Bug 1206073 (CVE-2022-3564) - VUL-0: CVE-2022-3564: kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c
Summary: VUL-0: CVE-2022-3564: kernel: use-after-free caused by l2cap_reassemble_sdu()...
Status: RESOLVED FIXED
Alias: CVE-2022-3564
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/345418/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-3564:8.0:(AV:A...
Keywords:
Depends on:
Blocks: 1206314
  Show dependency treegraph
 
Reported: 2022-12-06 07:41 UTC by Stoyan Manolov
Modified: 2024-06-25 17:15 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stoyan Manolov 2022-12-06 07:41:43 UTC 
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.

Reference:
https://vuldb.com/?id.211087

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2150999
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3564
https://www.cve.org/CVERecord?id=CVE-2022-3564
https://vuldb.com/?id.211087
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1
Comment 1 Petr Mladek 2022-12-12 11:26:08 UTC 
Takashi, it seems to be in your area. And it seems to be another urgent bug.
Comment 2 Takashi Iwai 2022-12-27 14:30:08 UTC 
Too bad that it was assigned to me during my vacation, and left untouched over weeks...

The upstream fix commit is 3aff8aaca4e36dc8b17eaa011684881a80238966
  Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
included in 6.1-rc4.

SLE15-SP3 and SLE15-SP4 already contain the fix.
Comment 3 Takashi Iwai 2022-12-27 14:50:18 UTC 
I updated the patch references in SLE15-SP3 and SLE15-SP4 branches.
The fix was backported to cve/linux-5.3, cve/linux-4.12 and cve/linux-4.4 branches.
The older branches are unaffected, as the bug was introduced since 3.6 kernel.

Reassigned back to security team.
Comment 21 Swamp Workflow Management 2023-01-26 11:21:07 UTC 
SUSE-SU-2023:0145-1: An update that solves 5 vulnerabilities, contains one feature and has 7 fixes is now available.

Category: security (important)
Bug References: 1065729,1203740,1204250,1205695,1206073,1206344,1206389,1206395,1206664,1207036,1207168,1207195
CVE References: CVE-2022-3107,CVE-2022-3108,CVE-2022-3564,CVE-2022-4662,CVE-2023-23454
JIRA References: PED-568
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.147.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.147.1, kernel-obs-build-4.12.14-122.147.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.147.1, kernel-source-4.12.14-122.147.1, kernel-syms-4.12.14-122.147.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.147.1, kgraft-patch-SLE12-SP5_Update_39-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.147.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2023-01-26 11:24:52 UTC 
SUSE-SU-2023:0146-1: An update that solves 15 vulnerabilities, contains two features and has 36 fixes is now available.

Category: security (important)
Bug References: 1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016
CVE References: CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520
JIRA References: PED-1445,PED-568
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.31.1, kernel-source-azure-5.14.21-150400.14.31.1, kernel-syms-azure-5.14.21-150400.14.31.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.31.1, kernel-source-azure-5.14.21-150400.14.31.1, kernel-syms-azure-5.14.21-150400.14.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2023-01-26 11:31:02 UTC 
SUSE-SU-2023:0147-1: An update that solves 14 vulnerabilities, contains three features and has 32 fixes is now available.

Category: security (important)
Bug References: 1065729,1187428,1188605,1191259,1193629,1199294,1201068,1203219,1203740,1204614,1204652,1204760,1204911,1204989,1205263,1205485,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206344,1206389,1206390,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016
CVE References: CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520
JIRA References: PED-1445,PED-568,SLE-19249
Sources used:
openSUSE Leap Micro 5.3 (src):    kernel-rt-5.14.21-150400.15.8.1
openSUSE Leap 15.4 (src):    kernel-rt-5.14.21-150400.15.8.1, kernel-rt_debug-5.14.21-150400.15.8.1, kernel-source-rt-5.14.21-150400.15.8.1, kernel-syms-rt-5.14.21-150400.15.8.1
SUSE Linux Enterprise Module for Realtime 15-SP4 (src):    kernel-rt-5.14.21-150400.15.8.1, kernel-rt_debug-5.14.21-150400.15.8.1, kernel-source-rt-5.14.21-150400.15.8.1, kernel-syms-rt-5.14.21-150400.15.8.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-livepatch-SLE15-SP4-RT_Update_2-1-150400.1.3.1
SUSE Linux Enterprise Micro 5.3 (src):    kernel-rt-5.14.21-150400.15.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2023-01-26 14:21:35 UTC 
SUSE-SU-2023:0149-1: An update that solves 15 vulnerabilities, contains two features and has 37 fixes is now available.

