1187038 – (CVE-2020-36386) VUL-0: CVE-2020-36386: kernel-source-rt,kernel-source-azure,kernel-source: An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf

Bug 1187038 (CVE-2020-36386) - VUL-0: CVE-2020-36386: kernel-source-rt,kernel-source-azure,kernel-source: An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf

Summary: VUL-0: CVE-2020-36386: kernel-source-rt,kernel-source-azure,kernel-source: An...

Status:	RESOLVED FIXED

Alias:	CVE-2020-36386

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/301364/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-36386:5.1:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2021-06-08 11:39 UTC by Marcus Meissner
Modified:	2024-06-25 16:07 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2021-06-08 11:39:54 UTC

CVE-2020-36386

An issue was discovered in the Linux kernel before 5.8.1.
net/bluetooth/hci_event.c has a slab out-of-bounds read in
hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36386
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.1
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101
https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000
https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt
https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2

Comment 1 Marcus Meissner 2021-06-08 12:26:40 UTC

not sure which are affected, buzt the function itself is very old.

Comment 2 Takashi Iwai 2021-06-08 12:36:42 UTC

Indeed the function originated from 2.6.14, so all kernels may be affected.

SLE15-SP2/SP3 already contain the backport via git-fixes.  Older branches need the backport.

Comment 3 Takashi Iwai 2021-06-08 12:47:39 UTC

The reference was updated on SLE15-SP2 branch.

The fix was backported to cve/linux-4.12, cve/linux-4.4, cve/linux-3.0, cve/linux-2.6.32 and cve/linux-2.6.16 branches.

Reassigned back to security team.

Comment 11 Swamp Workflow Management 2021-06-28 19:33:43 UTC

openSUSE-SU-2021:2184-1: An update that solves four vulnerabilities and has 107 fixes is now available.

Category: security (important)
Bug References: 1087082,1152489,1154353,1174978,1176447,1176771,1177666,1178134,1178378,1178612,1179610,1182999,1183712,1184259,1184436,1184631,1185195,1185428,1185497,1185570,1185589,1185675,1185701,1186155,1186286,1186460,1186463,1186472,1186501,1186672,1186677,1186681,1186752,1186885,1186928,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187039,1187050,1187052,1187067,1187068,1187069,1187072,1187143,1187144,1187167,1187334,1187344,1187345,1187346,1187347,1187348,1187349,1187350,1187351,1187357,1187711
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-64kb-5.3.18-59.10.1, kernel-debug-5.3.18-59.10.1, kernel-default-5.3.18-59.10.1, kernel-default-base-5.3.18-59.10.1.18.4.2, kernel-docs-5.3.18-59.10.1, kernel-kvmsmall-5.3.18-59.10.1, kernel-obs-build-5.3.18-59.10.1, kernel-obs-qa-5.3.18-59.10.1, kernel-preempt-5.3.18-59.10.1, kernel-source-5.3.18-59.10.1, kernel-syms-5.3.18-59.10.1, kernel-zfcpdump-5.3.18-59.10.1

Comment 12 Swamp Workflow Management 2021-06-28 20:06:51 UTC

SUSE-SU-2021:2184-1: An update that solves four vulnerabilities and has 107 fixes is now available.

Category: security (important)
Bug References: 1087082,1152489,1154353,1174978,1176447,1176771,1177666,1178134,1178378,1178612,1179610,1182999,1183712,1184259,1184436,1184631,1185195,1185428,1185497,1185570,1185589,1185675,1185701,1186155,1186286,1186460,1186463,1186472,1186501,1186672,1186677,1186681,1186752,1186885,1186928,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187039,1187050,1187052,1187067,1187068,1187069,1187072,1187143,1187144,1187167,1187334,1187344,1187345,1187346,1187347,1187348,1187349,1187350,1187351,1187357,1187711
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.10.1, kernel-preempt-5.3.18-59.10.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.10.1, kernel-livepatch-SLE15-SP3_Update_2-1-7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.10.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.10.1, kernel-obs-build-5.3.18-59.10.1, kernel-preempt-5.3.18-59.10.1, kernel-source-5.3.18-59.10.1, kernel-syms-5.3.18-59.10.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.10.1, kernel-default-5.3.18-59.10.1, kernel-default-base-5.3.18-59.10.1.18.4.2, kernel-preempt-5.3.18-59.10.1, kernel-source-5.3.18-59.10.1, kernel-zfcpdump-5.3.18-59.10.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2021-06-30 13:39:08 UTC

