1208599 – (CVE-2023-1076) VUL-0: CVE-2023-1076: kernel: incorrect UID assigned to tun/tap sockets

Bug 1208599 (CVE-2023-1076) - VUL-0: CVE-2023-1076: kernel: incorrect UID assigned to tun/tap sockets

Summary: VUL-0: CVE-2023-1076: kernel: incorrect UID assigned to tun/tap sockets

Status:	RESOLVED FIXED

Alias:	CVE-2023-1076

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/358070/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-1076:4.7:(AV:L...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-02-23 09:35 UTC by Thomas Leroy
Modified:	2024-06-25 17:29 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 2 Thomas Leroy 2023-02-23 16:20:42 UTC

Affected:
- SLE15-SP4
- SLE15-SP5
- cve/linux-4.12
- cve/linux-5.3
- stable
- master

Comment 5 Thomas Leroy 2023-03-06 14:20:45 UTC

(In reply to Michal Hocko from comment #4)
> Let me assign this to Miroslav.
> Thomas, is this still under embargo? If yes could you update the bug title
> so that the fact is more visible please?

This one has been publicly announced in oss-sec:

CVE-2023-1076: Linux Kernel: Type Confusion hardcodes tuntap socket UID to root
From: Pietro Borrello <borrello () diag uniroma1 it>
Date: Wed, 1 Mar 2023 16:13:11 +0100
Hi all,

I am disclosing a type confusion in the initialization of TUN/TAP sockets
which hardcodes their UID to 0, usually the root UID.
sock_init_data() assumes that the `struct socket` passed in input is
contained in a `struct socket_alloc` allocated with sock_alloc().
However, tap_open() and tun_chr_open() pass a `struct socket` embedded
in a `struct tap_queue` and `struct tun_file` respectively, both
allocated with sk_alloc().
This causes a type confusion when issuing a container_of() with
SOCK_INODE() in sock_init_data() which results in assigning a wrong
sk_uid to the `struct sock` in input.

Due to the type confusion, both sockets happen to have their UID set
to 0, i.e. root.
While it will be often correct, as TUN/TAP devices require
CAP_NET_ADMIN, it may not always be the case.
Not sure how widespread is the impact of this, it seems the socket UID
may be used for network filtering and routing, thus TUN/TAP sockets may
be incorrectly managed, potentially bypassing network filters based on UID.
Additionally, it seems the sockets with an incorrect UID may be returned
to the vhost driver when issuing a get_socket() on a TUN/TAP device in
vhost_net_set_backend().

The proposed patches fix the bugs by adding and using sock_init_data_uid(),
which explicitly takes a UID as argument, and have been merged:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=66b2c338adce580dfce2199591e65e2bab889cff
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a096ccca6e503a5c575717ff8a36ace27510ab0a

The issue has been assigned CVE-2023-1076.

Best regards,
Pietro Borrello

Comment 6 Miroslav Franc 2023-03-13 15:20:53 UTC

Backported the fix to SLE15-SP4, cve/linux-5.3, cve/linux-4.12 branches.  The master/stable already contain the fix. For SLE15-SP5-GA is too late, should be pulled to SLE15-SP5 from SLE15-SP4.

Reassigned back to security team.

Comment 8 Maintenance Automation 2023-03-16 20:32:00 UTC

SUSE-SU-2023:0779-1: An update that solves 21 vulnerabilities and has 12 fixes can now be installed.

Category: security (important)
Bug References: 1186449, 1203331, 1203332, 1203693, 1204502, 1204760, 1205149, 1206351, 1206677, 1206784, 1207034, 1207051, 1207134, 1207186, 1207237, 1207497, 1207508, 1207560, 1207773, 1207795, 1207845, 1207875, 1207878, 1208212, 1208599, 1208700, 1208741, 1208776, 1208816, 1208837, 1208845, 1208971, 1209008
CVE References: CVE-2022-3606, CVE-2022-36280, CVE-2022-38096, CVE-2022-47929, CVE-2023-0045, CVE-2023-0179, CVE-2023-0266, CVE-2023-0590, CVE-2023-0597, CVE-2023-1076, CVE-2023-1095, CVE-2023-1118, CVE-2023-1195, CVE-2023-22995, CVE-2023-22998, CVE-2023-23000, CVE-2023-23004, CVE-2023-23006, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545
Sources used:
SUSE Real Time Module 15-SP3 (src): kernel-syms-rt-5.3.18-150300.121.1, kernel-source-rt-5.3.18-150300.121.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Maintenance Automation 2023-03-28 08:30:31 UTC

SUSE-SU-2023:1609-1: An update that solves 17 vulnerabilities and has 44 fixes can now be installed.

