1188062 – (CVE-2021-33909) VUL-0: CVE-2021-33909: kernel-source: size_t-to-int vulnerability in Linux's filesystem layer

Bug 1188062 (CVE-2021-33909) - VUL-0: CVE-2021-33909: kernel-source: size_t-to-int vulnerability in Linux's filesystem layer

Summary: VUL-0: CVE-2021-33909: kernel-source: size_t-to-int vulnerability in Linux's ...

Status:	RESOLVED FIXED

Alias:	CVE-2021-33909

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/303538/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-33909:7.8:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2021-07-07 06:29 UTC by Robert Frohl
Modified:	2024-06-25 16:10 UTC (History)
CC List:	12 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 37 Marcus Meissner 2021-07-20 12:05:13 UTC

was pushed upstream.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b

Comment 38 Swamp Workflow Management 2021-07-20 16:20:45 UTC

SUSE-SU-2021:2408-1: An update that solves 5 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1152472,1152489,1170511,1179243,1183871,1184114,1184804,1185308,1185791,1187215,1187585,1188036,1188062,1188080,1188116,1188121,1188176,1188267,1188268,1188269
CVE References: CVE-2021-22555,CVE-2021-33909,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.58.1, kernel-source-azure-5.3.18-18.58.1, kernel-syms-azure-5.3.18-18.58.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 39 Swamp Workflow Management 2021-07-20 16:23:19 UTC

openSUSE-SU-2021:2409-1: An update that solves two vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1152489,1182470,1185486,1187927,1187972,1187980,1188062,1188116
CVE References: CVE-2021-22555,CVE-2021-33909
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.14.1, kernel-source-azure-5.3.18-38.14.1, kernel-syms-azure-5.3.18-38.14.1

Comment 40 Swamp Workflow Management 2021-07-20 16:33:30 UTC

SUSE-SU-2021:2409-1: An update that solves two vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1152489,1182470,1185486,1187927,1187972,1187980,1188062,1188116
CVE References: CVE-2021-22555,CVE-2021-33909
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.14.1, kernel-source-azure-5.3.18-38.14.1, kernel-syms-azure-5.3.18-38.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 41 Swamp Workflow Management 2021-07-20 16:38:54 UTC

SUSE-SU-2021:2406-1: An update that solves 20 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1179610,1180846,1184611,1185859,1185860,1185861,1185862,1185863,1185898,1185987,1186060,1186062,1186111,1186390,1186463,1187038,1187050,1187215,1187452,1187595,1187601,1187934,1188062,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.158.1, kernel-source-4.4.121-92.158.1, kernel-syms-4.4.121-92.158.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 42 Swamp Workflow Management 2021-07-20 16:42:14 UTC

SUSE-SU-2021:2407-1: An update that solves 5 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1153720,1170511,1183871,1184114,1185032,1185308,1185791,1185995,1187050,1187215,1187585,1187934,1188010,1188062,1188116,1188273,1188274
CVE References: CVE-2020-36385,CVE-2021-22555,CVE-2021-33909,CVE-2021-3609,CVE-2021-3612
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.65.1, kernel-source-azure-4.12.14-16.65.1, kernel-syms-azure-4.12.14-16.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 43 Swamp Workflow Management 2021-07-20 19:19:47 UTC

SUSE-SU-2021:2416-1: An update that solves 5 vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1153720,1170511,1183871,1184114,1185032,1185308,1185791,1185995,1187050,1187215,1187585,1187934,1188062,1188116,1188273,1188274
CVE References: CVE-2020-36385,CVE-2021-22555,CVE-2021-33909,CVE-2021-3609,CVE-2021-3612
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.80.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.80.1, kernel-obs-build-4.12.14-122.80.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.80.1, kernel-source-4.12.14-122.80.1, kernel-syms-4.12.14-122.80.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.80.1, kgraft-patch-SLE12-SP5_Update_21-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 44 Swamp Workflow Management 2021-07-20 19:21:11 UTC

openSUSE-SU-2021:2415-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1188062,1188116
CVE References: CVE-2021-22555,CVE-2021-33909
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-64kb-5.3.18-59.16.1, kernel-debug-5.3.18-59.16.1, kernel-default-5.3.18-59.16.1, kernel-default-base-5.3.18-59.16.1.18.8.1, kernel-docs-5.3.18-59.16.1, kernel-kvmsmall-5.3.18-59.16.1, kernel-obs-build-5.3.18-59.16.1, kernel-obs-qa-5.3.18-59.16.1, kernel-preempt-5.3.18-59.16.1, kernel-source-5.3.18-59.16.1, kernel-syms-5.3.18-59.16.1, kernel-zfcpdump-5.3.18-59.16.1

