Bug 1188172 (CVE-2021-3640) - VUL-0: CVE-2021-3640: kernel-source: Use-After-Free vulnerability in function sco_sock_sendmsg()
Summary: VUL-0: CVE-2021-3640: kernel-source: Use-After-Free vulnerability in function...
Status: RESOLVED FIXED
Alias: CVE-2021-3640
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/303982/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-3640:7.4:(AV:L...
Keywords:
Depends on:
Blocks: 1188613
  Show dependency treegraph
 
Reported: 2021-07-09 13:03 UTC by Robert Frohl
Modified: 2024-06-25 16:11 UTC (History)
11 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 5 Marcus Meissner 2021-07-22 09:57:59 UTC 
do we have affected list of kernels?
Comment 6 Marcus Meissner 2021-07-22 11:48:07 UTC 
public via oss-sec

From: Lin Horse <kylin.formalin@gmail.com>
Subject: [oss-security] CVE-2021-3640: Linux kernel: UAF in sco_send_frame function

Hello there,

Just like the previous, tedious race condition vulnerability caused by the
unexpected locking behavior (CVE-2021-3573), a similar one is found this
time.

=*=*=*=*=*=*=*=*=  BUG DETAILS  =*=*=*=*=*=*=*=*=

We can find another place that uses bh_lock_sock() in the Linux Bluetooth
stacks.

static void sco_conn_del(struct hci_conn *hcon, int err)
{
    ...
    if (sk) {
        sock_hold(sk);
        bh_lock_sock(sk);   // {1} LOCK
        sco_sock_clear_timer(sk);
        sco_chan_del(sk, err);
        bh_unlock_sock(sk); // {2} UNLOCK
        sco_sock_kill(sk);
        sock_put(sk);
    }
    ...
    hcon->sco_data = NULL;
    kfree(conn);
}

Between these lock pairs, sco_chan_del() is called, which will delete the
channel associated with this sk.
At the end of this function, the conn will be released by kfree().

Similar to the CVE-2021-3573, there is another thread that can be
controlled by the attacker. It will wait for the kfree() and thereafter,
race to cause UAF.

For example, the sco_sock_sendmsg() function.

static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
                size_t len)
{
    ...

    lock_sock(sk);

    if (sk->sk_state == BT_CONNECTED)
        err = sco_send_frame(sk, msg, len);
    else
        err = -ENOTCONN;

    release_sock(sk);
    return err;
}

static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
{
    ...

    skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
    if (!skb)
        return err;

    if (memcpy_from_msg(skb_put(skb, len), msg, len)) { // {3}
        kfree_skb(skb);
        return -EFAULT;
    }

    hci_send_sco(conn->hcon, skb);

    ...
}

As you can see, the attacker can adopt userfaultfd technique to stop the
thread at {3} point.

Because the sco_send_frame() is protected by the lock_sock() and
release_sock(), which will not block the sco_conn_del() to release the conn.

One vulnerable race window is shown below:

sco_sock_sendmsg thread        |    sco_conn_del thread
                               |
                               |
lock_sock(sk);                 |
                               |
...                            |    bh_lock_sock(sk);
                               |    ...
                               |    bh_unlock_sock(sk);
                               |    ...
                               |    kfree(conn);
// UAF           |
hci_send_sco(conn->hcon, skb); |
                               |
                               |
=*=*=*=*=*=*=*=*=  BUG EFFECTS  =*=*=*=*=*=*=*=*=

Similar to CVE-2021-3573, the attacker may stably cause the UAF and do
further exploitation.

As the sco_conn struct is pretty juicy (two previous data pointers inside)

struct sco_conn {
    struct hci_conn    *hcon;

    spinlock_t    lock;
    struct sock    *sk;

    unsigned int    mtu;
};

The attacker can easily spray these kmalloc-32 objects with the malicious
payload, with CAP_NET_ADMIN privilege.

The provided POC code can cause the crash report below:

[   62.856933]
==================================================================
[   62.857336] BUG: KASAN: use-after-free in sco_sock_sendmsg+0x1d6/0x2c0
[   62.858202] Read of size 8 at addr ffff888002478540 by task
poc.sco.new/120
[   62.858663]
[   62.859014] CPU: 0 PID: 120 Comm: poc.sco.new Not tainted 5.13.0+ #1
[   62.859405] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.10.2-1ubuntu1 04/01/2014
[   62.859884] Call Trace:
[   62.860168]  dump_stack_lvl+0x73/0x9e
[   62.860525]  print_address_description+0x82/0x3a0
[   62.860879]  __kasan_report+0x154/0x240
[   62.861115]  ? lock_sock_nested+0x100/0x140
[   62.861446]  ? sco_sock_sendmsg+0x1d6/0x2c0
[   62.861811]  kasan_report+0x45/0x60
[   62.862133]  sco_sock_sendmsg+0x1d6/0x2c0
[   62.862461]  ? sco_sock_getsockopt+0x410/0x410
[   62.862748]  ? inet_send_prepare+0x190/0x190
[   62.863000]  sock_write_iter+0x21b/0x230
[   62.863232]  vfs_write+0x53a/0x5c0
[   62.863479]  ksys_write+0x8b/0x100
[   62.863723]  ? __fpregs_load_activate+0xc2/0x150
[   62.864017]  do_syscall_64+0x43/0x90
[   62.864287]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   62.864615] RIP: 0033:0x7f9b6c8d4abf
[   62.865073] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 fd ff ff
48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05
<48> 3d 00 f0 ff ff 77 2d 44 89 c7 48 89 44 24 08 e8 9c fd ff ff 48
[   62.865843] RSP: 002b:00007ffd6b0133a0 EFLAGS: 00000293 ORIG_RAX:
0000000000000001
[   62.866304] RAX: ffffffffffffffda RBX: 000055be494024e0 RCX:
00007f9b6c8d4abf
[   62.866660] RDX: 0000000000000010 RSI: 00007f9b6c90e000 RDI:
0000000000000005
[   62.866992] RBP: 00007ffd6b013480 R08: 0000000000000000 R09:
00007f9b6c703700
[   62.867293] R10: 00007f9b6c7039d0 R11: 0000000000000293 R12:
000055be49400d10
[   62.867576] R13: 00007ffd6b013570 R14: 0000000000000000 R15:
0000000000000000
[   62.868106]
[   62.868302] Allocated by task 120:
[   62.868586]  ____kasan_kmalloc+0xb5/0xe0
[   62.868999]  kmem_cache_alloc_trace+0x12d/0x210
[   62.869349]  sco_sock_connect+0x1f7/0x4a0
[   62.869647]  __sys_connect+0x16f/0x1a0
[   62.869944]  __x64_sys_connect+0x38/0x40
[   62.870243]  do_syscall_64+0x43/0x90
[   62.870556]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   62.870883]
[   62.871020] Freed by task 125:
[   62.871192]  kasan_set_track+0x3d/0x70
[   62.871432]  kasan_set_free_info+0x1f/0x40
[   62.871708]  ____kasan_slab_free+0x111/0x150
[   62.871956]  kfree+0xf3/0x2d0
[   62.872208]  hci_conn_hash_flush+0xbf/0x120
[   62.872529]  hci_dev_do_close+0x51a/0x870
[   62.872789]  hci_unregister_dev+0x23a/0xb70
[   62.873054]  vhci_release+0x3f/0x70
[   62.873334]  __fput+0x197/0x360
[   62.873598]  task_work_run+0xc0/0xe0
[   62.873919]  exit_to_user_mode_prepare+0xf0/0x130
[   62.874253]  syscall_exit_to_user_mode+0x20/0x40
[   62.874511]  do_syscall_64+0x52/0x90
[   62.874768]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   62.875160]
[   62.875352] The buggy address belongs to the object at ffff888002478540
[   62.875352]  which belongs to the cache kmalloc-32 of size 32
[   62.875900] The buggy address is located 0 bytes inside of
[   62.875900]  32-byte region [ffff888002478540, ffff888002478560)
[   62.876472] The buggy address belongs to the page:
[   62.876885] page:00000000db13206d refcount:1 mapcount:0
mapping:0000000000000000 index:0x0 pfn:0x2478
[   62.877481] flags: 0x100000000000200(slab|node=0|zone=1)
[   62.878361] raw: 0100000000000200 ffffea0000078d00 0000000e0000000e
ffff888001041500
[   62.878901] raw: 0000000000000000 0000000080400040 00000001ffffffff
0000000000000000
[   62.879313] page dumped because: kasan: bad access detected
[   62.879588]
[   62.879704] Memory state around the buggy address:
[   62.880003]  ffff888002478400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc
fc fc
[   62.880286]  ffff888002478480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc
fc fc
[   62.880532] >ffff888002478500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc
fc fc
[   62.880785]                                            ^
[   62.881199]  ffff888002478580: 00 00 00 00 fc fc fc fc 00 00 00 fc fc fc