SUSE-SU-2021:2202-1: An update that solves four vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1152489,1154353,1174978,1176447,1176771,1178134,1178612,1179610,1183712,1184259,1184436,1184631,1185195,1185570,1185589,1185675,1185701,1186155,1186286,1186463,1186472,1186672,1186677,1186752,1186885,1186928,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187039,1187050,1187052,1187067,1187068,1187069,1187072,1187143,1187144,1187167,1187334,1187344,1187345,1187346,1187347,1187348,1187349,1187350,1187351,1187357,1187711
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.8.1, kernel-source-azure-5.3.18-38.8.1, kernel-syms-azure-5.3.18-38.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2021-06-30 14:13:44 UTC

openSUSE-SU-2021:2202-1: An update that solves four vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1152489,1154353,1174978,1176447,1176771,1178134,1178612,1179610,1183712,1184259,1184436,1184631,1185195,1185570,1185589,1185675,1185701,1186155,1186286,1186463,1186472,1186672,1186677,1186752,1186885,1186928,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187039,1187050,1187052,1187067,1187068,1187069,1187072,1187143,1187144,1187167,1187334,1187344,1187345,1187346,1187347,1187348,1187349,1187350,1187351,1187357,1187711
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.8.1, kernel-source-azure-5.3.18-38.8.1, kernel-syms-azure-5.3.18-38.8.1

Comment 21 OBSbugzilla Bot 2021-07-07 10:55:39 UTC

This is an autogenerated message for OBS integration:
This bug (1187038) was mentioned in
https://build.opensuse.org/request/show/904571 15.2 / kernel-source

Comment 24 Swamp Workflow Management 2021-07-08 13:30:52 UTC

openSUSE-SU-2021:0985-1: An update that solves 10 vulnerabilities and has 103 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1174978,1176771,1179610,1182470,1183712,1184212,1184436,1184685,1185195,1185486,1185589,1185675,1185677,1185701,1185861,1185863,1186206,1186286,1186463,1186666,1186672,1186752,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187050,1187067,1187068,1187069,1187072,1187143,1187144,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.81.1, kernel-default-5.3.18-lp152.81.1, kernel-default-base-5.3.18-lp152.81.1.lp152.8.36.1, kernel-docs-5.3.18-lp152.81.1, kernel-kvmsmall-5.3.18-lp152.81.1, kernel-obs-build-5.3.18-lp152.81.1, kernel-obs-qa-5.3.18-lp152.81.1, kernel-preempt-5.3.18-lp152.81.1, kernel-source-5.3.18-lp152.81.1, kernel-syms-5.3.18-lp152.81.1

Comment 27 Swamp Workflow Management 2021-07-13 13:25:11 UTC

SUSE-SU-2021:2303-1: An update that solves 9 vulnerabilities, contains 8 features and has 100 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1174978,1176771,1179610,1182470,1183712,1184212,1184685,1185195,1185486,1185589,1185675,1185677,1185701,1186206,1186463,1186666,1186672,1186752,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187050,1187067,1187068,1187069,1187072,1187143,1187144,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: ECO-3691,SLE-11493,SLE-11796,SLE-17882,SLE-7926,SLE-8371,SLE-8389,SLE-8464
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.53.1, kernel-source-azure-5.3.18-18.53.1, kernel-syms-azure-5.3.18-18.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2021-07-13 13:36:33 UTC