Comment 45 Swamp Workflow Management 2021-07-20 19:22:37 UTC

SUSE-SU-2021:2415-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1188062,1188116
CVE References: CVE-2021-22555,CVE-2021-33909
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.16.1, kernel-preempt-5.3.18-59.16.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.16.1, kernel-livepatch-SLE15-SP3_Update_4-1-7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.16.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.16.1, kernel-obs-build-5.3.18-59.16.1, kernel-preempt-5.3.18-59.16.1, kernel-source-5.3.18-59.16.1, kernel-syms-5.3.18-59.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.16.1, kernel-default-5.3.18-59.16.1, kernel-default-base-5.3.18-59.16.1.18.8.1, kernel-preempt-5.3.18-59.16.1, kernel-source-5.3.18-59.16.1, kernel-zfcpdump-5.3.18-59.16.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 47 OBSbugzilla Bot 2021-07-21 11:11:44 UTC

This is an autogenerated message for OBS integration:
This bug (1188062) was mentioned in
https://build.opensuse.org/request/show/907471 15.2 / kernel-source

Comment 48 Swamp Workflow Management 2021-07-21 13:24:57 UTC

SUSE-SU-2021:2421-1: An update that solves 24 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1176081,1179610,1183738,1184611,1184675,1185642,1185725,1185859,1185860,1185861,1185862,1185898,1185987,1186060,1186062,1186111,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3491,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1, kernel-zfcpdump-4.12.14-150.75.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.75.1, kernel-livepatch-SLE15_Update_25-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.75.1, kernel-docs-4.12.14-150.75.1, kernel-obs-build-4.12.14-150.75.1, kernel-source-4.12.14-150.75.1, kernel-syms-4.12.14-150.75.1, kernel-vanilla-4.12.14-150.75.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 49 Swamp Workflow Management 2021-07-21 13:31:46 UTC

openSUSE-SU-2021:2427-1: An update that solves 13 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1153720,1174978,1179610,1181193,1185428,1185701,1185861,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-197.99.1, kernel-default-4.12.14-197.99.1, kernel-kvmsmall-4.12.14-197.99.1, kernel-vanilla-4.12.14-197.99.1, kernel-zfcpdump-4.12.14-197.99.1

Comment 50 Swamp Workflow Management 2021-07-21 13:55:00 UTC

SUSE-SU-2021:2427-1: An update that solves 13 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1153720,1174978,1179610,1181193,1185428,1185701,1185861,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1, kernel-zfcpdump-4.12.14-197.99.1
SUSE Manager Retail Branch Server 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Manager Proxy 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1, kernel-zfcpdump-4.12.14-197.99.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.99.1, kernel-livepatch-SLE15-SP1_Update_26-1-3.3.3
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.99.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.99.1, kernel-docs-4.12.14-197.99.1, kernel-obs-build-4.12.14-197.99.1, kernel-source-4.12.14-197.99.1, kernel-syms-4.12.14-197.99.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 51 Swamp Workflow Management 2021-07-21 13:59:21 UTC

SUSE-SU-2021:2422-1: An update that solves 13 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1104967,1174978,1179610,1185701,1185861,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1187934,1188062,1188116
CVE References: CVE-2020-24588,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.80.1, kernel-source-4.12.14-95.80.1, kernel-syms-4.12.14-95.80.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.80.1, kgraft-patch-SLE12-SP4_Update_22-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 52 Swamp Workflow Management 2021-07-21 16:26:23 UTC

SUSE-SU-2021:2438-1: An update that solves 5 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1152472,1152489,1170511,1179243,1183871,1184114,1184804,1185308,1185791,1187215,1187585,1188036,1188062,1188080,1188116,1188121,1188176,1188267,1188268,1188269
CVE References: CVE-2021-22555,CVE-2021-33909,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.75.3, kernel-default-base-5.3.18-24.75.3.9.34.3
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.75.3, kernel-preempt-5.3.18-24.75.3
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.75.3, kernel-livepatch-SLE15-SP2_Update_17-1-5.3.3
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.75.3
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.75.2, kernel-obs-build-5.3.18-24.75.3, kernel-preempt-5.3.18-24.75.3, kernel-source-5.3.18-24.75.2, kernel-syms-5.3.18-24.75.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.75.3, kernel-default-base-5.3.18-24.75.3.9.34.3, kernel-preempt-5.3.18-24.75.3, kernel-source-5.3.18-24.75.2
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.75.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 53 Jiri Slaby 2021-07-22 07:11:43 UTC

