Bug 1201635 (CVE-2021-33655) - VUL-0: CVE-2021-33655: kernel-source,kernel-source-azure,kernel-source-rt: Out of bounds write with ioctl cmd FBIOPUT_VSCREENINFO
Summary: VUL-0: CVE-2021-33655: kernel-source,kernel-source-azure,kernel-source-rt: Ou...
Status: RESOLVED FIXED
Alias: CVE-2021-33655
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/337631/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-33655:7.8:(AV:...
Keywords:
Depends on:
Blocks: 1202087
  Show dependency treegraph
 
Reported: 2022-07-19 08:44 UTC by Cathy Hu
Modified: 2024-06-25 16:58 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Cathy Hu 2022-07-19 08:44:54 UTC 
CVE-2021-33655

When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel
will write memory out of bounds.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33655
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4
Comment 1 Cathy Hu 2022-07-19 08:47:03 UTC 
The linked fix contains the following commits:
[1] https://github.com/torvalds/linux/commit/6c11df58fd1ac0aefcb3b227f72769272b939e56
        -> this exists in SLE15-SP4 and stable
        Affected:
        - cve/linux-3.0
        - cve/linux-4.4
        - cve/linux-4.12
        - cve/linux-5.3
        - SLE15-SP3
        - SLE12-SP5
[2] https://github.com/torvalds/linux/commit/e64242caef18b4a5840b0e7a9bff37abd4f4f933
        -> this exists in SLE15-SP4 and stable, all the other branches are affected
        Affected: same as [1]
[3] https://github.com/torvalds/linux/commit/65a01e601dbba8b7a51a2677811f70f783766682
        -> this exists in SLE15-SP4 and stable, all the other branches are affected
        Affected: same as [1]
[4] https://github.com/torvalds/linux/commit/3663a2fb325b8782524f3edb0ae32d6faa615109
        -> exists in SLE15-SP4, stable
        Fixes this commit: https://github.com/torvalds/linux/commit/422b67e0b31a0ed132f8091b6f3d5465d9df9387
        Affected:
        - cve/linux-4.4
        - cve/linux-4.12
        - cve/linux-5.3
        - SLE12-SP5
        - SLE15-SP3
[5] https://github.com/torvalds/linux/commit/955f04766d4e6eb94bf3baa539e096808c74ebfb
        -> exists in SLE15-SP4, stable
        Fixes this commit: https://github.com/torvalds/linux/commit/3d8b1933eb1c3c94ef8667996dbff6994d5d552f
        Affected:
        - SLE15-SP3
        - cve/linux-5.3

Hope that is somehow helpful :)
Comment 2 Takashi Iwai 2022-07-19 11:47:51 UTC 
(In reply to Hu from comment #1)
> The linked fix contains the following commits:

Judging from the description, basically the necessary fix is only the commit 2.

The commit 1 and 3 are for other code paths, but maybe it's worth to backport altogether.

Those commits 4 and 5 are irrelevant from this bug.
Comment 3 Takashi Iwai 2022-07-19 12:49:11 UTC 
I backported the patches 1, 2 and 3 to cve/linux-5.3, cve/linux-4.12, cve/linux-4.4 and cve/linux-3.0 branches.
The patch references are updated on SLE15-SP4 branch.

cve/linux-4.12 and older kernels received the modified version of the patch 2 where fbcon_modechange_possible() is handled via fb notifier instead of the direct invocation, since fbcon and fbmem are in the separated layers in those older kernels.