SUSE-SU-2021:14764-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1184081,1184391,1184611,1185859,1185861,1185862,1185863,1186062,1187038,1187452,1187595
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-36386,CVE-2021-0512,CVE-2021-29154,CVE-2021-32399,CVE-2021-34693
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.129.1, kernel-default-3.0.101-108.129.1, kernel-ec2-3.0.101-108.129.1, kernel-pae-3.0.101-108.129.1, kernel-ppc64-3.0.101-108.129.1, kernel-source-3.0.101-108.129.1, kernel-syms-3.0.101-108.129.1, kernel-trace-3.0.101-108.129.1, kernel-xen-3.0.101-108.129.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.129.1, kernel-pae-3.0.101-108.129.1, kernel-ppc64-3.0.101-108.129.1, kernel-trace-3.0.101-108.129.1, kernel-xen-3.0.101-108.129.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.129.1, kernel-default-3.0.101-108.129.1, kernel-ec2-3.0.101-108.129.1, kernel-pae-3.0.101-108.129.1, kernel-ppc64-3.0.101-108.129.1, kernel-trace-3.0.101-108.129.1, kernel-xen-3.0.101-108.129.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2021-07-14 19:25:43 UTC

SUSE-SU-2021:2325-1: An update that solves 9 vulnerabilities, contains 8 features and has 100 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1174978,1176771,1179610,1182470,1183712,1184212,1184685,1185195,1185486,1185589,1185675,1185677,1185701,1186206,1186463,1186666,1186672,1186752,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187050,1187067,1187068,1187069,1187072,1187143,1187144,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: ECO-3691,SLE-11493,SLE-11796,SLE-17882,SLE-7926,SLE-8371,SLE-8389,SLE-8464
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.70.1, kernel-default-base-5.3.18-24.70.1.9.32.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.70.1, kernel-preempt-5.3.18-24.70.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.70.1, kernel-livepatch-SLE15-SP2_Update_16-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.70.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.70.1, kernel-obs-build-5.3.18-24.70.1, kernel-preempt-5.3.18-24.70.1, kernel-source-5.3.18-24.70.1, kernel-syms-5.3.18-24.70.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.70.1, kernel-default-base-5.3.18-24.70.1.9.32.1, kernel-preempt-5.3.18-24.70.1, kernel-source-5.3.18-24.70.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.70.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Swamp Workflow Management 2021-07-14 19:37:21 UTC

SUSE-SU-2021:2321-1: An update that solves 9 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 1103990,1103991,1104353,1113994,1114648,1129770,1135481,1136345,1174978,1179610,1182470,1185486,1185677,1185701,1185861,1185863,1186206,1186264,1186463,1186515,1186516,1186517,1186518,1186519,1186520,1186521,1186522,1186523,1186524,1186525,1186526,1186527,1186528,1186529,1186530,1186531,1186532,1186533,1186534,1186535,1186537,1186538,1186539,1186540,1186541,1186542,1186543,1186545,1186546,1186547,1186548,1186549,1186550,1186551,1186552,1186554,1186555,1186556,1186627,1186635,1186638,1186698,1186699,1186700,1186701,1187038,1187049,1187402,1187404,1187407,1187408,1187409,1187411,1187412,1187452,1187453,1187455,1187554,1187595,1187601,1187630,1187631,1187833,1187867,1187972
CVE References: CVE-2019-25045,CVE-2020-24588,CVE-2020-26558,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.62.1, kernel-source-azure-4.12.14-16.62.1, kernel-syms-azure-4.12.14-16.62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Swamp Workflow Management 2021-07-14 19:48:00 UTC

SUSE-SU-2021:2349-1: An update that solves 9 vulnerabilities and has 79 fixes is now available.