FWIW in stable thanks to 5.13.4. sr#907434

Comment 54 Swamp Workflow Management 2021-07-22 10:22:51 UTC

openSUSE-SU-2021:1076-1: An update that solves 5 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1152472,1152489,1155518,1170511,1176940,1179243,1180092,1183871,1184114,1184804,1185308,1185791,1186206,1187215,1187585,1188036,1188062,1188080,1188116,1188121,1188176,1188267,1188268,1188269,1188405,1188445
CVE References: CVE-2021-22555,CVE-2021-33909,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.84.1, kernel-default-5.3.18-lp152.84.1, kernel-default-base-5.3.18-lp152.84.1.lp152.8.38.1, kernel-docs-5.3.18-lp152.84.1, kernel-kvmsmall-5.3.18-lp152.84.1, kernel-obs-build-5.3.18-lp152.84.1, kernel-obs-qa-5.3.18-lp152.84.1, kernel-preempt-5.3.18-lp152.84.1, kernel-source-5.3.18-lp152.84.1, kernel-syms-5.3.18-lp152.84.1

Comment 55 Swamp Workflow Management 2021-07-22 16:23:13 UTC

SUSE-SU-2021:2451-1: An update that solves 20 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1115026,1175462,1179610,1184611,1185724,1185859,1185860,1185861,1185862,1185863,1185898,1185987,1186060,1186062,1186111,1186235,1186390,1186463,1187038,1187050,1187193,1187215,1187388,1187452,1187595,1187601,1187934,1188062,1188063,1188116
CVE References: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33909,CVE-2021-34693,CVE-2021-3609
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.147.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.147.1, kernel-source-4.4.180-94.147.1, kernel-syms-4.4.180-94.147.1, kgraft-patch-SLE12-SP3_Update_40-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 64 Swamp Workflow Management 2021-08-10 13:46:08 UTC

SUSE-SU-2021:2643-1: An update that solves 10 vulnerabilities, contains one feature and has 33 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1153720,1170511,1176724,1176931,1176940,1179195,1181161,1183871,1184114,1184350,1184804,1185032,1185308,1185377,1185791,1185995,1186206,1186482,1186672,1187038,1187050,1187215,1187476,1187585,1187846,1188026,1188062,1188101,1188116,1188273,1188274,1188405,1188620,1188750,1188838,1188842,1188876,1188885,1188973
CVE References: CVE-2020-0429,CVE-2020-36385,CVE-2020-36386,CVE-2021-22543,CVE-2021-22555,CVE-2021-33909,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576
JIRA References: SLE-10538
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.54.1, kernel-rt_debug-4.12.14-10.54.1, kernel-source-rt-4.12.14-10.54.1, kernel-syms-rt-4.12.14-10.54.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 65 Swamp Workflow Management 2021-08-12 16:21:36 UTC

SUSE-SU-2021:2678-1: An update that solves 5 vulnerabilities and has 36 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1153274,1154353,1156395,1176940,1179243,1183871,1184114,1184350,1184631,1185377,1186194,1186482,1186483,1187476,1188062,1188063,1188101,1188257,1188405,1188445,1188504,1188620,1188683,1188746,1188747,1188748,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188842,1188876,1188885,1188973
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-33909,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-5.3.18-48.1
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-48.1, kernel-rt_debug-5.3.18-48.1, kernel-source-rt-5.3.18-48.1, kernel-syms-rt-5.3.18-48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 75 Swamp Workflow Management 2021-12-02 11:22:44 UTC

openSUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-197.102.2, kernel-default-4.12.14-197.102.2, kernel-kvmsmall-4.12.14-197.102.2, kernel-vanilla-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2

Comment 76 Swamp Workflow Management 2021-12-02 11:34:57 UTC

SUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-livepatch-SLE15-SP1_Update_27-1-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.102.2
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 78 Robert Frohl 2022-01-10 16:27:30 UTC

done, closing