fc fc
[   62.881457]  ffff888002478600: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc
fc fc
[   62.881716]
==================================================================
[   62.881991] Disabling lock debugging due to kernel taint
[   62.883072] BUG: unable to handle page fault for address:
fffffbfff22fa79f
[   62.883427] #PF: supervisor read access in kernel mode
[   62.883774] #PF: error_code(0x0000) - not-present page
[   62.884165] PGD 36fd0067 P4D 36fd0067 PUD 36df4067 PMD 0
[   62.884827] Oops: 0000 [#1] SMP KASAN NOPTI
[   62.885132] CPU: 0 PID: 120 Comm: poc.sco.new Tainted: G    B
  5.13.0+ #1
[   62.885528] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.10.2-1ubuntu1 04/01/2014
[   62.885901] RIP: 0010:__asan_store8+0x6c/0xb0
[   62.886184] Code: be 00 00 00 00 00 fc ff df 0f be 14 32 85 d2 74 07 83
e0 07 39 d0 7d 29 c3 48 89 fe 48 c1 ee 03 48 ba 00 00 00 00 00 fc ff df
<80> 3c 16 00 75 11 48 89 c6 48 c1 ee 03 0f be 14 16 85 d2 75 d2 eb
[   62.886853] RSP: 0018:ffff8880030ffbf8 EFLAGS: 00000006
[   62.887244] RAX: ffffffff917d3d02 RBX: 0000000000040000 RCX:
ffffffffba337d86
[   62.887524] RDX: dffffc0000000000 RSI: 1ffffffff22fa79f RDI:
ffffffff917d3cfb
[   62.887855] RBP: 0000000000000030 R08: dffffc0000000000 R09:
0000000000000007
[   62.888162] R10: ffffed100035159c R11: 00000000000000fb R12:
ffffffff917a1b4b
[   62.888476] R13: fffffffffffffff8 R14: ffff888001a8acdc R15:
ffff888036432188
[   62.888838] FS:  00007f9b6c704740(0000) GS:ffff888036400000(0000)
knlGS:0000000000000000
[   62.889331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   62.889908] CR2: fffffbfff22fa79f CR3: 00000000011c0000 CR4:
00000000003006f0
[   62.890341] Call Trace:
[   62.890617]  queued_spin_lock_slowpath+0x286/0x410
[   62.890915]  _raw_spin_lock_irqsave+0x9f/0xb0
[   62.891201]  skb_queue_tail+0x1c/0x90
[   62.891548]  hci_send_sco+0xd6/0x110
[   62.891871]  sco_sock_sendmsg+0x1e1/0x2c0
[   62.892170]  ? sco_sock_getsockopt+0x410/0x410
[   62.892511]  ? inet_send_prepare+0x190/0x190
[   62.892796]  sock_write_iter+0x21b/0x230
[   62.893156]  vfs_write+0x53a/0x5c0
[   62.893533]  ksys_write+0x8b/0x100
[   62.893870]  ? __fpregs_load_activate+0xc2/0x150
[   62.894258]  do_syscall_64+0x43/0x90
[   62.894523]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   62.894929] RIP: 0033:0x7f9b6c8d4abf
[   62.895178] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 fd ff ff
48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05
<48> 3d 00 f0 ff ff 77 2d 44 89 c7 48 89 44 24 08 e8 9c fd ff ff 48
[   62.895930] RSP: 002b:00007ffd6b0133a0 EFLAGS: 00000293 ORIG_RAX:
0000000000000001
[   62.896396] RAX: ffffffffffffffda RBX: 000055be494024e0 RCX:
00007f9b6c8d4abf
[   62.896749] RDX: 0000000000000010 RSI: 00007f9b6c90e000 RDI:
0000000000000005
[   62.897081] RBP: 00007ffd6b013480 R08: 0000000000000000 R09:
00007f9b6c703700
[   62.897430] R10: 00007f9b6c7039d0 R11: 0000000000000293 R12:
000055be49400d10
[   62.897814] R13: 00007ffd6b013570 R14: 0000000000000000 R15:
0000000000000000
[   62.898239] Modules linked in:
[   62.898623] CR2: fffffbfff22fa79f
[   62.899350] ---[ end trace e705e323d4c8b589 ]---
[   62.899645] RIP: 0010:__asan_store8+0x6c/0xb0
[   62.899918] Code: be 00 00 00 00 00 fc ff df 0f be 14 32 85 d2 74 07 83
e0 07 39 d0 7d 29 c3 48 89 fe 48 c1 ee 03 48 ba 00 00 00 00 00 fc ff df
<80> 3c 16 00 75 11 48 89 c6 48 c1 ee 03 0f be 14 16 85 d2 75 d2 eb
[   62.900625] RSP: 0018:ffff8880030ffbf8 EFLAGS: 00000006
[   62.900997] RAX: ffffffff917d3d02 RBX: 0000000000040000 RCX:
ffffffffba337d86
[   62.901276] RDX: dffffc0000000000 RSI: 1ffffffff22fa79f RDI:
ffffffff917d3cfb
[   62.901700] RBP: 0000000000000030 R08: dffffc0000000000 R09:
0000000000000007
[   62.902083] R10: ffffed100035159c R11: 00000000000000fb R12:
ffffffff917a1b4b
[   62.902496] R13: fffffffffffffff8 R14: ffff888001a8acdc R15:
ffff888036432188
[   62.902820] FS:  00007f9b6c704740(0000) GS:ffff888036400000(0000)
knlGS:0000000000000000
[   62.903228] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   62.903566] CR2: fffffbfff22fa79f CR3: 00000000011c0000 CR4:
00000000003006f0