Reassigned back to security team.
Comment 25 Swamp Workflow Management 2022-08-09 16:17:54 UTC 
SUSE-SU-2022:2721-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1173514,1196973,1198829,1200598,1200762,1200910,1201251,1201429,1201635,1201636,1201742,1201752,1201930,1201940
CVE References: CVE-2020-15393,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2021-39713,CVE-2022-1462,CVE-2022-20166,CVE-2022-2318,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.181.1, kernel-source-4.4.121-92.181.1, kernel-syms-4.4.121-92.181.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2022-08-09 16:20:11 UTC 
SUSE-SU-2022:2720-1: An update that solves 7 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1103269,1114648,1190812,1195775,1195926,1198484,1198829,1200442,1200598,1200644,1200651,1200910,1201196,1201381,1201429,1201635,1201636,1201644,1201651,1201742,1201752,1201930,1201940,1201954,1201958
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.106.1, kernel-source-azure-4.12.14-16.106.1, kernel-syms-azure-4.12.14-16.106.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2022-08-09 16:22:23 UTC 
SUSE-SU-2022:2723-1: An update that solves 8 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1195775,1195926,1198484,1198829,1200442,1200598,1200910,1201050,1201429,1201635,1201636,1201926,1201930,1201940
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-26341,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.98.1, kernel-docs-4.12.14-150000.150.98.2, kernel-obs-build-4.12.14-150000.150.98.1, kernel-source-4.12.14-150000.150.98.1, kernel-syms-4.12.14-150000.150.98.1, kernel-vanilla-4.12.14-150000.150.98.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.98.1, kernel-docs-4.12.14-150000.150.98.2, kernel-obs-build-4.12.14-150000.150.98.1, kernel-source-4.12.14-150000.150.98.1, kernel-syms-4.12.14-150000.150.98.1, kernel-vanilla-4.12.14-150000.150.98.1, kernel-zfcpdump-4.12.14-150000.150.98.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.98.1, kernel-livepatch-SLE15_Update_32-1-150000.1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.98.1, kernel-docs-4.12.14-150000.150.98.2, kernel-obs-build-4.12.14-150000.150.98.1, kernel-source-4.12.14-150000.150.98.1, kernel-syms-4.12.14-150000.150.98.1, kernel-vanilla-4.12.14-150000.150.98.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.98.1, kernel-docs-4.12.14-150000.150.98.2, kernel-obs-build-4.12.14-150000.150.98.1, kernel-source-4.12.14-150000.150.98.1, kernel-syms-4.12.14-150000.150.98.1, kernel-vanilla-4.12.14-150000.150.98.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2022-08-09 16:26:14 UTC 
SUSE-SU-2022:2719-1: An update that solves 7 vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1103269,1114648,1190812,1195775,1195926,1198484,1198829,1200442,1200598,1200644,1200651,1200910,1201196,1201381,1201429,1201635,1201636,1201644,1201651,1201930,1201940,1201954,1201958
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.130.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.130.2, kernel-obs-build-4.12.14-122.130.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.130.1, kernel-source-4.12.14-122.130.1, kernel-syms-4.12.14-122.130.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.130.1, kgraft-patch-SLE12-SP5_Update_34-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.130.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2022-08-09 16:29:24 UTC 
SUSE-SU-2022:2722-1: An update that solves 5 vulnerabilities, contains 9 features and has 31 fixes is now available.

Category: security (important)
Bug References: 1190256,1190497,1198410,1198829,1199086,1199291,1199364,1199665,1199670,1200015,1200465,1200494,1200644,1200651,1201258,1201323,1201381,1201391,1201427,1201458,1201471,1201524,1201592,1201593,1201595,1201596,1201635,1201651,1201675,1201691,1201705,1201725,1201846,1201930,1201954,1201958
CVE References: CVE-2021-33655,CVE-2022-1462,CVE-2022-21505,CVE-2022-29581,CVE-2022-32250
JIRA References: SLE-18130,SLE-20183,SLE-21132,SLE-24569,SLE-24570,SLE-24571,SLE-24578,SLE-24635,SLE-24682
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.10.1, kernel-source-azure-5.14.21-150400.14.10.1, kernel-syms-azure-5.14.21-150400.14.10.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.10.1, kernel-source-azure-5.14.21-150400.14.10.1, kernel-syms-azure-5.14.21-150400.14.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Swamp Workflow Management 2022-08-10 13:18:36 UTC 
SUSE-SU-2022:2741-1: An update that solves 16 vulnerabilities, contains one feature and has 15 fixes is now available.