Category: security (important)
Bug References: 1103990,1103991,1104353,1113994,1114648,1129770,1135481,1136345,1174978,1179610,1182470,1184040,1185428,1185486,1185677,1185701,1185861,1185863,1186206,1186264,1186463,1186515,1186516,1186517,1186518,1186519,1186520,1186521,1186522,1186523,1186524,1186525,1186526,1186527,1186528,1186529,1186530,1186531,1186532,1186533,1186534,1186535,1186537,1186538,1186539,1186540,1186541,1186542,1186543,1186545,1186546,1186547,1186548,1186549,1186550,1186551,1186552,1186554,1186555,1186556,1186627,1186635,1186638,1186698,1186699,1186700,1186701,1187038,1187049,1187402,1187404,1187407,1187408,1187409,1187411,1187412,1187452,1187453,1187455,1187554,1187595,1187601,1187630,1187631,1187833,1187867,1187972,1188010
CVE References: CVE-2019-25045,CVE-2020-24588,CVE-2020-26558,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-4.12.14-10.49.1
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.49.1, kernel-rt_debug-4.12.14-10.49.1, kernel-source-rt-4.12.14-10.49.1, kernel-syms-rt-4.12.14-10.49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 33 Swamp Workflow Management 2021-07-14 20:25:54 UTC

SUSE-SU-2021:2324-1: An update that solves 9 vulnerabilities and has 77 fixes is now available.

Category: security (important)
Bug References: 1103990,1103991,1104353,1113994,1114648,1129770,1135481,1136345,1174978,1179610,1182470,1185486,1185677,1185701,1185861,1185863,1186206,1186264,1186463,1186515,1186516,1186517,1186518,1186519,1186520,1186521,1186522,1186523,1186524,1186525,1186526,1186527,1186528,1186529,1186530,1186531,1186532,1186533,1186534,1186535,1186537,1186538,1186539,1186540,1186541,1186542,1186543,1186545,1186546,1186547,1186548,1186549,1186550,1186551,1186552,1186554,1186555,1186556,1186627,1186635,1186638,1186698,1186699,1186700,1186701,1187038,1187049,1187402,1187404,1187407,1187408,1187409,1187411,1187412,1187452,1187453,1187455,1187554,1187595,1187601,1187630,1187631,1187833,1187867,1187972,1188010
CVE References: CVE-2019-25045,CVE-2020-24588,CVE-2020-26558,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.77.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.77.1, kernel-obs-build-4.12.14-122.77.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.77.1, kernel-source-4.12.14-122.77.1, kernel-syms-4.12.14-122.77.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.77.1, kgraft-patch-SLE12-SP5_Update_20-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.77.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 42 Swamp Workflow Management 2021-07-20 16:38:10 UTC

SUSE-SU-2021:2406-1: An update that solves 20 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1179610,1180846,1184611,1185859,1185860,1185861,1185862,1185863,1185898,1185987,1186060,1186062,1186111,1186390,1186463,1187038,1187050,1187215,1187452,1187595,1187601,1187934,1188062,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.158.1, kernel-source-4.4.121-92.158.1, kernel-syms-4.4.121-92.158.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 43 Swamp Workflow Management 2021-07-21 13:24:11 UTC

SUSE-SU-2021:2421-1: An update that solves 24 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1176081,1179610,1183738,1184611,1184675,1185642,1185725,1185859,1185860,1185861,1185862,1185898,1185987,1186060,1186062,1186111,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3491,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1, kernel-zfcpdump-4.12.14-150.75.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.75.1, kernel-livepatch-SLE15_Update_25-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 44 Swamp Workflow Management 2021-07-21 13:30:53 UTC

openSUSE-SU-2021:2427-1: An update that solves 13 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1153720,1174978,1179610,1181193,1185428,1185701,1185861,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-197.99.1, kernel-default-4.12.14-197.99.1, kernel-kvmsmall-4.12.14-197.99.1, kernel-vanilla-4.12.14-197.99.1, kernel-zfcpdump-4.12.14-197.99.1

Comment 45 Swamp Workflow Management 2021-07-21 13:46:15 UTC

SUSE-SU-2021:2426-1: An update that solves 9 vulnerabilities, contains 8 features and has 101 fixes is now available.