=*=*=*=*=*=*=*=*=  BUG REPRODUCE  =*=*=*=*=*=*=*=*=

As above introduced, this race condition is highly controllable with
userfaultfd techniques.

The attacker has to fake an SCO connection and then calls
sco_sock_sendmsg() with the expected controllable faulting page.
After that, the attacker just needs to detach the controller to call
sco_conn_del().

The calling trace is:

hci_unregister_dev() -> hci_dev_do_close() -> hci_conn_hash_flush() ->
hci_disconn_cfm() ->
sco_disconn_cfm() -> sco_conn_del().

You can refer to the provided POC code for the details.

=*=*=*=*=*=*=*=*=  Timeline  =*=*=*=*=*=*=*=*=

2021-07-08: Bug reported to security@kernel.org and
linux-distros@vs.openwall.org
2021-07-09: CVE-2021-3640 is assigned
2021-07-22: 14 days of the embargo is over

One sad thing is that the bluez team is currently focused on fixing up the
CVE-2021-3573, which I failed to properly patched, and the patch for this
new is not yet fully discussed.
I hope the patch will be settled down and merged to the mainline in the
near future.

=*=*=*=*=*=*=*=*=  Credt  =*=*=*=*=*=*=*=*=
LinMa@BlockSec Team

Best Regards
Comment 7 Petr Mladek 2021-07-23 13:30:09 UTC 
This seems to be kind of blocked by the still ongoing discussion about the proper  fix for the related CVE-2021-3573. The original fix introcuded busy waiting for a sleeping lock (taking sleeping lock under a spin lock) which was not a good idea.

See https://lore.kernel.org/linux-bluetooth/20210627131134.5434-1-penguin-kernel@I-love.SAKURA.ne.jp/

I see teentative fix for the sleeping problem in linux-next ("Bluetooth: call lock_sock() outside of spinlock section"). But it is Signed-off only by Tetsuo so that it has not yet been aproved by an official maintainer.
Comment 8 Takashi Iwai 2021-07-23 13:36:09 UTC 
(In reply to Petr Mladek from comment #7)
> This seems to be kind of blocked by the still ongoing discussion about the
> proper  fix for the related CVE-2021-3573. The original fix introcuded busy
> waiting for a sleeping lock (taking sleeping lock under a spin lock) which
> was not a good idea.
> 
> See
> https://lore.kernel.org/linux-bluetooth/20210627131134.5434-1-penguin-
> kernel@I-love.SAKURA.ne.jp/
> 
> I see teentative fix for the sleeping problem in linux-next ("Bluetooth:
> call lock_sock() outside of spinlock section"). But it is Signed-off only by
> Tetsuo so that it has not yet been aproved by an official maintainer.

Right, let's wait for the upstream resolution.
Comment 11 Takashi Iwai 2021-08-16 10:55:04 UTC 
It seems that at least three patches are relevant for addressing this bug.

Already in Linus tree:
e04480920d1eec9c061841399aa6f35b6f987d8b
  Bluetooth: defer cleanup of resources in hci_unregister_dev()

Two recent fixes in bluetooth tree:
734bc5ff783115aa3164f4e9dd5967ae78e0a8ab
  Bluetooth: avoid circular locks in sco_sock_connect
27c24fda62b601d6f9ca5e992502578c4310876f
  Bluetooth: switch to lock_sock in SCO

After applying those, the NULL dereference and the lockdep error are gone.
However, syzkaller still catches below:

[   23.226767][    T7] Bluetooth: hci0: command 0x0419 tx timeout
[  284.985881][ T1529] INFO: task poc:7603 blocked for more than 143 seconds.
[  284.989134][ T1529]       Not tainted 5.13.0-rc4+ #48
[  284.990098][ T1529] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  284.991705][ T1529] task:poc             state:D stack:13784 pid: 7603 ppid:  7593 flags:0x00000000
[  284.993414][ T1529] Call Trace:
[  284.994025][ T1529]  __schedule+0x32e/0xb90
[  284.994842][ T1529]  ? __local_bh_enable_ip+0x72/0xe0
[  284.995987][ T1529]  schedule+0x38/0xe0
[  284.996723][ T1529]  __lock_sock+0xa1/0x130
[  284.997434][ T1529]  ? finish_wait+0x80/0x80
[  284.998150][ T1529]  lock_sock_nested+0x9f/0xb0
[  284.998914][ T1529]  sco_conn_del+0xb1/0x1a0
[  284.999619][ T1529]  ? sco_conn_del+0x1a0/0x1a0
[  285.000361][ T1529]  sco_disconn_cfm+0x3a/0x60
[  285.001116][ T1529]  hci_conn_hash_flush+0x95/0x130
[  285.001921][ T1529]  hci_dev_do_close+0x298/0x680
[  285.002687][ T1529]  ? up_write+0x12/0x130
[  285.003367][ T1529]  ? vhci_close_dev+0x20/0x20
[  285.004107][ T1529]  hci_unregister_dev+0x9f/0x240
[  285.004886][ T1529]  vhci_release+0x35/0x70
[  285.005602][ T1529]  __fput+0xdf/0x360
[  285.006225][ T1529]  task_work_run+0x86/0xd0
[  285.006927][ T1529]  exit_to_user_mode_prepare+0x267/0x270
[  285.007824][ T1529]  syscall_exit_to_user_mode+0x19/0x60
[  285.008694][ T1529]  do_syscall_64+0x42/0xa0
[  285.009393][ T1529]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  285.010321][ T1529] RIP: 0033:0x4065c7

It's because the code path is blocked at the schedule() call in lock_sock() while it's blocked unlimitedly by another thread with userfaultd handling.