Category: security (important)
Bug References: 1178134,1198829,1199364,1199647,1199665,1199670,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201458,1201635,1201636,1201644,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.75.1, kernel-source-azure-5.3.18-150300.38.75.1, kernel-syms-azure-5.3.18-150300.38.75.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.75.1, kernel-source-azure-5.3.18-150300.38.75.1, kernel-syms-azure-5.3.18-150300.38.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Swamp Workflow Management 2022-08-12 19:17:30 UTC 
SUSE-SU-2022:2803-1: An update that solves 5 vulnerabilities, contains 7 features and has 16 fixes is now available.

Category: security (important)
Bug References: 1190256,1190497,1199291,1199356,1199665,1201258,1201323,1201391,1201458,1201592,1201593,1201595,1201596,1201635,1201651,1201691,1201705,1201726,1201846,1201930,1202094
CVE References: CVE-2021-33655,CVE-2022-21505,CVE-2022-2585,CVE-2022-26373,CVE-2022-29581
JIRA References: SLE-21132,SLE-24569,SLE-24570,SLE-24571,SLE-24578,SLE-24635,SLE-24682
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.18.1, kernel-64kb-5.14.21-150400.24.18.1, kernel-debug-5.14.21-150400.24.18.1, kernel-default-5.14.21-150400.24.18.1, kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4, kernel-docs-5.14.21-150400.24.18.1, kernel-kvmsmall-5.14.21-150400.24.18.1, kernel-obs-build-5.14.21-150400.24.18.1, kernel-obs-qa-5.14.21-150400.24.18.1, kernel-source-5.14.21-150400.24.18.1, kernel-syms-5.14.21-150400.24.18.1, kernel-zfcpdump-5.14.21-150400.24.18.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.18.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.18.1, kernel-livepatch-SLE15-SP4_Update_2-1-150400.9.5.2
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.18.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.18.1, kernel-obs-build-5.14.21-150400.24.18.1, kernel-source-5.14.21-150400.24.18.1, kernel-syms-5.14.21-150400.24.18.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.18.1, kernel-default-5.14.21-150400.24.18.1, kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4, kernel-source-5.14.21-150400.24.18.1, kernel-zfcpdump-5.14.21-150400.24.18.1
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Swamp Workflow Management 2022-08-15 19:16:07 UTC 
SUSE-SU-2022:2808-1: An update that solves four vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1195775,1195926,1198484,1198829,1200442,1201050,1201635,1201636,1201926,1201930
CVE References: CVE-2021-26341,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.105.1, kernel-source-4.12.14-95.105.1, kernel-syms-4.12.14-95.105.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.105.1, kernel-source-4.12.14-95.105.1, kernel-syms-4.12.14-95.105.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.105.1, kernel-source-4.12.14-95.105.1, kernel-syms-4.12.14-95.105.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.105.1, kernel-source-4.12.14-95.105.1, kernel-syms-4.12.14-95.105.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.105.1, kgraft-patch-SLE12-SP4_Update_29-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.105.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2022-08-15 22:19:44 UTC 
SUSE-SU-2022:2809-1: An update that solves 22 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1114648,1194013,1195478,1195775,1196472,1196901,1197362,1198829,1199487,1199489,1199647,1199648,1199657,1200263,1200442,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1200762,1200905,1200910,1201050,1201080,1201251,1201429,1201458,1201635,1201636,1201644,1201664,1201672,1201673,1201676,1201742,1201752,1201930,1201940
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-26341,CVE-2021-33655,CVE-2021-33656,CVE-2021-4157,CVE-2022-1116,CVE-2022-1462,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33981,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-livepatch-SLE15-SP2_Update_29-1-150200.5.5.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.126.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.126.1, kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2, kernel-docs-5.3.18-150200.24.126.1, kernel-obs-build-5.3.18-150200.24.126.1, kernel-preempt-5.3.18-150200.24.126.1, kernel-source-5.3.18-150200.24.126.1, kernel-syms-5.3.18-150200.24.126.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Swamp Workflow Management 2022-08-16 19:16:39 UTC 
SUSE-SU-2022:2827-1: An update that solves 7 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1195775,1195926,1198484,1198829,1200442,1200598,1200910,1201429,1201635,1201636,1201644,1201926,1201930,1201940
CVE References: CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-36946
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.120.1, kernel-default-4.12.14-150100.197.120.1, kernel-kvmsmall-4.12.14-150100.197.120.1, kernel-vanilla-4.12.14-150100.197.120.1, kernel-zfcpdump-4.12.14-150100.197.120.1
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.120.1, kernel-default-4.12.14-150100.197.120.1, kernel-kvmsmall-4.12.14-150100.197.120.1, kernel-vanilla-4.12.14-150100.197.120.1, kernel-zfcpdump-4.12.14-150100.197.120.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1, kernel-zfcpdump-4.12.14-150100.197.120.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.120.1, kernel-livepatch-SLE15-SP1_Update_33-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.120.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.120.1, kernel-docs-4.12.14-150100.197.120.2, kernel-obs-build-4.12.14-150100.197.120.1, kernel-source-4.12.14-150100.197.120.1, kernel-syms-4.12.14-150100.197.120.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Swamp Workflow Management 2022-08-18 13:17:09 UTC 
SUSE-SU-2022:2840-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1173514,1196973,1198829,1200598,1200762,1200910,1201251,1201429,1201635,1201636,1201930,1201940
CVE References: CVE-2020-15393,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2021-39713,CVE-2022-1462,CVE-2022-20166,CVE-2022-2318,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.171.1, kernel-source-4.4.180-94.171.1, kernel-syms-4.4.180-94.171.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Swamp Workflow Management 2022-08-23 16:21:51 UTC 
SUSE-SU-2022:2875-1: An update that solves 18 vulnerabilities, contains one feature and has 18 fixes is now available.