Category: security (important)
Bug References: 1152489,1153274,1154353,1155518,1164648,1174978,1176771,1179610,1182470,1183712,1184212,1184685,1185195,1185486,1185589,1185675,1185677,1185701,1186206,1186463,1186666,1186672,1186752,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187050,1187067,1187068,1187069,1187072,1187143,1187144,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187834,1187867,1187883,1187886,1187927,1187972,1187980
CVE References: CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573
JIRA References: ECO-3691,SLE-11493,SLE-11796,SLE-17882,SLE-7926,SLE-8371,SLE-8389,SLE-8464
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-42.2, kernel-rt_debug-5.3.18-42.2, kernel-source-rt-5.3.18-42.1, kernel-syms-rt-5.3.18-42.1, lttng-modules-2.10.10-1.5.1, oracleasm-2.0.8-1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 46 Swamp Workflow Management 2021-07-21 13:54:10 UTC

SUSE-SU-2021:2427-1: An update that solves 13 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1153720,1174978,1179610,1181193,1185428,1185701,1185861,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1, kernel-zfcpdump-4.12.14-197.99.1
SUSE Manager Retail Branch Server 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Manager Proxy 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1, kernel-zfcpdump-4.12.14-197.99.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.99.1, kernel-livepatch-SLE15-SP1_Update_26-1-3.3.3
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.99.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 47 Swamp Workflow Management 2021-07-21 13:58:22 UTC

SUSE-SU-2021:2422-1: An update that solves 13 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1104967,1174978,1179610,1185701,1185861,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1187934,1188062,1188116
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.80.1, kgraft-patch-SLE12-SP4_Update_22-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 48 Swamp Workflow Management 2021-07-22 16:22:14 UTC

SUSE-SU-2021:2451-1: An update that solves 20 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1115026,1175462,1179610,1184611,1185724,1185859,1185860,1185861,1185862,1185863,1185898,1185987,1186060,1186062,1186111,1186235,1186390,1186463,1187038,1187050,1187193,1187215,1187388,1187452,1187595,1187601,1187934,1188062,1188063,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.147.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 52 Swamp Workflow Management 2021-08-10 13:45:15 UTC

SUSE-SU-2021:2643-1: An update that solves 10 vulnerabilities, contains one feature and has 33 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1153720,1170511,1176724,1176931,1176940,1179195,1181161,1183871,1184114,1184350,1184804,1185032,1185308,1185377,1185791,1185995,1186206,1186482,1186672,1187038,1187050,1187215,1187476,1187585,1187846,1188026,1188062,1188101,1188116,1188273,1188274,1188405,1188620,1188750,1188838,1188842,1188876,1188885,1188973
CVE References: CVE-2020-0429,CVE-2020-36385,CVE-2020-36386,CVE-2021-22543,CVE-2021-22555,CVE-2021-33909,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576
JIRA References: SLE-10538
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.54.1, kernel-rt_debug-4.12.14-10.54.1, kernel-source-rt-4.12.14-10.54.1, kernel-syms-rt-4.12.14-10.54.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 53 Swamp Workflow Management 2021-08-10 13:54:30 UTC

SUSE-SU-2021:2647-1: An update that solves 5 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1176724,1176931,1176940,1179195,1181161,1183871,1184114,1184350,1184804,1185377,1186206,1186482,1186483,1186672,1187038,1187476,1187846,1188026,1188101,1188405,1188620,1188750,1188838,1188876,1188885,1188973
CVE References: CVE-2020-0429,CVE-2020-36386,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.83.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.83.1, kernel-obs-build-4.12.14-122.83.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.83.1, kernel-source-4.12.14-122.83.1, kernel-syms-4.12.14-122.83.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.83.1, kgraft-patch-SLE12-SP5_Update_22-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.83.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 54 Swamp Workflow Management 2021-08-10 13:59:17 UTC

SUSE-SU-2021:2644-1: An update that solves 5 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1176724,1176931,1176940,1179195,1181161,1183871,1184114,1184350,1184804,1185377,1186206,1186482,1186483,1186672,1187038,1187476,1187846,1188026,1188101,1188405,1188620,1188750,1188838,1188876,1188885,1188973
CVE References: CVE-2020-0429,CVE-2020-36386,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.68.1, kernel-source-azure-4.12.14-16.68.1, kernel-syms-azure-4.12.14-16.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 57 Gabriele Sonnu 2022-04-07 13:36:01 UTC

Done.

Comment 58 Gabriele Sonnu 2022-04-07 13:36:16 UTC

Closing.