For addressing this, we might need to go out of schedule() with a timeout, e.g.
the below one-liner already fixes it:

--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2531,7 +2531,7 @@ void __lock_sock(struct sock *sk)
                prepare_to_wait_exclusive(&sk->sk_lock.wq, &wait,
                                        TASK_UNINTERRUPTIBLE);
                spin_unlock_bh(&sk->sk_lock.slock);
-               schedule();
+               schedule_timeout(msecs_to_jiffies(10 * 1000));
                spin_lock_bh(&sk->sk_lock.slock);
                if (!sock_owned_by_user(sk))
                        break;

In anyway, now I backported the three patches above to SLE15-SP2, cve/linux-4.12 and cve/linux-4.4 branches.

I believe we can leave the rest older branches: the userfaultd technique isn't available on those old kernels, and the BT must be very rarely used (if any), while the patch adaption would need quite many intrusive changes.  So it won't be worth backporting with a risk of breakage.
Comment 14 Takashi Iwai 2021-09-01 13:52:47 UTC 
I submitted a proper fix to the upstream, and now it's accepted in bluetooth-next tree, commit 99c23da0eed4fd20cae8243f2b51e10e66aa0951.

Will backport to the relevant branches.
Comment 15 Takashi Iwai 2021-09-01 14:25:19 UTC 
The fix was backported to stable, SLE15-SP4, SLE15-SP2, cve/linux-4.12, cve/linux-4.0 and cve/linux-3.0 branches.  The older branches are not really affected by this bug.
(actually 3.0 is also not affected by userfaultd, but the fix is still valid, so I applied it.)

Reassigned back to security team.
Comment 18 OBSbugzilla Bot 2021-09-08 08:42:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1188172) was mentioned in
https://build.opensuse.org/request/show/917444 15.2 / kernel-source
Comment 19 Takashi Iwai 2021-09-08 12:40:56 UTC 
Nicolai suggested that the commit ba316be1b6a0 may be missing before the commit 27c24fda62b6.  I backported and refreshed accordingly on relevant branches (master/stable, SLE15-SP4, SLE15-SP2, cve/linux-4.12, cve/linux-4.4).
Comment 27 OBSbugzilla Bot 2021-09-14 00:42:28 UTC 
This is an autogenerated message for OBS integration:
This bug (1188172) was mentioned in
https://build.opensuse.org/request/show/918786 15.2 / kernel-source
Comment 32 Swamp Workflow Management 2021-09-15 19:30:53 UTC 
# maintenance_jira_update_notice
openSUSE-SU-2021:1271-1: An update that solves 15 vulnerabilities and has 92 fixes is now available.

Category: security (important)
Bug References: 1040364,1124431,1127650,1135481,1152489,1160010,1167032,1168202,1171420,1174969,1175052,1175543,1177399,1180141,1180347,1181006,1181148,1181972,1184114,1184180,1185675,1186731,1187211,1187455,1187468,1187619,1188067,1188172,1188418,1188439,1188616,1188878,1188885,1188924,1188982,1188983,1188985,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189229,1189262,1189291,1189292,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189399,1189400,1189427,1189449,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189832,1189841,1189870,1189883,1190022,1190025,1190115,1190117,1190131,1190181,1190358,1190412,1190428
CVE References: CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38207
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.92.2, kernel-default-5.3.18-lp152.92.2, kernel-default-base-5.3.18-lp152.92.2.lp152.8.42.3, kernel-docs-5.3.18-lp152.92.1, kernel-kvmsmall-5.3.18-lp152.92.2, kernel-obs-build-5.3.18-lp152.92.2, kernel-obs-qa-5.3.18-lp152.92.1, kernel-preempt-5.3.18-lp152.92.2, kernel-source-5.3.18-lp152.92.2, kernel-syms-5.3.18-lp152.92.1
Comment 39 Swamp Workflow Management 2021-09-21 19:22:15 UTC 
# maintenance_jira_update_notice
SUSE-SU-2021:3177-1: An update that solves 16 vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1167032,1168202,1174969,1175052,1175543,1177399,1180141,1180347,1181148,1181972,1184114,1184180,1185675,1185902,1186264,1186731,1187211,1187455,1187468,1187619,1188067,1188172,1188418,1188439,1188616,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189229,1189262,1189291,1189292,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189399,1189400,1189427,1189449,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189832,1189841,1189870,1189883,1190025,1190115,1190117,1190131,1190181
CVE References: CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38207
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-5.3.18-51.2
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-51.2, kernel-rt_debug-5.3.18-51.2, kernel-source-rt-5.3.18-51.1, kernel-syms-rt-5.3.18-51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Swamp Workflow Management 2021-09-21 19:50:17 UTC 
# maintenance_jira_update_notice
SUSE-SU-2021:3178-1: An update that solves 16 vulnerabilities and has 94 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1174969,1175052,1175543,1177399,1180141,1180347,1181148,1181972,1184180,1186264,1186731,1187211,1187455,1187468,1187619,1188067,1188172,1188418,1188439,1188616,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189229,1189262,1189278,1189291,1189292,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189832,1189841,1189870,1189883,1190025,1190115,1190117,1190131,1190181
CVE References: CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38207
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.66.2, kernel-source-azure-5.3.18-18.66.1, kernel-syms-azure-5.3.18-18.66.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2021-09-21 20:05:49 UTC 
# maintenance_jira_update_notice
openSUSE-SU-2021:3179-1: An update that solves 20 vulnerabilities and has 107 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189696,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.22.2, kernel-source-azure-5.3.18-38.22.1, kernel-syms-azure-5.3.18-38.22.1
Comment 42 Swamp Workflow Management 2021-09-21 20:30:27 UTC 
# maintenance_jira_update_notice
SUSE-SU-2021:3179-1: An update that solves 20 vulnerabilities and has 107 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189696,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.22.2, kernel-source-azure-5.3.18-38.22.1, kernel-syms-azure-5.3.18-38.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Swamp Workflow Management 2021-09-22 19:26:13 UTC 
SUSE-SU-2021:3192-1: An update that solves 13 vulnerabilities and has 39 fixes is now available.