Category: security (important)
Bug References: 1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206273,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016
CVE References: CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520
JIRA References: PED-1445,PED-568
Sources used:
openSUSE Leap Micro 5.3 (src):    kernel-default-5.14.21-150400.24.41.1, kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.41.1, kernel-64kb-5.14.21-150400.24.41.1, kernel-debug-5.14.21-150400.24.41.1, kernel-default-5.14.21-150400.24.41.1, kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1, kernel-docs-5.14.21-150400.24.41.1, kernel-kvmsmall-5.14.21-150400.24.41.1, kernel-obs-build-5.14.21-150400.24.41.1, kernel-obs-qa-5.14.21-150400.24.41.1, kernel-source-5.14.21-150400.24.41.1, kernel-syms-5.14.21-150400.24.41.1, kernel-zfcpdump-5.14.21-150400.24.41.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.41.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.41.1, kernel-livepatch-SLE15-SP4_Update_7-1-150400.9.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.41.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.41.1, kernel-obs-build-5.14.21-150400.24.41.1, kernel-source-5.14.21-150400.24.41.1, kernel-syms-5.14.21-150400.24.41.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.41.1, kernel-default-5.14.21-150400.24.41.1, kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1, kernel-source-5.14.21-150400.24.41.1, kernel-zfcpdump-5.14.21-150400.24.41.1
SUSE Linux Enterprise Micro 5.3 (src):    kernel-default-5.14.21-150400.24.41.1, kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2023-01-26 14:28:25 UTC 
SUSE-SU-2023:0152-1: An update that solves 19 vulnerabilities, contains three features and has 71 fixes is now available.

Category: security (important)
Bug References: 1065729,1151927,1156395,1157049,1190969,1203183,1203693,1203740,1204171,1204250,1204614,1204693,1204760,1204989,1205149,1205256,1205495,1205496,1205601,1205695,1206073,1206113,1206114,1206174,1206175,1206176,1206177,1206178,1206179,1206344,1206389,1206393,1206394,1206395,1206397,1206398,1206399,1206515,1206602,1206634,1206635,1206636,1206637,1206640,1206641,1206642,1206643,1206644,1206645,1206646,1206647,1206648,1206649,1206663,1206664,1206784,1206841,1206854,1206855,1206857,1206858,1206859,1206860,1206873,1206875,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206887,1206888,1206889,1206890,1206891,1206893,1206896,1206904,1207036,1207125,1207134,1207186,1207198,1207218,1207237
CVE References: CVE-2019-19083,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3115,CVE-2022-3435,CVE-2022-3564,CVE-2022-3643,CVE-2022-42328,CVE-2022-42329,CVE-2022-4662,CVE-2022-47520,CVE-2022-47929,CVE-2023-0266,CVE-2023-23454,CVE-2023-23455
JIRA References: PED-1445,PED-1706,PED-568
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.109.1
SUSE Manager Server 4.2 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-zfcpdump-5.3.18-150300.59.109.1
SUSE Manager Retail Branch Server 4.2 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1
SUSE Manager Proxy 4.2 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1
SUSE Linux Enterprise Server for SAP 15-SP3 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1
SUSE Linux Enterprise Server 15-SP3-LTSS (src):    kernel-64kb-5.3.18-150300.59.109.1, kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1, kernel-zfcpdump-5.3.18-150300.59.109.1
SUSE Linux Enterprise Realtime Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-livepatch-SLE15-SP3_Update_28-1-150300.7.3.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (src):    kernel-64kb-5.3.18-150300.59.109.1, kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (src):    kernel-64kb-5.3.18-150300.59.109.1, kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.109.1
SUSE Enterprise Storage 7.1 (src):    kernel-64kb-5.3.18-150300.59.109.1, kernel-default-5.3.18-150300.59.109.1, kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1, kernel-docs-5.3.18-150300.59.109.1, kernel-obs-build-5.3.18-150300.59.109.1, kernel-preempt-5.3.18-150300.59.109.1, kernel-source-5.3.18-150300.59.109.1, kernel-syms-5.3.18-150300.59.109.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2023-01-26 14:36:07 UTC 
SUSE-SU-2023:0148-1: An update that solves four vulnerabilities, contains one feature and has 9 fixes is now available.

