1208600 – (CVE-2023-1077) VUL-0: CVE-2023-1077: kernel: type confusion in pick_next_rt_entity

Bug 1208600 (CVE-2023-1077) - VUL-0: CVE-2023-1077: kernel: type confusion in pick_next_rt_entity

Summary: VUL-0: CVE-2023-1077: kernel: type confusion in pick_next_rt_entity

Status:	RESOLVED FIXED

Alias:	CVE-2023-1077

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/358071/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-1077:7.0:(AV:L...
Keywords:

Depends on:
Blocks:	1208839
	Show dependency tree / graph

Clone This Bug

Reported:	2023-02-23 09:39 UTC by Thomas Leroy
Modified:	2024-06-25 17:29 UTC (History)
CC List:	12 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 2 Thomas Leroy 2023-02-23 16:23:47 UTC

Affected:
- SLE15-SP4
- SLE15-SP5  
- cve/linux-3.0
- cve/linux-4.12
- cve/linux-4.4
- cve/linux-5.3
- master
- stable

Comment 23 Maintenance Automation 2023-06-19 08:30:14 UTC

SUSE-SU-2023:2534-1: An update that solves 16 vulnerabilities and has 10 fixes can now be installed.

Category: security (important)
Bug References: 1172073, 1191731, 1199046, 1204405, 1205756, 1205758, 1205760, 1205762, 1205803, 1206878, 1208600, 1209287, 1209366, 1210629, 1210715, 1210783, 1210791, 1210940, 1211037, 1211089, 1211105, 1211186, 1211519, 1211592, 1211622, 1211796
CVE References: CVE-2022-3566, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-1077, CVE-2023-1380, CVE-2023-2176, CVE-2023-2194, CVE-2023-2483, CVE-2023-2513, CVE-2023-28466, CVE-2023-31084, CVE-2023-31436, CVE-2023-32269
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_41-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.148.1, kernel-obs-build-4.12.14-150100.197.148.1, kernel-source-4.12.14-150100.197.148.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.148.1, kernel-obs-build-4.12.14-150100.197.148.1, kernel-source-4.12.14-150100.197.148.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-syms-4.12.14-150100.197.148.1, kernel-obs-build-4.12.14-150100.197.148.1, kernel-source-4.12.14-150100.197.148.1
SUSE CaaS Platform 4.0 (src): kernel-syms-4.12.14-150100.197.148.1, kernel-obs-build-4.12.14-150100.197.148.1, kernel-source-4.12.14-150100.197.148.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 33 Maintenance Automation 2023-07-04 16:30:16 UTC

SUSE-SU-2023:2782-1: An update that solves 31 vulnerabilities, contains three features and has 70 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1152472, 1152489, 1160435, 1172073, 1189998, 1191731, 1193629, 1194869, 1195655, 1195921, 1203906, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1206024, 1206578, 1207553, 1208050, 1208410, 1208600, 1208604, 1208758, 1209039, 1209287, 1209288, 1209367, 1209856, 1209982, 1210165, 1210294, 1210449, 1210450, 1210498, 1210533, 1210551, 1210647, 1210741, 1210775, 1210783, 1210791, 1210806, 1210940, 1210947, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211205, 1211263, 1211280, 1211281, 1211299, 1211346, 1211387, 1211410, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211796, 1211804, 1211807, 1211808, 1211847, 1211852, 1211855, 1211960, 1212129, 1212154, 1212155, 1212158, 1212350, 1212448, 1212494, 1212504, 1212513, 1212540, 1212561, 1212563, 1212564, 1212584, 1212592
CVE References: CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-1077, CVE-2023-1079, CVE-2023-1249, CVE-2023-1380, CVE-2023-1382, CVE-2023-2002, CVE-2023-21102, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2269, CVE-2023-2483, CVE-2023-2513, CVE-2023-28410, CVE-2023-3006, CVE-2023-30456, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-32233, CVE-2023-33288, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828
Jira References: PED-3692, PED-3931, PED-4022
Sources used:
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_8-1-150400.1.9.2
SUSE Real Time Module 15-SP4 (src): kernel-source-rt-5.14.21-150400.15.37.1, kernel-syms-rt-5.14.21-150400.15.37.1
openSUSE Leap 15.4 (src): kernel-source-rt-5.14.21-150400.15.37.1, kernel-syms-rt-5.14.21-150400.15.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 44 Maintenance Automation 2023-07-10 16:30:13 UTC

