Bug 1186482 (CVE-2021-22543) - VUL-0: CVE-2021-22543: kernel-source,kernel-source-azure,kernel-source-rt: /dev/kvm LPE
Summary: VUL-0: CVE-2021-22543: kernel-source,kernel-source-azure,kernel-source-rt: /d...
Status: RESOLVED FIXED
Alias: CVE-2021-22543
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/300801/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-22543:8.4:(AV:...
Keywords:
Depends on:
Blocks: 1186483
  Show dependency treegraph
 
Reported: 2021-05-27 08:11 UTC by Marcus Meissner
Modified: 2024-06-25 16:03 UTC (History)
9 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2021-05-27 08:11:05 UTC 
CVE-2021-22543

An issue was discovered in the Linux: KVM through Improper handling of
VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being
freed while still accessible by the VMM and guest. This allows users with the
ability to start and control a VM to read/write random pages of memory and can
result in local privilege escalation.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22543
http://seclists.org/oss-sec/2021/q2/167
http://www.openwall.com/lists/oss-security/2021/05/26/3
http://www.openwall.com/lists/oss-security/2021/05/26/4
http://www.cvedetails.com/cve/CVE-2021-22543/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22543
https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584
Comment 1 Marcus Meissner 2021-05-27 08:14:21 UTC 
4.8 and later according to the GHSA?
Comment 2 Petr Mladek 2021-07-07 13:50:12 UTC 
The following is mentioned at https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 :

  "Date fixed: RO bypass fixed on 2021-02-04. Improper freeing of pages fixed on 
  2021-06-26."


Where the 2nd part "Improper freeing of pages" seems to be fixed by
the upstream commit f8be156be163a052a06730 ("KVM: do not allow
mapping valid but non-reference-counted pages").

I am not sure how to find the fix for the 1st part. It has been committed before the issue has been disclosed so the CVE number was not mentioned in the commit.

Liang, could you please take care of this?
Comment 3 Liang Yan 2021-07-10 21:27:20 UTC 
The fix is upstream now:

https://github.com/torvalds/linux/commit/f8be156be163a052a067306417cd0ff679068c97
Comment 5 Liang Yan 2021-07-10 21:51:53 UTC 
The affected scope is pretty large:

