpBk4xTPulJ5J+R96QYoe
65zCFkbkw2HHFLzUlveY03031ckNshrmfX/rP7vFrjywdKkvt0wq/jRIESjiWfln
sIC+qc/FtOWfXywpcdYZmL3uPqcZViVXnv4lOZ4Meg5+IzJDPxPnYw/T1RRKjdyy
dBZvhv3DHGtdnI5Q3BGW6KOuHC4KBsWLX5pPWm6m5MCfHak=
=XeRA
-----END PGP SIGNATURE-----

Comment 4 OBSbugzilla Bot 2021-01-13 07:53:51 UTC

This is an autogenerated message for OBS integration:
This bug (1179508) was mentioned in
https://build.opensuse.org/request/show/862807 15.1 / kernel-source

Comment 5 Swamp Workflow Management 2021-01-16 14:21:44 UTC

openSUSE-SU-2021:0075-1: An update that solves 17 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1112178,1115431,1129770,1138374,1139944,1144912,1152457,1163727,1164780,1168952,1171078,1172145,1172538,1172694,1174784,1176558,1176559,1176846,1176956,1177666,1178049,1178270,1178372,1178401,1178590,1178634,1178762,1178900,1179014,1179015,1179045,1179082,1179107,1179142,1179204,1179444,1179508,1179509,1179520,1179575,1179578,1179601,1179663,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559,1180676
CVE References: CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-25639,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.91.1, kernel-default-4.12.14-lp151.28.91.1, kernel-docs-4.12.14-lp151.28.91.1, kernel-kvmsmall-4.12.14-lp151.28.91.1, kernel-obs-build-4.12.14-lp151.28.91.1, kernel-obs-qa-4.12.14-lp151.28.91.1, kernel-source-4.12.14-lp151.28.91.1, kernel-syms-4.12.14-lp151.28.91.1, kernel-vanilla-4.12.14-lp151.28.91.1

Comment 11 Jürgen Groß 2021-02-01 11:23:57 UTC

Patches are in the affected kernels.

Comment 16 OBSbugzilla Bot 2021-02-02 18:32:01 UTC

This is an autogenerated message for OBS integration:
This bug (1179508) was mentioned in
https://build.opensuse.org/request/show/868724 15.2 / kernel-source

Comment 24 Swamp Workflow Management 2021-02-05 22:02:02 UTC

openSUSE-SU-2021:0241-1: An update that solves 7 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 1065600,1149032,1152472,1152489,1153274,1154353,1155518,1163930,1165545,1167773,1172355,1176395,1176831,1178142,1178631,1179142,1179396,1179508,1179509,1179567,1179572,1180130,1180264,1180412,1180759,1180765,1180809,1180812,1180848,1180889,1180891,1180971,1181014,1181018,1181077,1181104,1181148,1181158,1181161,1181169,1181203,1181217,1181218,1181219,1181220,1181237,1181318,1181335,1181346,1181349,1181425,1181494,1181504,1181511,1181538,1181584
CVE References: CVE-2020-25211,CVE-2020-29568,CVE-2020-29569,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.63.1, kernel-default-5.3.18-lp152.63.1, kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1, kernel-docs-5.3.18-lp152.63.1, kernel-kvmsmall-5.3.18-lp152.63.1, kernel-obs-build-5.3.18-lp152.63.1, kernel-obs-qa-5.3.18-lp152.63.1, kernel-preempt-5.3.18-lp152.63.1, kernel-source-5.3.18-lp152.63.1, kernel-syms-5.3.18-lp152.63.1

Comment 26 Swamp Workflow Management 2021-02-09 14:19:58 UTC

SUSE-SU-2021:0347-1: An update that solves 11 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1065600,1149032,1152472,1152489,1153274,1154353,1155518,1163727,1163930,1165545,1167773,1172355,1175389,1176395,1176831,1176846,1178142,1178372,1178631,1178684,1179142,1179396,1179508,1179509,1179567,1179572,1179575,1179878,1180008,1180130,1180264,1180412,1180541,1180559,1180562,1180566,1180676,1180759,1180765,1180773,1180809,1180812,1180848,1180859,1180889,1180891,1180971,1181014,1181018,1181077,1181104,1181148,1181158,1181161,1181169,1181203,1181217,1181218,1181219,1181220,1181237,1181318,1181335,1181346,1181349,1181425,1181494,1181504,1181511,1181538,1181553,1181584,1181645
CVE References: CVE-2020-25211,CVE-2020-25639,CVE-2020-27835,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-36158,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.35.2, kernel-source-azure-5.3.18-18.35.2, kernel-syms-azure-5.3.18-18.35.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2021-02-09 14:37:11 UTC