Category: security (important)
Bug References: 1040364,1108488,1114648,1127650,1129898,1133374,1183050,1183983,1185902,1185973,1187076,1188000,1188172,1188439,1188616,1188885,1188982,1189057,1189262,1189268,1189269,1189270,1189271,1189272,1189291,1189301,1189384,1189385,1189392,1189399,1189400,1189505,1189506,1189562,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189577,1189579,1189581,1189582,1189639,1189640,1189706,1189846,1190025,1190115,1190117
CVE References: CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.73.2, kernel-source-azure-4.12.14-16.73.1, kernel-syms-azure-4.12.14-16.73.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Swamp Workflow Management 2021-09-23 19:20:56 UTC 
SUSE-SU-2021:3206-1: An update that solves 16 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1040364,1108488,1114648,1127650,1129898,1133374,1136513,1171420,1183050,1183983,1185902,1185973,1187076,1188172,1188439,1188616,1188885,1188982,1188983,1188985,1189057,1189262,1189268,1189269,1189270,1189271,1189272,1189291,1189301,1189384,1189385,1189392,1189399,1189400,1189505,1189506,1189562,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189577,1189579,1189581,1189582,1189639,1189640,1189706,1189846,1190022,1190025,1190115,1190117
CVE References: CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.88.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.88.1, kernel-obs-build-4.12.14-122.88.2
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.88.1, kernel-source-4.12.14-122.88.1, kernel-syms-4.12.14-122.88.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.88.1, kgraft-patch-SLE12-SP5_Update_23-1-8.5.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.88.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Swamp Workflow Management 2021-09-23 19:35:26 UTC 
SUSE-SU-2021:3217-1: An update that solves 16 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1040364,1108488,1114648,1127650,1129898,1133374,1136513,1171420,1183050,1183983,1185902,1185973,1187076,1188172,1188439,1188616,1188885,1188982,1188983,1188985,1189057,1189262,1189268,1189269,1189270,1189271,1189272,1189291,1189301,1189384,1189385,1189392,1189399,1189400,1189505,1189506,1189562,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189577,1189579,1189581,1189582,1189639,1189640,1189706,1189846,1190022,1190025,1190115,1190117
CVE References: CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.57.2, kernel-rt_debug-4.12.14-10.57.2, kernel-source-rt-4.12.14-10.57.1, kernel-syms-rt-4.12.14-10.57.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 47 Swamp Workflow Management 2021-09-23 19:47:09 UTC 
SUSE-SU-2021:3205-1: An update that solves 20 vulnerabilities and has 106 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.24.1, kernel-preempt-5.3.18-59.24.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.24.1, kernel-livepatch-SLE15-SP3_Update_6-1-7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.24.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.24.1, kernel-obs-build-5.3.18-59.24.1, kernel-preempt-5.3.18-59.24.1, kernel-source-5.3.18-59.24.1, kernel-syms-5.3.18-59.24.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.24.1, kernel-default-5.3.18-59.24.1, kernel-default-base-5.3.18-59.24.1.18.12.1, kernel-preempt-5.3.18-59.24.1, kernel-source-5.3.18-59.24.1, kernel-zfcpdump-5.3.18-59.24.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 48 Swamp Workflow Management 2021-09-23 20:05:48 UTC 
openSUSE-SU-2021:3205-1: An update that solves 20 vulnerabilities and has 106 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-59.24.1, kernel-64kb-5.3.18-59.24.1, kernel-debug-5.3.18-59.24.1, kernel-default-5.3.18-59.24.1, kernel-default-base-5.3.18-59.24.1.18.12.1, kernel-docs-5.3.18-59.24.1, kernel-kvmsmall-5.3.18-59.24.1, kernel-obs-build-5.3.18-59.24.1, kernel-obs-qa-5.3.18-59.24.1, kernel-preempt-5.3.18-59.24.1, kernel-source-5.3.18-59.24.1, kernel-syms-5.3.18-59.24.1, kernel-zfcpdump-5.3.18-59.24.1
Comment 49 Swamp Workflow Management 2021-09-23 20:22:56 UTC 
SUSE-SU-2021:3207-1: An update that solves 16 vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1167032,1168202,1174969,1175052,1175543,1177399,1180141,1180347,1181148,1181972,1184114,1184180,1185675,1185902,1186264,1186731,1187211,1187455,1187468,1187619,1188067,1188172,1188418,1188439,1188616,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189229,1189262,1189291,1189292,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189399,1189400,1189427,1189449,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189832,1189841,1189870,1189883,1190025,1190115,1190117,1190131,1190181
CVE References: CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38207
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.83.2, kernel-default-base-5.3.18-24.83.2.9.38.3
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.83.2, kernel-preempt-5.3.18-24.83.2
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.83.2, kernel-livepatch-SLE15-SP2_Update_19-1-5.3.4
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.83.2
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.83.2, kernel-obs-build-5.3.18-24.83.2, kernel-preempt-5.3.18-24.83.2, kernel-source-5.3.18-24.83.1, kernel-syms-5.3.18-24.83.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.83.2, kernel-default-base-5.3.18-24.83.2.9.38.3, kernel-preempt-5.3.18-24.83.2, kernel-source-5.3.18-24.83.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.83.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 51 Swamp Workflow Management 2021-10-13 13:26:40 UTC 
SUSE-SU-2021:3205-2: An update that solves 20 vulnerabilities and has 106 fixes is now available.