LTSS:     (12SP4, 15, 15SP1)
Active:   12SP5, 15SP2, 15SP3
Comment 20 OBSbugzilla Bot 2021-08-09 21:31:31 UTC 
This is an autogenerated message for OBS integration:
This bug (1186482) was mentioned in
https://build.opensuse.org/request/show/911105 15.2 / kernel-source
Comment 21 Swamp Workflow Management 2021-08-10 13:20:31 UTC 
openSUSE-SU-2021:2645-1: An update that solves 7 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.17.1, kernel-source-azure-5.3.18-38.17.1, kernel-syms-azure-5.3.18-38.17.1
Comment 22 Swamp Workflow Management 2021-08-10 13:29:22 UTC 
SUSE-SU-2021:2645-1: An update that solves 7 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.17.1, kernel-source-azure-5.3.18-38.17.1, kernel-syms-azure-5.3.18-38.17.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2021-08-10 13:37:30 UTC 
SUSE-SU-2021:2646-1: An update that solves four vulnerabilities and has 38 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1153274,1154353,1155518,1156395,1176940,1179243,1180092,1183871,1184114,1184350,1184631,1184804,1185377,1185902,1186194,1186206,1186482,1186483,1187476,1188101,1188405,1188445,1188504,1188620,1188683,1188746,1188747,1188748,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188973
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.61.1, kernel-source-azure-5.3.18-18.61.1, kernel-syms-azure-5.3.18-18.61.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2021-08-10 13:45:00 UTC 
SUSE-SU-2021:2643-1: An update that solves 10 vulnerabilities, contains one feature and has 33 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1153720,1170511,1176724,1176931,1176940,1179195,1181161,1183871,1184114,1184350,1184804,1185032,1185308,1185377,1185791,1185995,1186206,1186482,1186672,1187038,1187050,1187215,1187476,1187585,1187846,1188026,1188062,1188101,1188116,1188273,1188274,1188405,1188620,1188750,1188838,1188842,1188876,1188885,1188973
CVE References: CVE-2020-0429,CVE-2020-36385,CVE-2020-36386,CVE-2021-22543,CVE-2021-22555,CVE-2021-33909,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576
JIRA References: SLE-10538
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.54.1, kernel-rt_debug-4.12.14-10.54.1, kernel-source-rt-4.12.14-10.54.1, kernel-syms-rt-4.12.14-10.54.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2021-08-10 13:54:09 UTC 
SUSE-SU-2021:2647-1: An update that solves 5 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1176724,1176931,1176940,1179195,1181161,1183871,1184114,1184350,1184804,1185377,1186206,1186482,1186483,1186672,1187038,1187476,1187846,1188026,1188101,1188405,1188620,1188750,1188838,1188876,1188885,1188973
CVE References: CVE-2020-0429,CVE-2020-36386,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.83.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.83.1, kernel-obs-build-4.12.14-122.83.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.83.1, kernel-source-4.12.14-122.83.1, kernel-syms-4.12.14-122.83.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.83.1, kgraft-patch-SLE12-SP5_Update_22-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.83.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2021-08-10 13:58:56 UTC 
SUSE-SU-2021:2644-1: An update that solves 5 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1176724,1176931,1176940,1179195,1181161,1183871,1184114,1184350,1184804,1185377,1186206,1186482,1186483,1186672,1187038,1187476,1187846,1188026,1188101,1188405,1188620,1188750,1188838,1188876,1188885,1188973
CVE References: CVE-2020-0429,CVE-2020-36386,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.68.1, kernel-source-azure-4.12.14-16.68.1, kernel-syms-azure-4.12.14-16.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2021-08-10 22:21:51 UTC 
openSUSE-SU-2021:1142-1: An update that solves 5 vulnerabilities and has 46 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1153274,1154353,1156395,1179243,1183871,1184114,1184350,1184631,1185377,1185902,1186194,1186264,1186482,1187476,1188101,1188405,1188445,1188504,1188620,1188683,1188746,1188747,1188748,1188770,1188771,1188772,1188773,1188774,1188777,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188838,1188842,1188876,1188885,1188973,1189021,1189057,1189077,802154
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-3659,CVE-2021-3679,CVE-2021-37576
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.87.1, kernel-default-5.3.18-lp152.87.1, kernel-default-base-5.3.18-lp152.87.1.lp152.8.40.1, kernel-docs-5.3.18-lp152.87.1, kernel-kvmsmall-5.3.18-lp152.87.1, kernel-obs-build-5.3.18-lp152.87.1, kernel-obs-qa-5.3.18-lp152.87.1, kernel-preempt-5.3.18-lp152.87.1, kernel-source-5.3.18-lp152.87.1, kernel-syms-5.3.18-lp152.87.1
Comment 28 Swamp Workflow Management 2021-08-12 16:21:12 UTC 
SUSE-SU-2021:2678-1: An update that solves 5 vulnerabilities and has 36 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1153274,1154353,1156395,1176940,1179243,1183871,1184114,1184350,1184631,1185377,1186194,1186482,1186483,1187476,1188062,1188063,1188101,1188257,1188405,1188445,1188504,1188620,1188683,1188746,1188747,1188748,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188842,1188876,1188885,1188973
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-33909,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-5.3.18-48.1
