Bug 1197343 (CVE-2022-1011) - VUL-0: CVE-2022-1011: kernel-source-azure,kernel-source-rt,kernel-source: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes
Summary: VUL-0: CVE-2022-1011: kernel-source-azure,kernel-source-rt,kernel-source: FUS...
Status: RESOLVED FIXED
Alias: CVE-2022-1011
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/326653/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-1011:7.0:(AV:L...
Keywords:
Depends on:
Blocks: 1197344
  Show dependency treegraph
 
Reported: 2022-03-21 12:19 UTC by Thomas Leroy
Modified: 2024-06-25 16:43 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-03-21 12:19:07 UTC 
rh#2064855

A flaw in the Linux Kernel found.
If unprivileged users can mount FUSE filesystems, then can trigger use after free (UAF) that reads of write() buffers, allowing theft of (partial) /etc/shadow hashes or any other data from filesystem.

FUSE allows the userspace filesystem to specify on FUSE_OPEN whether the
file should use the normal kernel pagecache for handling read()/write() or
just send FUSE_READ/FUSE_WRITE requests directly to the userspace filesystem
(using the flag FOPEN_DIRECT_IO in fuse_open_out::open_flags).

In FOPEN_DIRECT_IO mode, fuse_file_write_iter() calls
fuse_direct_write_iter(), which normally calls fuse_direct_io(),
which then imports the write buffer with fuse_get_user_pages(),
which uses iov_iter_get_pages() to grab references to userspace pages
instead of actually copying memory.

On the filesystem device side, these pages can then either be read to
userspace (via fuse_dev_read()), or splice()d over into a pipe using
fuse_dev_splice_read() as pipe buffers with &nosteal_pipe_buf_ops.

This is wrong because after fuse_dev_do_read() unlocks the FUSE
request, the userspace filesystem can mark the request as completed,
causing write() to return. At that point, the write buffer may be
reused for other purposes, and the userspace filesystem should no
longer have access to it.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2064855
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1011
https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT/
Comment 1 Thomas Leroy 2022-03-21 12:26:02 UTC 
The fixing commit [0] is only present on stable branch. However, the following branches contain the commit introducing the bug [1]:
- SLE12-SP5
- SLE15-SP3
- SLE15-SP4-GA
- cve/linux-3.0
- cve/linux-4.12
- cve/linux-4.4
- cve/linux-5.3

The branches mentioned above are therefore affected.

[0] https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next&id=0c4bcfdecb1ac0967619ee7ff44871d93c08c909
[1] https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next&id=c3021629a0d8
Comment 8 Swamp Workflow Management 2022-04-12 16:26:25 UTC 
SUSE-SU-2022:1163-1: An update that solves 25 vulnerabilities and has 33 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194589,1194625,1194649,1194943,1195051,1195353,1195640,1195926,1196018,1196130,1196196,1196478,1196488,1196761,1196823,1196956,1197227,1197243,1197245,1197300,1197302,1197331,1197343,1197366,1197389,1197460,1197462,1197501,1197534,1197661,1197675,1197677,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1198027,1198028,1198029,1198030,1198031,1198032,1198033,1198077
CVE References: CVE-2021-39698,CVE-2021-45402,CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-27223,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.53.1, kernel-source-azure-5.3.18-150300.38.53.1, kernel-syms-azure-5.3.18-150300.38.53.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.53.1, kernel-source-azure-5.3.18-150300.38.53.1, kernel-syms-azure-5.3.18-150300.38.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Luis Henriques 2022-04-13 13:15:11 UTC 
Backported to all the relevant kernels.  Reassigning to security team.
Comment 10 Swamp Workflow Management 2022-04-13 19:22:34 UTC 
SUSE-SU-2022:1183-1: An update that solves 15 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194649,1195640,1195926,1196018,1196196,1196478,1196761,1196823,1197227,1197243,1197300,1197302,1197331,1197343,1197366,1197389,1197462,1197501,1197534,1197661,1197675,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1197914,1198027,1198028,1198029,1198030,1198031,1198032,1198033
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.63.1, kernel-64kb-5.3.18-150300.59.63.1, kernel-debug-5.3.18-150300.59.63.1, kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1, kernel-docs-5.3.18-150300.59.63.1, kernel-kvmsmall-5.3.18-150300.59.63.1, kernel-obs-build-5.3.18-150300.59.63.1, kernel-obs-qa-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-syms-5.3.18-150300.59.63.1, kernel-zfcpdump-5.3.18-150300.59.63.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-livepatch-SLE15-SP3_Update_17-1-150300.7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.63.1, kernel-obs-build-5.3.18-150300.59.63.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-syms-5.3.18-150300.59.63.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.63.1, kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1, kernel-preempt-5.3.18-150300.59.63.1, kernel-source-5.3.18-150300.59.63.1, kernel-zfcpdump-5.3.18-150300.59.63.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.63.1, kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.63.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2022-04-26 16:21:34 UTC 
SUSE-SU-2022:1407-1: An update that solves 15 vulnerabilities and has 34 fixes is now available.