Category: security (important)
Bug References: 1177529, 1193629, 1197534, 1197617, 1198438, 1200054, 1202353, 1202633, 1203200, 1203331, 1204363, 1204993, 1205544, 1205846, 1206103, 1206232, 1206492, 1206493, 1206824, 1206935, 1207051, 1207270, 1207529, 1207560, 1207845, 1207846, 1208179, 1208212, 1208420, 1208449, 1208534, 1208541, 1208542, 1208570, 1208598, 1208599, 1208601, 1208605, 1208607, 1208628, 1208700, 1208741, 1208759, 1208776, 1208777, 1208784, 1208787, 1208816, 1208837, 1208843, 1208848, 1209008, 1209159, 1209188, 1209256, 1209258, 1209262, 1209291, 1209436, 1209457, 1209504
CVE References: CVE-2022-3523, CVE-2022-38096, CVE-2023-0461, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1118, CVE-2023-22995, CVE-2023-22998, CVE-2023-23000, CVE-2023-23004, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545, CVE-2023-28328
Sources used:
openSUSE Leap 15.4 (src): kernel-source-rt-5.14.21-150400.15.18.1, kernel-syms-rt-5.14.21-150400.15.18.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_5-1-150400.1.3.1
SUSE Real Time Module 15-SP4 (src): kernel-source-rt-5.14.21-150400.15.18.1, kernel-syms-rt-5.14.21-150400.15.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Maintenance Automation 2023-03-28 08:32:09 UTC

SUSE-SU-2023:1608-1: An update that solves 24 vulnerabilities and has 112 fixes can now be installed.

Category: security (important)
Bug References: 1166486, 1177529, 1193629, 1197534, 1197617, 1198438, 1200054, 1202353, 1202633, 1203200, 1203331, 1203332, 1204363, 1204993, 1205544, 1205846, 1206103, 1206224, 1206232, 1206459, 1206492, 1206493, 1206640, 1206824, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206886, 1206894, 1206935, 1207036, 1207050, 1207051, 1207125, 1207270, 1207328, 1207529, 1207560, 1207588, 1207590, 1207591, 1207592, 1207593, 1207594, 1207603, 1207605, 1207606, 1207608, 1207609, 1207613, 1207615, 1207617, 1207618, 1207619, 1207620, 1207621, 1207623, 1207624, 1207625, 1207626, 1207630, 1207631, 1207632, 1207634, 1207635, 1207636, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207768, 1207770, 1207771, 1207773, 1207795, 1207845, 1207875, 1208149, 1208153, 1208179, 1208183, 1208212, 1208290, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208598, 1208599, 1208601, 1208605, 1208607, 1208628, 1208700, 1208741, 1208759, 1208776, 1208777, 1208784, 1208787, 1208816, 1208829, 1208837, 1208843, 1208848, 1209008, 1209159, 1209188, 1209256, 1209258, 1209262, 1209291, 1209436, 1209457, 1209504, 1209572
CVE References: CVE-2022-3523, CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0122, CVE-2023-0461, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1118, CVE-2023-22995, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23454, CVE-2023-23455, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545, CVE-2023-28328
Sources used:
openSUSE Leap 15.4 (src): kernel-syms-azure-5.14.21-150400.14.40.1, kernel-source-azure-5.14.21-150400.14.40.1
Public Cloud Module 15-SP4 (src): kernel-syms-azure-5.14.21-150400.14.40.1, kernel-source-azure-5.14.21-150400.14.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Maintenance Automation 2023-03-31 12:30:54 UTC

SUSE-SU-2023:1710-1: An update that solves 19 vulnerabilities and has 111 fixes can now be installed.