SUSE-SU-2023:2804-1: An update that solves 13 vulnerabilities, contains one feature and has 27 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1160435, 1172073, 1174852, 1190317, 1191731, 1199046, 1205758, 1208600, 1208604, 1209039, 1209779, 1210533, 1210791, 1211089, 1211519, 1211796, 1212051, 1212128, 1212129, 1212154, 1212158, 1212164, 1212165, 1212167, 1212170, 1212173, 1212175, 1212185, 1212236, 1212240, 1212244, 1212266, 1212443, 1212501, 1212502, 1212606, 1212701, 1212842, 1212938
CVE References: CVE-2023-1077, CVE-2023-1079, CVE-2023-1249, CVE-2023-1637, CVE-2023-2002, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35824
Jira References: SLE-18857
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-source-rt-4.12.14-10.130.1, kernel-syms-rt-4.12.14-10.130.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 46 Maintenance Automation 2023-07-11 08:37:00 UTC

SUSE-SU-2023:2805-1: An update that solves 38 vulnerabilities and has four fixes can now be installed.

Category: security (important)
Bug References: 1126703, 1204405, 1205756, 1205758, 1205760, 1205762, 1205803, 1206878, 1207036, 1207125, 1207168, 1207795, 1208600, 1208777, 1208837, 1209008, 1209039, 1209052, 1209256, 1209287, 1209289, 1209291, 1209532, 1209549, 1209687, 1209871, 1210329, 1210336, 1210337, 1210498, 1210506, 1210647, 1210715, 1210940, 1211105, 1211186, 1211449, 1212128, 1212129, 1212154, 1212501, 1212842
CVE References: CVE-2017-5753, CVE-2018-20784, CVE-2022-3566, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-0590, CVE-2023-1077, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1380, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2194, CVE-2023-23454, CVE-2023-23455, CVE-2023-2513, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772, CVE-2023-30772, CVE-2023-3090, CVE-2023-3141, CVE-2023-31436, CVE-2023-3159, CVE-2023-3161, CVE-2023-32269, CVE-2023-35824
Sources used:
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): kernel-syms-4.4.121-92.205.1, kernel-source-4.4.121-92.205.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 47 Maintenance Automation 2023-07-11 16:31:33 UTC

SUSE-SU-2023:2809-1: An update that solves 84 vulnerabilities, contains 25 features and has 320 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1185861, 1186449, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198400, 1198438, 1198835, 1199304, 1199701, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204363, 1204662, 1204993, 1205153, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206578, 1206640, 1206649, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207036, 1207050, 1207051, 1207088, 1207125, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207933, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208410, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208601, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208741, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209039, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209291, 1209292, 1209366, 1209367, 1209436, 1209457, 1209504, 1209532, 1209556, 1209600, 1209615, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209780, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210336, 1210337, 1210409, 1210439, 1210449, 1210450, 1210453, 1210454, 1210469, 1210498, 1210506, 1210533, 1210551, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210940, 1210943, 1210947, 1210953, 1210986, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211205, 1211263, 1211280, 1211281, 1211299, 1211346, 1211387, 1211400, 1211410, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211794, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211852, 1211855, 1211960, 1212129, 1212154, 1212155, 1212158, 1212350, 1212405, 1212445, 1212448, 1212494, 1212495, 1212504, 1212513, 1212540, 1212556, 1212561, 1212563, 1212564, 1212584, 1212592, 1212605, 1212606, 1212619, 1212701, 1212741
CVE References: CVE-2020-24588, CVE-2022-2196, CVE-2022-3523, CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0386, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-23454, CVE-2023-23455, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-28466, CVE-2023-28866, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3220, CVE-2023-32233, CVE-2023-33288, CVE-2023-3357, CVE-2023-3358, CVE-2023-33951, CVE-2023-33952, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-1549, PED-3210, PED-3259, PED-3692, PED-370, PED-3750, PED-3759, PED-376, PED-3931, PED-4022, PED-835, SES-1880, SLE-18375, SLE-18377, SLE-18378, SLE-18379, SLE-18383, SLE-18384, SLE-18385, SLE-18978, SLE-18992, SLE-19001, SLE-19253, SLE-19255, SLE-19556
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5-RT_Update_1-1-150500.11.5.1, kernel-syms-rt-5.14.21-150500.13.5.1, kernel-source-rt-5.14.21-150500.13.5.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_1-1-150500.11.5.1
SUSE Real Time Module 15-SP5 (src): kernel-syms-rt-5.14.21-150500.13.5.1, kernel-source-rt-5.14.21-150500.13.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 48 Maintenance Automation 2023-07-11 16:32:46 UTC