Category: security (important)
Bug References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1190412,1190413,1190428
CVE References: CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    kernel-default-5.3.18-59.24.1, kernel-default-base-5.3.18-59.24.1.18.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 52 Swamp Workflow Management 2021-10-13 16:23:14 UTC 
SUSE-SU-2021:3415-1: An update that solves 18 vulnerabilities and has 119 fixes is now available.

Category: security (important)
Bug References: 1065729,1124431,1127650,1135481,1148868,1152489,1154353,1159886,1167032,1167773,1168202,1170774,1171420,1171688,1173746,1174003,1175543,1176447,1176940,1177028,1177399,1178134,1180141,1180347,1181006,1181972,1184114,1184439,1184611,1184804,1185302,1185550,1185675,1185677,1185726,1185762,1185898,1187211,1187455,1187591,1187619,1188067,1188172,1188270,1188412,1188418,1188439,1188616,1188651,1188694,1188700,1188878,1188924,1188983,1188985,1188986,1189153,1189225,1189257,1189262,1189297,1189301,1189399,1189400,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189696,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1189884,1190022,1190023,1190025,1190062,1190115,1190117,1190131,1190138,1190159,1190181,1190358,1190406,1190412,1190413,1190428,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292,859220
CVE References: CVE-2020-12770,CVE-2020-3702,CVE-2021-34556,CVE-2021-35477,CVE-2021-3653,CVE-2021-3656,CVE-2021-3669,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-3759,CVE-2021-3764,CVE-2021-38160,CVE-2021-38198,CVE-2021-40490
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    kernel-rt-5.3.18-57.1
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-57.1, kernel-rt_debug-5.3.18-57.1, kernel-source-rt-5.3.18-57.1, kernel-syms-rt-5.3.18-57.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 68 Swamp Workflow Management 2021-12-01 20:24:24 UTC 
SUSE-SU-2021:14849-1: An update that solves 17 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1183089,1184673,1186109,1187050,1187215,1188172,1188563,1188601,1188876,1189057,1189262,1189399,1190117,1190351,1191315,1191660,1191958,1192036,1192267,904899,905100
CVE References: CVE-2014-7841,CVE-2020-36385,CVE-2021-20265,CVE-2021-33033,CVE-2021-3542,CVE-2021-3609,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3679,CVE-2021-37159,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.132.1, kernel-default-3.0.101-108.132.1, kernel-ec2-3.0.101-108.132.1, kernel-pae-3.0.101-108.132.1, kernel-ppc64-3.0.101-108.132.1, kernel-source-3.0.101-108.132.1, kernel-syms-3.0.101-108.132.1, kernel-trace-3.0.101-108.132.1, kernel-xen-3.0.101-108.132.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.132.1, kernel-pae-3.0.101-108.132.1, kernel-ppc64-3.0.101-108.132.1, kernel-trace-3.0.101-108.132.1, kernel-xen-3.0.101-108.132.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.132.1, kernel-default-3.0.101-108.132.1, kernel-ec2-3.0.101-108.132.1, kernel-pae-3.0.101-108.132.1, kernel-ppc64-3.0.101-108.132.1, kernel-trace-3.0.101-108.132.1, kernel-xen-3.0.101-108.132.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 69 Swamp Workflow Management 2021-12-02 11:23:00 UTC 
openSUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-197.102.2, kernel-default-4.12.14-197.102.2, kernel-kvmsmall-4.12.14-197.102.2, kernel-vanilla-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2
Comment 70 Swamp Workflow Management 2021-12-02 11:35:15 UTC 
SUSE-SU-2021:3876-1: An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available.