Category: security (important)
Bug References: 1166486, 1177529, 1193629, 1197534, 1197617, 1198438, 1202353, 1202633, 1203200, 1203331, 1203332, 1204363, 1204993, 1205544, 1205846, 1206103, 1206224, 1206232, 1206459, 1206492, 1206493, 1206640, 1206824, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206889, 1206894, 1206935, 1207051, 1207270, 1207328, 1207529, 1207560, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207613, 1207615, 1207617, 1207618, 1207619, 1207620, 1207621, 1207623, 1207624, 1207625, 1207626, 1207628, 1207630, 1207631, 1207632, 1207634, 1207635, 1207636, 1207638, 1207639, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207651, 1207653, 1207770, 1207773, 1207845, 1207875, 1208149, 1208153, 1208179, 1208183, 1208212, 1208290, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208570, 1208598, 1208599, 1208601, 1208603, 1208605, 1208607, 1208628, 1208700, 1208741, 1208759, 1208776, 1208777, 1208784, 1208787, 1208816, 1208837, 1208843, 1208848, 1209008, 1209159, 1209188, 1209256, 1209258, 1209262, 1209291, 1209436, 1209457, 1209504
CVE References: CVE-2022-3523, CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0461, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1118, CVE-2023-22995, CVE-2023-22998, CVE-2023-23000, CVE-2023-23004, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545, CVE-2023-28328
Sources used:
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7
openSUSE Leap 15.4 (src): kernel-obs-qa-5.14.21-150400.24.55.1, kernel-syms-5.14.21-150400.24.55.1, kernel-source-5.14.21-150400.24.55.2, kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7, kernel-obs-build-5.14.21-150400.24.55.3
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7
Basesystem Module 15-SP4 (src): kernel-source-5.14.21-150400.24.55.2, kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7
Development Tools Module 15-SP4 (src): kernel-source-5.14.21-150400.24.55.2, kernel-syms-5.14.21-150400.24.55.1, kernel-obs-build-5.14.21-150400.24.55.3
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_10-1-150400.9.3.7

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Maintenance Automation 2023-04-10 12:30:24 UTC

SUSE-SU-2023:1803-1: An update that solves 14 vulnerabilities, contains one feature and has 23 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1076830, 1109158, 1181001, 1191924, 1193231, 1199837, 1203092, 1203693, 1206010, 1207001, 1207036, 1207125, 1207795, 1207890, 1208048, 1208179, 1208599, 1208777, 1208850, 1209008, 1209052, 1209118, 1209126, 1209256, 1209289, 1209291, 1209292, 1209532, 1209547, 1209549, 1209556, 1209572, 1209634, 1209684, 1209778, 1209798
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-20567, CVE-2023-0590, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1390, CVE-2023-1513, CVE-2023-23454, CVE-2023-23455, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772
Jira References: ECO-3191
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_42-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.156.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-4.12.14-122.156.1, kernel-source-4.12.14-122.156.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-4.12.14-122.156.1, kernel-source-4.12.14-122.156.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-4.12.14-122.156.1, kernel-source-4.12.14-122.156.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Maintenance Automation 2023-04-10 12:30:57 UTC

SUSE-SU-2023:1800-1: An update that solves 20 vulnerabilities and has seven fixes can now be installed.

Category: security (important)
Bug References: 1207168, 1207185, 1207560, 1208179, 1208598, 1208599, 1208601, 1208777, 1208787, 1208843, 1209008, 1209052, 1209256, 1209288, 1209289, 1209290, 1209291, 1209366, 1209532, 1209547, 1209549, 1209634, 1209635, 1209636, 1209672, 1209683, 1209778
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-4744, CVE-2023-0461, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1281, CVE-2023-1382, CVE-2023-1390, CVE-2023-1513, CVE-2023-1582, CVE-2023-23004, CVE-2023-25012, CVE-2023-28327, CVE-2023-28328, CVE-2023-28464, CVE-2023-28466, CVE-2023-28772
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_35-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.148.1, kernel-source-5.3.18-150200.24.148.1, kernel-syms-5.3.18-150200.24.148.1, kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.148.1, kernel-source-5.3.18-150200.24.148.1, kernel-syms-5.3.18-150200.24.148.1, kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.148.1, kernel-source-5.3.18-150200.24.148.1, kernel-syms-5.3.18-150200.24.148.1, kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1
SUSE Enterprise Storage 7 (src): kernel-obs-build-5.3.18-150200.24.148.1, kernel-source-5.3.18-150200.24.148.1, kernel-syms-5.3.18-150200.24.148.1, kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Maintenance Automation 2023-04-10 12:32:12 UTC