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-48.1, kernel-rt_debug-5.3.18-48.1, kernel-source-rt-5.3.18-48.1, kernel-syms-rt-5.3.18-48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2021-08-14 13:25:15 UTC 
openSUSE-SU-2021:2687-1: An update that solves 7 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-59.19.1, kernel-64kb-5.3.18-59.19.1, kernel-debug-5.3.18-59.19.1, kernel-default-5.3.18-59.19.1, kernel-default-base-5.3.18-59.19.1.18.10.1, kernel-docs-5.3.18-59.19.1, kernel-kvmsmall-5.3.18-59.19.1, kernel-obs-build-5.3.18-59.19.1, kernel-obs-qa-5.3.18-59.19.1, kernel-preempt-5.3.18-59.19.1, kernel-source-5.3.18-59.19.1, kernel-syms-5.3.18-59.19.1, kernel-zfcpdump-5.3.18-59.19.1
Comment 30 Swamp Workflow Management 2021-08-14 13:34:23 UTC 
SUSE-SU-2021:2687-1: An update that solves 7 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.19.1, kernel-preempt-5.3.18-59.19.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.19.1, kernel-livepatch-SLE15-SP3_Update_5-1-7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.19.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.19.1, kernel-obs-build-5.3.18-59.19.1, kernel-preempt-5.3.18-59.19.1, kernel-source-5.3.18-59.19.1, kernel-syms-5.3.18-59.19.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.19.1, kernel-default-5.3.18-59.19.1, kernel-default-base-5.3.18-59.19.1.18.10.1, kernel-preempt-5.3.18-59.19.1, kernel-source-5.3.18-59.19.1, kernel-zfcpdump-5.3.18-59.19.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Swamp Workflow Management 2021-08-17 16:22:28 UTC 
SUSE-SU-2021:2756-1: An update that solves four vulnerabilities and has 37 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1153274,1154353,1155518,1156395,1176940,1179243,1180092,1183871,1184114,1184350,1184631,1184804,1185377,1186194,1186206,1186482,1186483,1187476,1188101,1188405,1188445,1188504,1188620,1188683,1188746,1188747,1188748,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188973
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.78.1, kernel-default-base-5.3.18-24.78.1.9.36.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.78.1, kernel-preempt-5.3.18-24.78.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.78.1, kernel-livepatch-SLE15-SP2_Update_18-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.78.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.78.1, kernel-obs-build-5.3.18-24.78.1, kernel-preempt-5.3.18-24.78.1, kernel-source-5.3.18-24.78.1, kernel-syms-5.3.18-24.78.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.78.1, kernel-default-base-5.3.18-24.78.1.9.36.1, kernel-preempt-5.3.18-24.78.1, kernel-source-5.3.18-24.78.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.78.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2021-12-02 11:22:28 UTC 
openSUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-197.102.2, kernel-default-4.12.14-197.102.2, kernel-kvmsmall-4.12.14-197.102.2, kernel-vanilla-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2
Comment 42 Swamp Workflow Management 2021-12-02 11:34:42 UTC 
SUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-livepatch-SLE15-SP1_Update_27-1-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.102.2
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Swamp Workflow Management 2021-12-07 20:23:07 UTC 
SUSE-SU-2021:3969-1: An update that solves 37 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 1085235,1085308,1087078,1087082,1100394,1102640,1105412,1108488,1129898,1133374,1171420,1173489,1174161,1181854,1184804,1185377,1185726,1185758,1186109,1186482,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190117,1190159,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191790,1191800,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-3639,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20320,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1, kernel-zfcpdump-4.12.14-150.78.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.78.1, kernel-livepatch-SLE15_Update_26-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.78.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Swamp Workflow Management 2021-12-08 14:20:42 UTC 
SUSE-SU-2021:3972-1: An update that solves 40 vulnerabilities and has 47 fixes is now available.

Category: security (important)
Bug References: 1087082,1100416,1108488,1129735,1129898,1133374,1153720,1171420,1176724,1176931,1180624,1181854,1181855,1183050,1183861,1184673,1184804,1185377,1185677,1185726,1185727,1185758,1185973,1186063,1186482,1186483,1186672,1188026,1188172,1188563,1188601,1188613,1188838,1188842,1188876,1188983,1188985,1189057,1189262,1189278,1189291,1189399,1189400,1189418,1189420,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190118,1190159,1190276,1190349,1190350,1190351,1190432,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191318,1191529,1191530,1191628,1191660,1191790,1191801,1191813,1191961,1192036,1192045,1192048,1192267,1192379,1192400,1192444,1192549,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.83.2, kgraft-patch-SLE12-SP4_Update_23-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.83.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 47 Marcus Meissner 2022-01-25 13:28:06 UTC 
released