SUSE-SU-2023:2808-1: An update that solves 13 vulnerabilities and has 21 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1160435, 1174852, 1190317, 1205758, 1208600, 1208604, 1209039, 1209779, 1210533, 1211519, 1212051, 1212128, 1212129, 1212154, 1212158, 1212164, 1212165, 1212167, 1212170, 1212173, 1212175, 1212185, 1212236, 1212240, 1212244, 1212266, 1212443, 1212501, 1212502, 1212606, 1212701, 1212842, 1212938
CVE References: CVE-2023-1077, CVE-2023-1079, CVE-2023-1249, CVE-2023-1637, CVE-2023-2002, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35824
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-azure-4.12.14-16.139.1, kernel-source-azure-4.12.14-16.139.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-azure-4.12.14-16.139.1, kernel-source-azure-4.12.14-16.139.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-azure-4.12.14-16.139.1, kernel-source-azure-4.12.14-16.139.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 49 Maintenance Automation 2023-07-12 12:30:10 UTC

SUSE-SU-2023:2810-1: An update that solves 13 vulnerabilities, contains one feature and has 22 fixes can now be installed.

Category: security (important)
Bug References: 1160435, 1172073, 1187829, 1191731, 1199046, 1199636, 1200217, 1202353, 1205758, 1207088, 1208600, 1209039, 1209342, 1209739, 1210301, 1210469, 1210533, 1210791, 1211089, 1211203, 1211519, 1211592, 1211622, 1211796, 1212128, 1212129, 1212154, 1212158, 1212494, 1212501, 1212502, 1212504, 1212513, 1212606, 1212842
CVE References: CVE-2023-1077, CVE-2023-1249, CVE-2023-2002, CVE-2023-3090, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35788, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828
Jira References: SLE-18857
Sources used:
SUSE Real Time Module 15-SP3 (src): kernel-syms-rt-5.3.18-150300.135.1, kernel-source-rt-5.3.18-150300.135.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 50 Maintenance Automation 2023-07-13 15:40:21 UTC

SUSE-SU-2023:2820-1: An update that solves 16 vulnerabilities, contains two features and has 34 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1152472, 1152489, 1160435, 1187829, 1189998, 1194869, 1205758, 1208410, 1208600, 1209039, 1209367, 1210335, 1211299, 1211346, 1211387, 1211410, 1211449, 1211796, 1211852, 1212051, 1212129, 1212154, 1212155, 1212158, 1212265, 1212350, 1212448, 1212494, 1212495, 1212504, 1212513, 1212540, 1212561, 1212563, 1212564, 1212584, 1212592, 1212603, 1212605, 1212606, 1212619, 1212701, 1212741, 1212835, 1212838, 1212842, 1212861, 1212869, 1212892
CVE References: CVE-2023-1077, CVE-2023-1249, CVE-2023-1829, CVE-2023-21102, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3161, CVE-2023-3212, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-3931, SLE-19253
Sources used:
Basesystem Module 15-SP4 (src): kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1, kernel-source-5.14.21-150400.24.69.1
Development Tools Module 15-SP4 (src): kernel-syms-5.14.21-150400.24.69.1, kernel-obs-build-5.14.21-150400.24.69.1, kernel-source-5.14.21-150400.24.69.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_14-1-150400.9.3.1
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1
openSUSE Leap 15.4 (src): kernel-obs-build-5.14.21-150400.24.69.1, kernel-source-5.14.21-150400.24.69.1, kernel-syms-5.14.21-150400.24.69.1, kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1, kernel-obs-qa-5.14.21-150400.24.69.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 51 Maintenance Automation 2023-07-14 11:08:26 UTC