SUSE-SU-2023:1801-1: An update that solves 14 vulnerabilities, contains one feature and has 19 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1076830, 1109158, 1181001, 1193231, 1199837, 1203693, 1206010, 1207001, 1207036, 1207125, 1207795, 1207890, 1208048, 1208599, 1208777, 1208850, 1209052, 1209118, 1209126, 1209256, 1209289, 1209291, 1209292, 1209532, 1209547, 1209549, 1209556, 1209572, 1209634, 1209684, 1209778, 1209798
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-20567, CVE-2023-0590, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1390, CVE-2023-1513, CVE-2023-23454, CVE-2023-23455, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772
Jira References: ECO-3191
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-azure-4.12.14-16.130.1, kernel-syms-azure-4.12.14-16.130.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-azure-4.12.14-16.130.1, kernel-syms-azure-4.12.14-16.130.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-azure-4.12.14-16.130.1, kernel-syms-azure-4.12.14-16.130.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Maintenance Automation 2023-04-11 12:30:12 UTC

SUSE-SU-2023:1811-1: An update that solves 20 vulnerabilities and has eight fixes can now be installed.

Category: security (important)
Bug References: 1207168, 1207560, 1208137, 1208179, 1208598, 1208599, 1208601, 1208777, 1208787, 1208843, 1209008, 1209052, 1209256, 1209288, 1209289, 1209290, 1209291, 1209366, 1209532, 1209547, 1209549, 1209634, 1209635, 1209636, 1209672, 1209683, 1209778, 1209785
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-4744, CVE-2023-0461, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1281, CVE-2023-1382, CVE-2023-1390, CVE-2023-1513, CVE-2023-1582, CVE-2023-23004, CVE-2023-25012, CVE-2023-28327, CVE-2023-28328, CVE-2023-28464, CVE-2023-28466, CVE-2023-28772
Sources used:
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_31-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise Real Time 15 SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Manager Proxy 4.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1
SUSE Manager Retail Branch Server 4.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1
SUSE Manager Server 4.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1
SUSE Enterprise Storage 7.1 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 34 Maintenance Automation 2023-04-14 16:30:40 UTC

SUSE-SU-2023:1848-1: An update that solves 15 vulnerabilities and has nine fixes can now be installed.

Category: security (important)
Bug References: 1076830, 1192273, 1194535, 1207036, 1207125, 1207168, 1207795, 1208179, 1208599, 1208777, 1208811, 1208850, 1209008, 1209052, 1209256, 1209289, 1209291, 1209532, 1209547, 1209549, 1209634, 1209778, 1209845, 1209887
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2021-4203, CVE-2022-20567, CVE-2023-0590, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1390, CVE-2023-1513, CVE-2023-23454, CVE-2023-23455, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_39-1-150100.3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.142.1, kernel-obs-build-4.12.14-150100.197.142.1, kernel-source-4.12.14-150100.197.142.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.142.1, kernel-obs-build-4.12.14-150100.197.142.1, kernel-source-4.12.14-150100.197.142.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-syms-4.12.14-150100.197.142.1, kernel-obs-build-4.12.14-150100.197.142.1, kernel-source-4.12.14-150100.197.142.1
SUSE CaaS Platform 4.0 (src): kernel-syms-4.12.14-150100.197.142.1, kernel-obs-build-4.12.14-150100.197.142.1, kernel-source-4.12.14-150100.197.142.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 35 Maintenance Automation 2023-04-18 12:30:48 UTC

SUSE-SU-2023:1894-1: An update that solves 14 vulnerabilities and has 20 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142926, 1181001, 1193231, 1199837, 1203693, 1206010, 1207001, 1207125, 1207890, 1208048, 1208599, 1208777, 1208850, 1209052, 1209118, 1209126, 1209256, 1209289, 1209291, 1209292, 1209532, 1209547, 1209549, 1209556, 1209572, 1209613, 1209634, 1209684, 1209687, 1209777, 1209778, 1209798
CVE References: CVE-2017-5753, CVE-2020-36691, CVE-2021-3923, CVE-2022-20567, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-23455, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-syms-rt-4.12.14-10.121.1, kernel-source-rt-4.12.14-10.121.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 42 Maintenance Automation 2023-05-17 16:30:08 UTC

SUSE-SU-2023:2232-1: An update that solves 28 vulnerabilities and has 14 fixes can now be installed.