Category: security (important)
Bug References: 1065729,1156395,1175667,1177028,1178134,1179639,1180153,1189562,1194625,1194649,1195640,1195926,1196018,1196196,1196478,1196761,1196823,1197227,1197243,1197300,1197302,1197331,1197343,1197366,1197389,1197462,1197501,1197534,1197661,1197675,1197677,1197702,1197811,1197812,1197815,1197817,1197819,1197820,1197888,1197889,1197894,1198027,1198028,1198029,1198030,1198031,1198032,1198033,1198077
CVE References: CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1011,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1205,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.85.1, kernel-rt_debug-5.3.18-150300.85.1, kernel-source-rt-5.3.18-150300.85.1, kernel-syms-rt-5.3.18-150300.85.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.85.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.85.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2022-05-12 19:18:05 UTC 
SUSE-SU-2022:1651-1: An update that solves 13 vulnerabilities and has 20 fixes is now available.

Category: security (important)
Bug References: 1028340,1065729,1071995,1084513,1114648,1121726,1129770,1137728,1172456,1183723,1187055,1191647,1191958,1194625,1196018,1196247,1196657,1196901,1197075,1197343,1197663,1197888,1197914,1198217,1198228,1198400,1198413,1198516,1198660,1198687,1198742,1198825,1199012
CVE References: CVE-2018-7755,CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-43389,CVE-2022-1011,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-23960,CVE-2022-28748
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.97.1, kernel-source-azure-4.12.14-16.97.1, kernel-syms-azure-4.12.14-16.97.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Swamp Workflow Management 2022-05-16 13:27:18 UTC 
SUSE-SU-2022:1668-1: An update that solves 13 vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 1028340,1071995,1084513,1114648,1121726,1129770,1137728,1172456,1183723,1187055,1191647,1191958,1194625,1195651,1196018,1196247,1197075,1197343,1197391,1197663,1197888,1197914,1198217,1198413,1198516,1198687,1198742,1198825,1198989,1199012
CVE References: CVE-2018-7755,CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-43389,CVE-2022-1011,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.89.1, kernel-rt_debug-4.12.14-10.89.1, kernel-source-rt-4.12.14-10.89.1, kernel-syms-rt-4.12.14-10.89.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Swamp Workflow Management 2022-05-16 16:28:25 UTC 
SUSE-SU-2022:1686-1: An update that solves 13 vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1028340,1071995,1084513,1114648,1121726,1129770,1137728,1172456,1183723,1187055,1191647,1191958,1194625,1196018,1196247,1197075,1197343,1197391,1197663,1197888,1197914,1198217,1198413,1198516,1198687,1198742,1198825,1198989,1199012
CVE References: CVE-2018-7755,CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-43389,CVE-2022-1011,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.121.2
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.121.2, kernel-obs-build-4.12.14-122.121.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.121.2, kernel-source-4.12.14-122.121.2, kernel-syms-4.12.14-122.121.2
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.121.2, kgraft-patch-SLE12-SP5_Update_31-1-8.5.2
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.121.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 47 Swamp Workflow Management 2022-06-14 22:18:21 UTC 
SUSE-SU-2022:2077-1: An update that solves 29 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1055710,1065729,1084513,1087082,1126703,1158266,1173265,1182171,1183646,1183723,1187055,1191647,1196426,1197343,1198031,1198032,1198516,1198577,1198660,1198687,1198742,1199012,1199063,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2018-20784,CVE-2018-7755,CVE-2019-19377,CVE-2020-10769,CVE-2021-20292,CVE-2021-20321,CVE-2021-28688,CVE-2021-33061,CVE-2021-38208,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-28388,CVE-2022-28390,CVE-2022-30594
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.175.2, kernel-source-4.4.121-92.175.2, kernel-syms-4.4.121-92.175.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 48 Swamp Workflow Management 2022-06-14 22:26:21 UTC 
SUSE-SU-2022:2082-1: An update that solves 29 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1051510,1055710,1065729,1084513,1087082,1126703,1158266,1173265,1182171,1183646,1183723,1187055,1191647,1195651,1196426,1197343,1198031,1198032,1198516,1198577,1198660,1198687,1198742,1198962,1198997,1199012,1199063,1199314,1199426,1199505,1199507,1199605,1199650,1199785,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2018-20784,CVE-2018-7755,CVE-2019-19377,CVE-2020-10769,CVE-2021-20292,CVE-2021-20321,CVE-2021-28688,CVE-2021-33061,CVE-2021-38208,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-28388,CVE-2022-28390,CVE-2022-30594
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.164.3
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.164.3, kernel-source-4.4.180-94.164.2, kernel-syms-4.4.180-94.164.2, kgraft-patch-SLE12-SP3_Update_45-1-4.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 49 Swamp Workflow Management 2022-06-15 01:17:58 UTC 
SUSE-SU-2022:2083-1: An update that solves 19 vulnerabilities, contains one feature and has 10 fixes is now available.