Category: security (important)
Bug References: 1178134,1196616,1198829,1199364,1199647,1199665,1199670,1200015,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958,1202154
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.90.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.90.1, kernel-64kb-5.3.18-150300.59.90.1, kernel-debug-5.3.18-150300.59.90.1, kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1, kernel-docs-5.3.18-150300.59.90.1, kernel-kvmsmall-5.3.18-150300.59.90.1, kernel-obs-build-5.3.18-150300.59.90.1, kernel-obs-qa-5.3.18-150300.59.90.1, kernel-preempt-5.3.18-150300.59.90.1, kernel-source-5.3.18-150300.59.90.1, kernel-syms-5.3.18-150300.59.90.1, kernel-zfcpdump-5.3.18-150300.59.90.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-preempt-5.3.18-150300.59.90.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-livepatch-SLE15-SP3_Update_23-1-150300.7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.90.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.90.1, kernel-obs-build-5.3.18-150300.59.90.1, kernel-preempt-5.3.18-150300.59.90.1, kernel-source-5.3.18-150300.59.90.1, kernel-syms-5.3.18-150300.59.90.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.90.1, kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1, kernel-preempt-5.3.18-150300.59.90.1, kernel-source-5.3.18-150300.59.90.1, kernel-zfcpdump-5.3.18-150300.59.90.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.90.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Swamp Workflow Management 2022-08-25 13:22:14 UTC 
SUSE-SU-2022:2892-1: An update that solves 17 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1178134,1196616,1196867,1198829,1199364,1199647,1199648,1199665,1199670,1199695,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201742,1201752,1201846,1201930,1201940,1201941,1201954,1201956,1201958,1202087,1202154,1202312
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.99.1, kernel-rt_debug-5.3.18-150300.99.1, kernel-source-rt-5.3.18-150300.99.1, kernel-syms-rt-5.3.18-150300.99.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.99.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.99.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2022-08-26 13:18:14 UTC 
SUSE-SU-2022:2910-1: An update that solves 10 vulnerabilities and has 26 fixes is now available.