Category: security (important)
Bug References: 1100416,1108488,1129735,1129898,1133374,1136513,1171420,1176724,1177666,1181158,1184673,1184804,1185377,1185726,1185758,1185973,1186078,1186109,1186390,1186482,1186672,1188062,1188063,1188172,1188563,1188601,1188616,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190159,1190276,1190349,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191349,1191457,1191628,1191790,1191800,1191888,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2020-4788,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-33909,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: SLE-22573
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2, kernel-zfcpdump-4.12.14-197.102.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.102.2, kernel-livepatch-SLE15-SP1_Update_27-1-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.102.2
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.102.2, kernel-docs-4.12.14-197.102.2, kernel-obs-build-4.12.14-197.102.1, kernel-source-4.12.14-197.102.2, kernel-syms-4.12.14-197.102.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 71 Swamp Workflow Management 2021-12-06 14:36:35 UTC 
SUSE-SU-2021:3929-1: An update that solves 36 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1068032,1087082,1098425,1100416,1119934,1129735,1171217,1171420,1173346,1176724,1183089,1184673,1186109,1186390,1188172,1188325,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189706,1190023,1190025,1190067,1190117,1190159,1190276,1190349,1190351,1190601,1191193,1191315,1191790,1191958,1191961,1192781,802154
CVE References: CVE-2017-5753,CVE-2018-13405,CVE-2018-16882,CVE-2020-0429,CVE-2020-12655,CVE-2020-14305,CVE-2020-3702,CVE-2021-20265,CVE-2021-20322,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-3896,CVE-2021-40490,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.161.1, kernel-source-4.4.121-92.161.1, kernel-syms-4.4.121-92.161.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 72 Swamp Workflow Management 2021-12-06 18:14:49 UTC 
SUSE-SU-2021:3935-1: An update that solves 38 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1073928,1098425,1100416,1119934,1129735,1171217,1171420,1173346,1176724,1177666,1181158,1181854,1181855,1183089,1184673,1185726,1185727,1185758,1185973,1186109,1186390,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189278,1189291,1189399,1189420,1189706,1190022,1190023,1190025,1190067,1190117,1190159,1190194,1190349,1190351,1190601,1190717,1191193,1191315,1191790,1191801,1191958,1191961,1192267,1192400,1192775,1192781
CVE References: CVE-2017-17862,CVE-2017-17864,CVE-2018-13405,CVE-2018-16882,CVE-2020-0429,CVE-2020-12655,CVE-2020-14305,CVE-2020-3702,CVE-2020-4788,CVE-2021-20265,CVE-2021-20322,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-3896,CVE-2021-40490,CVE-2021-42008,CVE-2021-42739,CVE-2021-43389
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.150.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.150.1, kernel-source-4.4.180-94.150.1, kernel-syms-4.4.180-94.150.1, kgraft-patch-SLE12-SP3_Update_41-1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 73 Swamp Workflow Management 2021-12-07 20:23:16 UTC 
SUSE-SU-2021:3969-1: An update that solves 37 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 1085235,1085308,1087078,1087082,1100394,1102640,1105412,1108488,1129898,1133374,1171420,1173489,1174161,1181854,1184804,1185377,1185726,1185758,1186109,1186482,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190117,1190159,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191790,1191800,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802
CVE References: CVE-2018-3639,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20320,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1, kernel-zfcpdump-4.12.14-150.78.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.78.1, kernel-livepatch-SLE15_Update_26-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.78.1, kernel-docs-4.12.14-150.78.2, kernel-obs-build-4.12.14-150.78.2, kernel-source-4.12.14-150.78.1, kernel-syms-4.12.14-150.78.1, kernel-vanilla-4.12.14-150.78.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.78.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 74 Swamp Workflow Management 2021-12-08 14:21:20 UTC 
SUSE-SU-2021:3972-1: An update that solves 40 vulnerabilities and has 47 fixes is now available.

Category: security (important)
Bug References: 1087082,1100416,1108488,1129735,1129898,1133374,1153720,1171420,1176724,1176931,1180624,1181854,1181855,1183050,1183861,1184673,1184804,1185377,1185677,1185726,1185727,1185758,1185973,1186063,1186482,1186483,1186672,1188026,1188172,1188563,1188601,1188613,1188838,1188842,1188876,1188983,1188985,1189057,1189262,1189278,1189291,1189399,1189400,1189418,1189420,1189706,1189846,1189884,1190023,1190025,1190067,1190115,1190117,1190118,1190159,1190276,1190349,1190350,1190351,1190432,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191318,1191529,1191530,1191628,1191660,1191790,1191801,1191813,1191961,1192036,1192045,1192048,1192267,1192379,1192400,1192444,1192549,1192775,1192781,1192802
CVE References: CVE-2018-13405,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-0429,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-34556,CVE-2021-34981,CVE-2021-3542,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-3715,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3759,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.83.2, kernel-source-4.12.14-95.83.2, kernel-syms-4.12.14-95.83.2
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.83.2, kgraft-patch-SLE12-SP4_Update_23-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.83.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 75 Marcus Meissner 2022-01-25 16:41:38 UTC 
released