Category: security (important)
Bug References: 1028340,1065729,1071995,1114648,1172456,1182171,1183723,1187055,1191647,1191958,1195651,1196426,1197099,1197219,1197343,1198400,1198516,1198660,1198687,1198742,1198825,1199012,1199063,1199314,1199399,1199426,1199505,1199605,1199650
CVE References: CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-33061,CVE-2021-38208,CVE-2021-39711,CVE-2021-43389,CVE-2022-1011,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1734,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594
JIRA References: SLE-24124
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.99.3, kernel-source-4.12.14-95.99.2, kernel-syms-4.12.14-95.99.2
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.99.3, kernel-source-4.12.14-95.99.2, kernel-syms-4.12.14-95.99.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.99.3, kernel-source-4.12.14-95.99.2, kernel-syms-4.12.14-95.99.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.99.3, kernel-source-4.12.14-95.99.2, kernel-syms-4.12.14-95.99.2
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.99.3, kgraft-patch-SLE12-SP4_Update_27-1-6.3.3
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.99.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 50 Swamp Workflow Management 2022-06-16 19:18:18 UTC 
SUSE-SU-2022:2103-1: An update that solves 26 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1028340,1055710,1071995,1087082,1114648,1158266,1172456,1183723,1187055,1191647,1191958,1195651,1196367,1196426,1197219,1197343,1198400,1198516,1198577,1198687,1198742,1198776,1198825,1199012,1199063,1199314,1199399,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2019-19377,CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-33061,CVE-2021-38208,CVE-2021-39711,CVE-2021-43389,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-30594
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.92.2, kernel-docs-4.12.14-150000.150.92.2, kernel-obs-build-4.12.14-150000.150.92.2, kernel-source-4.12.14-150000.150.92.2, kernel-syms-4.12.14-150000.150.92.2, kernel-vanilla-4.12.14-150000.150.92.2
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.92.2, kernel-docs-4.12.14-150000.150.92.2, kernel-obs-build-4.12.14-150000.150.92.2, kernel-source-4.12.14-150000.150.92.2, kernel-syms-4.12.14-150000.150.92.2, kernel-vanilla-4.12.14-150000.150.92.2, kernel-zfcpdump-4.12.14-150000.150.92.2
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.92.2, kernel-livepatch-SLE15_Update_30-1-150000.1.3.2
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.92.2, kernel-docs-4.12.14-150000.150.92.2, kernel-obs-build-4.12.14-150000.150.92.2, kernel-source-4.12.14-150000.150.92.2, kernel-syms-4.12.14-150000.150.92.2, kernel-vanilla-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.92.2, kernel-docs-4.12.14-150000.150.92.2, kernel-obs-build-4.12.14-150000.150.92.2, kernel-source-4.12.14-150000.150.92.2, kernel-syms-4.12.14-150000.150.92.2, kernel-vanilla-4.12.14-150000.150.92.2
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.92.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 51 Swamp Workflow Management 2022-06-16 19:27:47 UTC 
SUSE-SU-2022:2104-1: An update that solves 23 vulnerabilities, contains one feature and has 19 fixes is now available.