Category: security (important)
Bug References: 1076830, 1194535, 1202353, 1205128, 1207036, 1207125, 1207168, 1207185, 1207795, 1207845, 1208179, 1208333, 1208599, 1208777, 1208837, 1208850, 1209008, 1209052, 1209256, 1209289, 1209291, 1209532, 1209547, 1209549, 1209613, 1209687, 1209777, 1209778, 1209845, 1209871, 1209887, 1210124, 1210202, 1210301, 1210329, 1210336, 1210337, 1210469, 1210498, 1210506, 1210647, 1211037
CVE References: CVE-2017-5753, CVE-2020-36691, CVE-2021-3923, CVE-2021-4203, CVE-2022-20567, CVE-2022-43945, CVE-2023-0590, CVE-2023-0597, CVE-2023-1076, CVE-2023-1095, CVE-2023-1118, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-23454, CVE-2023-23455, CVE-2023-2483, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772, CVE-2023-30772
Sources used:
SUSE OpenStack Cloud 9 (src): kernel-source-4.12.14-95.125.1, kernel-syms-4.12.14-95.125.1
SUSE OpenStack Cloud Crowbar 9 (src): kernel-source-4.12.14-95.125.1, kernel-syms-4.12.14-95.125.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): kernel-source-4.12.14-95.125.1, kernel-syms-4.12.14-95.125.1, drbd-9.0.14+git.62f906cf-4.26.2
SUSE Linux Enterprise High Availability Extension 12 SP4 (src): drbd-9.0.14+git.62f906cf-4.26.2
SUSE Linux Enterprise Live Patching 12-SP4 (src): kgraft-patch-SLE12-SP4_Update_35-1-6.5.1
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): kernel-source-4.12.14-95.125.1, kernel-syms-4.12.14-95.125.1
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): kernel-source-4.12.14-95.125.1, kernel-syms-4.12.14-95.125.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 49 Maintenance Automation 2023-07-11 16:31:33 UTC

SUSE-SU-2023:2809-1: An update that solves 84 vulnerabilities, contains 25 features and has 320 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1185861, 1186449, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198400, 1198438, 1198835, 1199304, 1199701, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204363, 1204662, 1204993, 1205153, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206578, 1206640, 1206649, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207036, 1207050, 1207051, 1207088, 1207125, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207933, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208410, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208601, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208741, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209039, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209291, 1209292, 1209366, 1209367, 1209436, 1209457, 1209504, 1209532, 1209556, 1209600, 1209615, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209780, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210336, 1210337, 1210409, 1210439, 1210449, 1210450, 1210453, 1210454, 1210469, 1210498, 1210506, 1210533, 1210551, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210940, 1210943, 1210947, 1210953, 1210986, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211205, 1211263, 1211280, 1211281, 1211299, 1211346, 1211387, 1211400, 1211410, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211794, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211852, 1211855, 1211960, 1212129, 1212154, 1212155, 1212158, 1212350, 1212405, 1212445, 1212448, 1212494, 1212495, 1212504, 1212513, 1212540, 1212556, 1212561, 1212563, 1212564, 1212584, 1212592, 1212605, 1212606, 1212619, 1212701, 1212741
CVE References: CVE-2020-24588, CVE-2022-2196, CVE-2022-3523, CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0386, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-23454, CVE-2023-23455, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-28466, CVE-2023-28866, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3220, CVE-2023-32233, CVE-2023-33288, CVE-2023-3357, CVE-2023-3358, CVE-2023-33951, CVE-2023-33952, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-1549, PED-3210, PED-3259, PED-3692, PED-370, PED-3750, PED-3759, PED-376, PED-3931, PED-4022, PED-835, SES-1880, SLE-18375, SLE-18377, SLE-18378, SLE-18379, SLE-18383, SLE-18384, SLE-18385, SLE-18978, SLE-18992, SLE-19001, SLE-19253, SLE-19255, SLE-19556
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5-RT_Update_1-1-150500.11.5.1, kernel-syms-rt-5.14.21-150500.13.5.1, kernel-source-rt-5.14.21-150500.13.5.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_1-1-150500.11.5.1
SUSE Real Time Module 15-SP5 (src): kernel-syms-rt-5.14.21-150500.13.5.1, kernel-source-rt-5.14.21-150500.13.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 50 Maintenance Automation 2023-07-18 16:32:06 UTC