SUSE-SU-2021:0348-1: An update that solves 9 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046540,1046542,1046648,1050242,1050244,1050536,1050538,1050545,1056653,1056657,1056787,1064802,1066129,1073513,1074220,1075020,1086282,1086301,1086313,1086314,1098633,1103990,1103991,1103992,1104270,1104277,1104279,1104353,1104427,1104742,1104745,1109837,1111981,1112178,1112374,1113956,1119113,1126206,1126390,1127354,1127371,1129770,1136348,1144912,1149032,1163727,1172145,1174206,1176831,1176846,1178036,1178049,1178372,1178631,1178684,1178900,1179093,1179508,1179509,1179563,1179573,1179575,1179878,1180008,1180130,1180559,1180562,1180676,1180765,1180812,1180859,1180891,1180912,1181001,1181018,1181170,1181230,1181231,1181349,1181425,1181553,901327
CVE References: CVE-2020-25639,CVE-2020-27835,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-36158,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.44.1, kernel-source-azure-4.12.14-16.44.1, kernel-syms-azure-4.12.14-16.44.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2021-02-09 20:23:01 UTC

SUSE-SU-2021:0353-1: An update that solves 8 vulnerabilities and has 68 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046540,1046542,1046648,1050242,1050244,1050536,1050538,1050545,1056653,1056657,1056787,1064802,1066129,1073513,1074220,1075020,1086282,1086301,1086313,1086314,1098633,1103990,1103991,1103992,1104270,1104277,1104279,1104353,1104427,1104742,1104745,1109837,1111981,1112178,1112374,1113956,1119113,1126206,1126390,1127354,1127371,1129770,1136348,1149032,1174206,1176395,1176831,1176846,1178036,1178049,1178631,1178900,1179093,1179508,1179509,1179563,1179573,1179575,1179878,1180008,1180130,1180765,1180812,1180859,1180891,1180912,1181001,1181018,1181170,1181230,1181231,1181349,1181425,1181553
CVE References: CVE-2020-25211,CVE-2020-25639,CVE-2020-27835,CVE-2020-29568,CVE-2020-29569,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.60.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.60.2, kernel-obs-build-4.12.14-122.60.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.60.1, kernel-source-4.12.14-122.60.1, kernel-syms-4.12.14-122.60.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.60.1, kgraft-patch-SLE12-SP5_Update_15-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.60.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Swamp Workflow Management 2021-02-09 20:30:31 UTC

SUSE-SU-2021:0354-1: An update that solves 9 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1065600,1149032,1152472,1152489,1153274,1154353,1155518,1163930,1165545,1167773,1172355,1175389,1176395,1176831,1176846,1178142,1178631,1179142,1179396,1179508,1179509,1179567,1179572,1179575,1179878,1180008,1180130,1180264,1180412,1180759,1180765,1180773,1180809,1180812,1180848,1180859,1180889,1180891,1180971,1181014,1181018,1181077,1181104,1181148,1181158,1181161,1181169,1181203,1181217,1181218,1181219,1181220,1181237,1181318,1181335,1181346,1181349,1181425,1181494,1181504,1181511,1181538,1181553,1181584,1181645
CVE References: CVE-2020-25211,CVE-2020-25639,CVE-2020-27835,CVE-2020-29568,CVE-2020-29569,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.49.2
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.49.2, kernel-livepatch-SLE15-SP2_Update_10-1-5.3.2
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.49.2
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.49.3, kernel-obs-build-5.3.18-24.49.2, kernel-preempt-5.3.18-24.49.2, kernel-source-5.3.18-24.49.2, kernel-syms-5.3.18-24.49.2
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.49.2, kernel-default-base-5.3.18-24.49.2.9.21.2, kernel-preempt-5.3.18-24.49.2, kernel-source-5.3.18-24.49.2
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.49.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2021-02-10 20:25:27 UTC

SUSE-SU-2021:0427-1: An update that solves 10 vulnerabilities and has 61 fixes is now available.