SUSE-SU-2023:2822-1: An update that solves 13 vulnerabilities, contains one feature and has 27 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1160435, 1172073, 1174852, 1190317, 1191731, 1199046, 1205758, 1208600, 1208604, 1209039, 1209779, 1210533, 1210791, 1211089, 1211519, 1211796, 1212051, 1212128, 1212129, 1212154, 1212158, 1212164, 1212165, 1212167, 1212170, 1212173, 1212175, 1212185, 1212236, 1212240, 1212244, 1212266, 1212443, 1212501, 1212502, 1212606, 1212701, 1212842, 1212938
CVE References: CVE-2023-1077, CVE-2023-1079, CVE-2023-1249, CVE-2023-1637, CVE-2023-2002, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35824
Jira References: SLE-18857
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_45-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.165.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-4.12.14-122.165.1, kernel-source-4.12.14-122.165.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-4.12.14-122.165.1, kernel-source-4.12.14-122.165.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-4.12.14-122.165.1, kernel-source-4.12.14-122.165.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 52 Maintenance Automation 2023-07-14 13:15:01 UTC

SUSE-SU-2023:2831-1: An update that solves 16 vulnerabilities, contains one feature and has 33 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1152472, 1152489, 1160435, 1187829, 1189998, 1194869, 1205758, 1208410, 1208600, 1209039, 1209367, 1210335, 1211299, 1211346, 1211387, 1211410, 1211796, 1211852, 1212051, 1212129, 1212154, 1212155, 1212158, 1212265, 1212350, 1212448, 1212494, 1212495, 1212504, 1212513, 1212540, 1212561, 1212563, 1212564, 1212584, 1212592, 1212603, 1212605, 1212606, 1212619, 1212701, 1212741, 1212835, 1212838, 1212842, 1212861, 1212869, 1212892
CVE References: CVE-2023-1077, CVE-2023-1249, CVE-2023-1829, CVE-2023-21102, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3161, CVE-2023-3212, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-3931
Sources used:
openSUSE Leap 15.4 (src): kernel-source-azure-5.14.21-150400.14.55.1, kernel-syms-azure-5.14.21-150400.14.55.1
Public Cloud Module 15-SP4 (src): kernel-source-azure-5.14.21-150400.14.55.1, kernel-syms-azure-5.14.21-150400.14.55.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 53 Maintenance Automation 2023-07-14 21:42:43 UTC

SUSE-SU-2023:2834-1: An update that solves 13 vulnerabilities and has six fixes can now be installed.

Category: security (important)
Bug References: 1160435, 1187829, 1205758, 1208600, 1209039, 1210533, 1211449, 1211519, 1212128, 1212129, 1212154, 1212158, 1212494, 1212501, 1212502, 1212504, 1212513, 1212606, 1212842
CVE References: CVE-2023-1077, CVE-2023-1249, CVE-2023-2002, CVE-2023-3090, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35788, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_38-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.157.1, kernel-source-5.3.18-150200.24.157.1, kernel-default-base-5.3.18-150200.24.157.1.150200.9.77.1, kernel-syms-5.3.18-150200.24.157.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.157.1, kernel-source-5.3.18-150200.24.157.1, kernel-default-base-5.3.18-150200.24.157.1.150200.9.77.1, kernel-syms-5.3.18-150200.24.157.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.157.1, kernel-source-5.3.18-150200.24.157.1, kernel-default-base-5.3.18-150200.24.157.1.150200.9.77.1, kernel-syms-5.3.18-150200.24.157.1
SUSE Enterprise Storage 7 (src): kernel-obs-build-5.3.18-150200.24.157.1, kernel-source-5.3.18-150200.24.157.1, kernel-default-base-5.3.18-150200.24.157.1.150200.9.77.1, kernel-syms-5.3.18-150200.24.157.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 54 Maintenance Automation 2023-07-17 16:37:55 UTC