Category: security (important)
Bug References: 1065729,1174298,1174299,1203740,1204250,1204667,1205695,1206073,1206344,1206389,1206395,1206664,1206896
CVE References: CVE-2022-3107,CVE-2022-3108,CVE-2022-3564,CVE-2022-4662
JIRA References: PED-568
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.112.1, kernel-rt_debug-4.12.14-10.112.1, kernel-source-rt-4.12.14-10.112.1, kernel-syms-rt-4.12.14-10.112.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Swamp Workflow Management 2023-02-14 17:21:32 UTC 
SUSE-SU-2023:0406-1: An update that solves 16 vulnerabilities, contains one feature and has 14 fixes is now available.

Category: security (important)
Bug References: 1203183,1203693,1203740,1204171,1204614,1204760,1205149,1206073,1206113,1206114,1206314,1206389,1206393,1206395,1206398,1206399,1206515,1206664,1206677,1206784,1207036,1207125,1207134,1207186,1207188,1207189,1207190,1207237,1207769,1207823
CVE References: CVE-2022-3105,CVE-2022-3107,CVE-2022-3108,CVE-2022-3112,CVE-2022-3115,CVE-2022-3435,CVE-2022-3564,CVE-2022-3643,CVE-2022-42328,CVE-2022-42329,CVE-2022-4662,CVE-2022-47520,CVE-2022-47929,CVE-2023-0266,CVE-2023-23454,CVE-2023-23455
JIRA References: PED-1706
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.142.1, kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1, kernel-docs-5.3.18-150200.24.142.1, kernel-obs-build-5.3.18-150200.24.142.1, kernel-preempt-5.3.18-150200.24.142.1, kernel-source-5.3.18-150200.24.142.1, kernel-syms-5.3.18-150200.24.142.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.142.1, kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1, kernel-docs-5.3.18-150200.24.142.1, kernel-obs-build-5.3.18-150200.24.142.1, kernel-preempt-5.3.18-150200.24.142.1, kernel-source-5.3.18-150200.24.142.1, kernel-syms-5.3.18-150200.24.142.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.142.1, kernel-livepatch-SLE15-SP2_Update_33-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.142.1, kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1, kernel-docs-5.3.18-150200.24.142.1, kernel-obs-build-5.3.18-150200.24.142.1, kernel-preempt-5.3.18-150200.24.142.1, kernel-source-5.3.18-150200.24.142.1, kernel-syms-5.3.18-150200.24.142.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.142.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.142.1, kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1, kernel-docs-5.3.18-150200.24.142.1, kernel-obs-build-5.3.18-150200.24.142.1, kernel-preempt-5.3.18-150200.24.142.1, kernel-source-5.3.18-150200.24.142.1, kernel-syms-5.3.18-150200.24.142.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Swamp Workflow Management 2023-02-14 17:24:18 UTC 
SUSE-SU-2023:0407-1: An update that solves four vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1203693,1205149,1206073,1206664,1206677,1206784,1207036,1207186,1207237
CVE References: CVE-2022-3564,CVE-2022-4662,CVE-2022-47929,CVE-2023-23454
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.117.1, kernel-source-4.12.14-95.117.1, kernel-syms-4.12.14-95.117.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.117.1, kernel-source-4.12.14-95.117.1, kernel-syms-4.12.14-95.117.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.117.1, kernel-source-4.12.14-95.117.1, kernel-syms-4.12.14-95.117.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.117.1, kernel-source-4.12.14-95.117.1, kernel-syms-4.12.14-95.117.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.117.1, kgraft-patch-SLE12-SP4_Update_33-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.117.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Swamp Workflow Management 2023-02-14 20:24:37 UTC 
SUSE-SU-2023:0410-1: An update that solves 6 vulnerabilities, contains one feature and has 5 fixes is now available.