SUSE-SU-2023:2871-1: An update that solves 82 vulnerabilities, contains 25 features and has 390 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1186449, 1187829, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198400, 1198438, 1198835, 1199304, 1199701, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204363, 1204662, 1204993, 1205153, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206552, 1206578, 1206640, 1206649, 1206677, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207036, 1207050, 1207051, 1207088, 1207125, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207933, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208410, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208601, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208741, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209039, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209291, 1209292, 1209366, 1209367, 1209436, 1209457, 1209504, 1209532, 1209556, 1209600, 1209615, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209780, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210335, 1210336, 1210337, 1210409, 1210439, 1210449, 1210450, 1210453, 1210454, 1210498, 1210506, 1210533, 1210551, 1210565, 1210584, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210853, 1210940, 1210943, 1210947, 1210953, 1210986, 1211014, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211205, 1211263, 1211280, 1211281, 1211299, 1211346, 1211387, 1211400, 1211410, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211794, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211852, 1211855, 1211960, 1212051, 1212129, 1212154, 1212155, 1212158, 1212265, 1212350, 1212445, 1212448, 1212456, 1212494, 1212495, 1212504, 1212513, 1212540, 1212556, 1212561, 1212563, 1212564, 1212584, 1212592, 1212603, 1212605, 1212606, 1212619, 1212685, 1212701, 1212741, 1212835, 1212838, 1212842, 1212848, 1212861, 1212869, 1212892, 1212961, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213116, 1213134
CVE References: CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1829, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-2430, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-28866, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-3090, CVE-2023-31084, CVE-2023-3111, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3220, CVE-2023-32233, CVE-2023-33288, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-33951, CVE-2023-33952, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-1549, PED-3210, PED-3259, PED-3692, PED-370, PED-3750, PED-3759, PED-376, PED-3931, PED-4022, PED-835, SES-1880, SLE-18375, SLE-18377, SLE-18378, SLE-18379, SLE-18383, SLE-18384, SLE-18385, SLE-18978, SLE-18992, SLE-19001, SLE-19253, SLE-19255, SLE-19556
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5_Update_1-1-150500.11.7.1, kernel-syms-5.14.21-150500.55.7.1, kernel-obs-qa-5.14.21-150500.55.7.1, kernel-obs-build-5.14.21-150500.55.7.1, kernel-source-5.14.21-150500.55.7.1, kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5
Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.7.1, kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5
Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.7.1, kernel-syms-5.14.21-150500.55.7.1, kernel-obs-build-5.14.21-150500.55.7.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_1-1-150500.11.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 52 Maintenance Automation 2024-02-27 12:01:04 UTC

SUSE-SU-2023:2646-1: An update that solves 69 vulnerabilities, contains six features and has 292 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1186449, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198438, 1198835, 1199304, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204662, 1204993, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206552, 1206578, 1206640, 1206649, 1206677, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207050, 1207088, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209292, 1209367, 1209457, 1209504, 1209532, 1209556, 1209600, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210336, 1210409, 1210439, 1210449, 1210450, 1210469, 1210498, 1210506, 1210533, 1210551, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210940, 1210943, 1210947, 1210953, 1210986, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211140, 1211205, 1211263, 1211280, 1211281, 1211299, 1211387, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211855, 1211960, 1212129, 1212154, 1212155, 1212158
CVE References: CVE-2022-2196, CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1380, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-32233, CVE-2023-33288, CVE-2023-33951, CVE-2023-33952
Jira References: PED-3210, PED-3259, PED-3692, PED-3750, PED-3759, PED-4022
Sources used:
openSUSE Leap 15.5 (src): kernel-source-azure-5.14.21-150500.33.3.1, kernel-syms-azure-5.14.21-150500.33.3.1
Public Cloud Module 15-SP5 (src): kernel-source-azure-5.14.21-150500.33.3.1, kernel-syms-azure-5.14.21-150500.33.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 56 Robert Frohl 2024-05-06 08:18:44 UTC

done, closing