Category: security (important)
Bug References: 1028340,1065729,1071995,1158266,1177282,1191647,1195651,1195926,1196114,1196367,1196426,1196433,1196514,1196570,1196942,1197157,1197343,1197472,1197656,1197660,1197895,1198330,1198400,1198484,1198516,1198577,1198660,1198687,1198778,1198825,1199012,1199063,1199314,1199505,1199507,1199605,1199650,1199918,1200015,1200143,1200144,1200249
CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-20321,CVE-2021-33061,CVE-2022-0168,CVE-2022-1011,CVE-2022-1158,CVE-2022-1184,CVE-2022-1353,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-28893,CVE-2022-30594
JIRA References: SLE-18234
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-livepatch-SLE15-SP2_Update_27-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.115.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 52 Swamp Workflow Management 2022-06-17 13:19:54 UTC 
SUSE-SU-2022:2111-1: An update that solves 30 vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 1028340,1055710,1065729,1071995,1084513,1087082,1114648,1158266,1172456,1177282,1182171,1183723,1187055,1191647,1191958,1195065,1195651,1196018,1196367,1196426,1196999,1197219,1197343,1197663,1198400,1198516,1198577,1198660,1198687,1198742,1198777,1198825,1199012,1199063,1199314,1199399,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249
CVE References: CVE-2017-13695,CVE-2018-7755,CVE-2019-19377,CVE-2019-20811,CVE-2020-26541,CVE-2021-20292,CVE-2021-20321,CVE-2021-33061,CVE-2021-38208,CVE-2021-39711,CVE-2021-43389,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-22942,CVE-2022-28748,CVE-2022-30594
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.114.2, kernel-default-4.12.14-150100.197.114.2, kernel-kvmsmall-4.12.14-150100.197.114.2, kernel-vanilla-4.12.14-150100.197.114.2, kernel-zfcpdump-4.12.14-150100.197.114.2
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.114.2, kernel-default-4.12.14-150100.197.114.2, kernel-kvmsmall-4.12.14-150100.197.114.2, kernel-vanilla-4.12.14-150100.197.114.2, kernel-zfcpdump-4.12.14-150100.197.114.2
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2, kernel-zfcpdump-4.12.14-150100.197.114.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.114.2, kernel-livepatch-SLE15-SP1_Update_31-1-150100.3.3.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.114.2
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.114.2, kernel-docs-4.12.14-150100.197.114.2, kernel-obs-build-4.12.14-150100.197.114.2, kernel-source-4.12.14-150100.197.114.2, kernel-syms-4.12.14-150100.197.114.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 54 Marcus Meissner 2022-11-04 09:22:43 UTC 
released
Comment 60 Swamp Workflow Management 2023-02-15 14:23:21 UTC 
SUSE-SU-2023:0416-1: An update that solves 62 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1055710,1084513,1131430,1133374,1154848,1166098,1173514,1177471,1191961,1196973,1197331,1197343,1197366,1197391,1198516,1198829,1199063,1199426,1199487,1199650,1199657,1200598,1200619,1200692,1200910,1201050,1201251,1201429,1201635,1201636,1201940,1201948,1202097,1202346,1202347,1202393,1202500,1202897,1202898,1202960,1203107,1203271,1203514,1203769,1203960,1203987,1204166,1204354,1204405,1204431,1204439,1204574,1204631,1204646,1204647,1204653,1204894,1204922,1205220,1205514,1205671,1205796,1206677
CVE References: CVE-2017-13695,CVE-2018-7755,CVE-2019-3837,CVE-2019-3900,CVE-2020-15393,CVE-2020-16119,CVE-2020-36557,CVE-2020-36558,CVE-2021-26341,CVE-2021-33655,CVE-2021-33656,CVE-2021-34981,CVE-2021-39713,CVE-2021-45868,CVE-2022-1011,CVE-2022-1048,CVE-2022-1353,CVE-2022-1462,CVE-2022-1652,CVE-2022-1679,CVE-2022-20132,CVE-2022-20166,CVE-2022-20368,CVE-2022-20369,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21385,CVE-2022-21499,CVE-2022-2318,CVE-2022-2663,CVE-2022-28356,CVE-2022-29900,CVE-2022-29901,CVE-2022-3028,CVE-2022-3303,CVE-2022-33981,CVE-2022-3424,CVE-2022-3524,CVE-2022-3565,CVE-2022-3566,CVE-2022-3586,CVE-2022-3621,CVE-2022-3635,CVE-2022-3646,CVE-2022-3649,CVE-2022-36879,CVE-2022-36946,CVE-2022-3903,CVE-2022-39188,CVE-2022-40768,CVE-2022-4095,CVE-2022-41218,CVE-2022-41848,CVE-2022-41850,CVE-2022-41858,CVE-2022-43750,CVE-2022-44032,CVE-2022-44033,CVE-2022-45934
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE (src):    kernel-default-3.0.101-108.138.1, kernel-ec2-3.0.101-108.138.1, kernel-source-3.0.101-108.138.1, kernel-syms-3.0.101-108.138.1, kernel-trace-3.0.101-108.138.1, kernel-xen-3.0.101-108.138.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.