Category: security (important)
Bug References: 1065729,1103269,1114648,1190812,1195775,1195926,1196616,1196867,1198484,1198829,1199665,1199695,1200442,1200598,1200644,1200651,1200910,1201019,1201196,1201381,1201429,1201635,1201636,1201644,1201651,1201705,1201742,1201752,1201930,1201940,1201941,1201954,1201958,1202087,1202154,1202312
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1462,CVE-2022-20166,CVE-2022-2639,CVE-2022-29581,CVE-2022-36946
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.97.1, kernel-rt_debug-4.12.14-10.97.1, kernel-source-rt-4.12.14-10.97.1, kernel-syms-rt-4.12.14-10.97.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Swamp Workflow Management 2022-09-01 15:05:02 UTC 
SUSE-SU-2022:2892-2: An update that solves 17 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1178134,1196616,1196867,1198829,1199364,1199647,1199648,1199665,1199670,1199695,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201742,1201752,1201846,1201930,1201940,1201941,1201954,1201956,1201958,1202087,1202154,1202312
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-rt-5.3.18-150300.99.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Swamp Workflow Management 2022-09-01 15:23:56 UTC 
SUSE-SU-2022:2875-2: An update that solves 18 vulnerabilities, contains one feature and has 18 fixes is now available.

Category: security (important)
Bug References: 1178134,1196616,1198829,1199364,1199647,1199665,1199670,1200015,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958,1202154
CVE References: CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
JIRA References: SLE-24559
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.90.1, kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Marcus Meissner 2022-12-12 11:47:28 UTC 
done
Comment 52 Swamp Workflow Management 2023-02-15 14:24:40 UTC 
SUSE-SU-2023:0416-1: An update that solves 62 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1055710,1084513,1131430,1133374,1154848,1166098,1173514,1177471,1191961,1196973,1197331,1197343,1197366,1197391,1198516,1198829,1199063,1199426,1199487,1199650,1199657,1200598,1200619,1200692,1200910,1201050,1201251,1201429,1201635,1201636,1201940,1201948,1202097,1202346,1202347,1202393,1202500,1202897,1202898,1202960,1203107,1203271,1203514,1203769,1203960,1203987,1204166,1204354,1204405,1204431,1204439,1204574,1204631,1204646,1204647,1204653,1204894,1204922,1205220,1205514,1205671,1205796,1206677
CVE References: CVE-2017-13695,CVE-2018-7755,CVE-2019-3837,CVE-2019-3900,CVE-2020-15393,CVE-2020-16119,CVE-2020-36557,CVE-2020-36558,CVE-2021-26341,CVE-2021-33655,CVE-2021-33656,CVE-2021-34981,CVE-2021-39713,CVE-2021-45868,CVE-2022-1011,CVE-2022-1048,CVE-2022-1353,CVE-2022-1462,CVE-2022-1652,CVE-2022-1679,CVE-2022-20132,CVE-2022-20166,CVE-2022-20368,CVE-2022-20369,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21385,CVE-2022-21499,CVE-2022-2318,CVE-2022-2663,CVE-2022-28356,CVE-2022-29900,CVE-2022-29901,CVE-2022-3028,CVE-2022-3303,CVE-2022-33981,CVE-2022-3424,CVE-2022-3524,CVE-2022-3565,CVE-2022-3566,CVE-2022-3586,CVE-2022-3621,CVE-2022-3635,CVE-2022-3646,CVE-2022-3649,CVE-2022-36879,CVE-2022-36946,CVE-2022-3903,CVE-2022-39188,CVE-2022-40768,CVE-2022-4095,CVE-2022-41218,CVE-2022-41848,CVE-2022-41850,CVE-2022-41858,CVE-2022-43750,CVE-2022-44032,CVE-2022-44033,CVE-2022-45934
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE (src):    kernel-default-3.0.101-108.138.1, kernel-ec2-3.0.101-108.138.1, kernel-source-3.0.101-108.138.1, kernel-syms-3.0.101-108.138.1, kernel-trace-3.0.101-108.138.1, kernel-xen-3.0.101-108.138.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.