Category: security (important)
Bug References: 1065600,1149032,1152472,1152489,1153274,1154353,1155518,1163930,1165545,1167773,1172355,1175389,1176395,1176831,1176846,1178142,1178372,1178631,1178684,1178995,1179142,1179396,1179508,1179509,1179567,1179572,1179575,1179878,1180008,1180130,1180264,1180412,1180676,1180759,1180765,1180773,1180809,1180812,1180848,1180859,1180889,1180891,1180964,1180971,1181014,1181018,1181077,1181104,1181148,1181158,1181161,1181169,1181203,1181217,1181218,1181219,1181220,1181237,1181318,1181335,1181346,1181349,1181425,1181494,1181504,1181511,1181538,1181544,1181553,1181584,1181645
CVE References: CVE-2020-25211,CVE-2020-25639,CVE-2020-27835,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-25.1, kernel-rt_debug-5.3.18-25.1, kernel-source-rt-5.3.18-25.1, kernel-syms-rt-5.3.18-25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Swamp Workflow Management 2021-02-11 14:20:30 UTC

SUSE-SU-2021:0434-1: An update that solves 26 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1144912,1149032,1158775,1163727,1171979,1176395,1176846,1176962,1177304,1177666,1178036,1178182,1178198,1178372,1178589,1178590,1178684,1178886,1179107,1179140,1179141,1179419,1179429,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179878,1179895,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1180676,1181001,1181158,1181349,1181504,1181553,1181645
CVE References: CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25639,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27835,CVE-2020-28374,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.68.1, kernel-source-4.12.14-95.68.1, kernel-syms-4.12.14-95.68.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.68.1, kernel-source-4.12.14-95.68.1, kernel-syms-4.12.14-95.68.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.68.1, kernel-source-4.12.14-95.68.1, kernel-syms-4.12.14-95.68.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.68.1, kernel-source-4.12.14-95.68.1, kernel-syms-4.12.14-95.68.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.68.1, kgraft-patch-SLE12-SP4_Update_18-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Swamp Workflow Management 2021-02-11 14:32:52 UTC

SUSE-SU-2021:0433-1: An update that solves 10 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046540,1046542,1046648,1050242,1050244,1050536,1050538,1050545,1056653,1056657,1056787,1064802,1066129,1073513,1074220,1075020,1086282,1086301,1086313,1086314,1098633,1103990,1103991,1103992,1104270,1104277,1104279,1104353,1104427,1104742,1104745,1109837,1111981,1112178,1112374,1113956,1119113,1126206,1126390,1127354,1127371,1129770,1136348,1144912,1149032,1163727,1172145,1174206,1176831,1176846,1178036,1178049,1178372,1178631,1178684,1178900,1179093,1179508,1179509,1179563,1179573,1179575,1179878,1180008,1180130,1180559,1180562,1180676,1180765,1180812,1180859,1180891,1180912,1181001,1181018,1181170,1181230,1181231,1181349,1181425,1181504,1181553,1181645
CVE References: CVE-2020-25639,CVE-2020-27835,CVE-2020-28374,CVE-2020-29568,CVE-2020-29569,CVE-2020-36158,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.31.1, kernel-rt_debug-4.12.14-10.31.1, kernel-source-rt-4.12.14-10.31.1, kernel-syms-rt-4.12.14-10.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 33 Swamp Workflow Management 2021-02-11 20:21:21 UTC

SUSE-SU-2021:0437-1: An update that solves 26 vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1070943,1121826,1121872,1157298,1168952,1173942,1176395,1176485,1177411,1178123,1178182,1178589,1178622,1178886,1179107,1179140,1179141,1179204,1179419,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1181349,969755
CVE References: CVE-2019-19063,CVE-2019-20934,CVE-2019-6133,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25285,CVE-2020-25668,CVE-2020-25669,CVE-2020-27068,CVE-2020-27673,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28915,CVE-2020-28974,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2021-3347
JIRA References: 
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.149.1, kernel-source-4.4.121-92.149.1, kernel-syms-4.4.121-92.149.1, kgraft-patch-SLE12-SP2_Update_39-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.149.1, kernel-source-4.4.121-92.149.1, kernel-syms-4.4.121-92.149.1, kgraft-patch-SLE12-SP2_Update_39-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.149.1, kernel-source-4.4.121-92.149.1, kernel-syms-4.4.121-92.149.1, kgraft-patch-SLE12-SP2_Update_39-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.149.1, kernel-source-4.4.121-92.149.1, kernel-syms-4.4.121-92.149.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.149.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 34 Swamp Workflow Management 2021-02-11 20:35:25 UTC