Category: security (important)
Bug References: 1203693,1205149,1206073,1206389,1206395,1206664,1206677,1206784,1207036,1207186,1207237
CVE References: CVE-2022-3107,CVE-2022-3108,CVE-2022-3564,CVE-2022-4662,CVE-2022-47929,CVE-2023-23454
JIRA References: PED-1706
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.134.1, kernel-default-4.12.14-150100.197.134.1, kernel-kvmsmall-4.12.14-150100.197.134.1, kernel-vanilla-4.12.14-150100.197.134.1, kernel-zfcpdump-4.12.14-150100.197.134.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.134.1, kernel-docs-4.12.14-150100.197.134.1, kernel-obs-build-4.12.14-150100.197.134.1, kernel-source-4.12.14-150100.197.134.1, kernel-syms-4.12.14-150100.197.134.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.134.1, kernel-docs-4.12.14-150100.197.134.1, kernel-obs-build-4.12.14-150100.197.134.1, kernel-source-4.12.14-150100.197.134.1, kernel-syms-4.12.14-150100.197.134.1, kernel-zfcpdump-4.12.14-150100.197.134.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.134.1, kernel-livepatch-SLE15-SP1_Update_37-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.134.1, kernel-docs-4.12.14-150100.197.134.1, kernel-obs-build-4.12.14-150100.197.134.1, kernel-source-4.12.14-150100.197.134.1, kernel-syms-4.12.14-150100.197.134.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.134.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.134.1, kernel-docs-4.12.14-150100.197.134.1, kernel-obs-build-4.12.14-150100.197.134.1, kernel-source-4.12.14-150100.197.134.1, kernel-syms-4.12.14-150100.197.134.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Swamp Workflow Management 2023-02-15 14:30:32 UTC 
SUSE-SU-2023:0420-1: An update that solves 9 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1108488,1205705,1205709,1206073,1206113,1206664,1206677,1206784,1207036,1207125,1207186,1207237
CVE References: CVE-2018-9517,CVE-2022-3564,CVE-2022-3643,CVE-2022-42895,CVE-2022-42896,CVE-2022-4662,CVE-2022-47929,CVE-2023-23454,CVE-2023-23455
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.199.1, kernel-source-4.4.121-92.199.1, kernel-syms-4.4.121-92.199.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Maintenance Automation 2023-03-02 12:31:20 UTC 
SUSE-SU-2023:0591-1: An update that solves six vulnerabilities, contains two features and has 51 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1156395, 1203740, 1204614, 1204989, 1205496, 1205601, 1205695, 1206073, 1206344, 1206393, 1206399, 1206515, 1206602, 1206634, 1206635, 1206636, 1206637, 1206640, 1206641, 1206642, 1206643, 1206644, 1206645, 1206646, 1206647, 1206648, 1206649, 1206841, 1206854, 1206855, 1206857, 1206858, 1206859, 1206860, 1206873, 1206875, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206896, 1206904, 1207036, 1207125
CVE References: CVE-2022-3112, CVE-2022-3115, CVE-2022-3564, CVE-2022-47520, CVE-2023-23454, CVE-2023-23455
Jira References: PED-1445, PED-568
Sources used:
SUSE Real Time Module 15-SP3 (src): kernel-syms-rt-5.3.18-150300.118.1, kernel-source-rt-5.3.18-150300.118.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Maintenance Automation 2023-03-06 12:30:33 UTC 
SUSE-SU-2023:0618-1: An update that solves 10 vulnerabilities, contains three features and has 28 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1175995, 1198971, 1202712, 1203200, 1203740, 1204250, 1204514, 1205149, 1205397, 1205495, 1206073, 1206640, 1206648, 1206784, 1206855, 1206858, 1206873, 1206877, 1206878, 1206880, 1206882, 1206883, 1206884, 1206887, 1206896, 1207092, 1207093, 1207094, 1207097, 1207102, 1207186, 1207195, 1207201, 1207237, 1208108, 1208541, 1208570
CVE References: CVE-2022-3107, CVE-2022-3108, CVE-2022-3564, CVE-2022-36280, CVE-2022-4662, CVE-2022-47929, CVE-2023-0045, CVE-2023-0266, CVE-2023-0590, CVE-2023-23454
Jira References: PED-1706, PED-568, SLE-15608
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-azure-4.12.14-16.124.1, kernel-syms-azure-4.12.14-16.124.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-azure-4.12.14-16.124.1, kernel-syms-azure-4.12.14-16.124.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-azure-4.12.14-16.124.1, kernel-syms-azure-4.12.14-16.124.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.