SUSE-SU-2021:0438-1: An update that solves 29 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1144912,1149032,1163840,1168952,1172199,1173074,1173942,1176395,1176846,1177666,1178182,1178272,1178372,1178589,1178590,1178684,1178886,1179071,1179107,1179140,1179141,1179419,1179429,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179878,1179895,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1180676,1181001,1181158,1181349,1181504,1181553,1181645
CVE References: CVE-2019-20806,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-10781,CVE-2020-11668,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25639,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27835,CVE-2020-28374,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1, kernel-zfcpdump-4.12.14-150.66.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.66.1, kernel-livepatch-SLE15_Update_22-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.66.1, kernel-docs-4.12.14-150.66.1, kernel-obs-build-4.12.14-150.66.1, kernel-source-4.12.14-150.66.1, kernel-syms-4.12.14-150.66.1, kernel-vanilla-4.12.14-150.66.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.66.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 36 Swamp Workflow Management 2021-02-12 20:17:51 UTC

SUSE-SU-2021:0452-1: An update that solves 25 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 1105322,1105323,1139944,1168952,1173942,1175306,1176395,1176485,1177440,1177666,1178182,1178272,1178589,1178886,1179107,1179140,1179141,1179204,1179419,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179878,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1180815,1181096,1181158,1181349,1181553,969755
CVE References: CVE-2018-10902,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25285,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27835,CVE-2020-28915,CVE-2020-28974,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.138.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.138.1, kernel-source-4.4.180-94.138.1, kernel-syms-4.4.180-94.138.1, kgraft-patch-SLE12-SP3_Update_37-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 38 Swamp Workflow Management 2021-02-19 20:21:20 UTC

SUSE-SU-2021:0532-1: An update that solves 8 vulnerabilities and has 66 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046540,1046542,1046648,1050242,1050244,1050536,1050538,1050545,1056653,1056657,1056787,1064802,1066129,1073513,1074220,1075020,1086282,1086301,1086313,1086314,1098633,1103990,1103991,1103992,1104270,1104277,1104279,1104353,1104427,1104742,1104745,1109837,1111981,1112178,1112374,1113956,1119113,1126206,1126390,1127354,1127371,1129770,1136348,1149032,1174206,1176831,1176846,1178036,1178049,1178900,1179093,1179142,1179508,1179509,1179563,1179573,1179575,1179878,1180130,1180765,1180812,1180891,1180912,1181018,1181170,1181230,1181231,1181260,1181349,1181425,1181504,1181809
CVE References: CVE-2020-25639,CVE-2020-27835,CVE-2020-29568,CVE-2020-29569,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1, kernel-zfcpdump-4.12.14-197.83.1
SUSE Manager Retail Branch Server 4.0 (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE Manager Proxy 4.0 (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.83.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1, kernel-zfcpdump-4.12.14-197.83.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.83.1, kernel-livepatch-SLE15-SP1_Update_22-1-3.5.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.83.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.83.1, kernel-docs-4.12.14-197.83.1, kernel-obs-build-4.12.14-197.83.1, kernel-source-4.12.14-197.83.1, kernel-syms-4.12.14-197.83.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 43 Jan Beulich 2022-05-25 12:24:45 UTC

Created attachment 859216 [details]
SLE11-SP4 backports

Comment 44 Jan Beulich 2022-05-25 12:28:39 UTC

SLE11-SP4 is the environment which I can halfway reasonably make backports for, including some _limited_ testing. Since I've never worked with the SP3-TD branch, since I've found a few Xen related things in there which I'm not familiar with, and since the SP4 patches are generally expected to go painlessly also on SP3, I'd like to ask the branch maintainers to do the actual integration on the branch. Hence the change of assignee. Thanks.

Comment 45 Michal Hocko 2022-06-08 14:06:40 UTC

(In reply to Jan Beulich from comment #43)
> Created attachment 859216 [details]
> SLE11-SP4 backports

Could you send a pull req. for SLE11-SP4-LTSS branch please? I can try to cherry pick from there to SLE11-SP3-TD.

Thanks

Comment 49 Thomas Leroy 2022-08-25 08:53:28 UTC

Released