SUSE-SU-2023:2859-1: An update that solves 13 vulnerabilities and has 13 fixes can now be installed.

Category: security (important)
Bug References: 1160435, 1172073, 1187829, 1191731, 1199046, 1200217, 1205758, 1208600, 1209039, 1209342, 1210533, 1210791, 1211089, 1211519, 1211796, 1212128, 1212129, 1212154, 1212158, 1212494, 1212501, 1212502, 1212504, 1212513, 1212606, 1212842
CVE References: CVE-2023-1077, CVE-2023-1249, CVE-2023-2002, CVE-2023-3090, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35788, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828
Sources used:
SUSE Manager Server 4.2 (src): kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1, kernel-source-5.3.18-150300.59.127.1
SUSE Enterprise Storage 7.1 (src): kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1, kernel-syms-5.3.18-150300.59.127.1, kernel-source-5.3.18-150300.59.127.1, kernel-obs-build-5.3.18-150300.59.127.1
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_34-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1, kernel-syms-5.3.18-150300.59.127.1, kernel-source-5.3.18-150300.59.127.1, kernel-obs-build-5.3.18-150300.59.127.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1, kernel-syms-5.3.18-150300.59.127.1, kernel-source-5.3.18-150300.59.127.1, kernel-obs-build-5.3.18-150300.59.127.1
SUSE Linux Enterprise Real Time 15 SP3 (src): kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1, kernel-syms-5.3.18-150300.59.127.1, kernel-source-5.3.18-150300.59.127.1, kernel-obs-build-5.3.18-150300.59.127.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1, kernel-syms-5.3.18-150300.59.127.1, kernel-source-5.3.18-150300.59.127.1, kernel-obs-build-5.3.18-150300.59.127.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1, kernel-syms-5.3.18-150300.59.127.1, kernel-source-5.3.18-150300.59.127.1, kernel-obs-build-5.3.18-150300.59.127.1
SUSE Manager Proxy 4.2 (src): kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1, kernel-source-5.3.18-150300.59.127.1
SUSE Manager Retail Branch Server 4.2 (src): kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1, kernel-source-5.3.18-150300.59.127.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 55 Maintenance Automation 2023-07-18 16:32:06 UTC

SUSE-SU-2023:2871-1: An update that solves 82 vulnerabilities, contains 25 features and has 390 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1186449, 1187829, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198400, 1198438, 1198835, 1199304, 1199701, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204363, 1204662, 1204993, 1205153, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206552, 1206578, 1206640, 1206649, 1206677, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207036, 1207050, 1207051, 1207088, 1207125, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207933, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208410, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208601, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208741, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209039, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209291, 1209292, 1209366, 1209367, 1209436, 1209457, 1209504, 1209532, 1209556, 1209600, 1209615, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209780, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210335, 1210336, 1210337, 1210409, 1210439, 1210449, 1210450, 1210453, 1210454, 1210498, 1210506, 1210533, 1210551, 1210565, 1210584, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210853, 1210940, 1210943, 1210947, 1210953, 1210986, 1211014, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211205, 1211263, 1211280, 1211281, 1211299, 1211346, 1211387, 1211400, 1211410, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211794, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211852, 1211855, 1211960, 1212051, 1212129, 1212154, 1212155, 1212158, 1212265, 1212350, 1212445, 1212448, 1212456, 1212494, 1212495, 1212504, 1212513, 1212540, 1212556, 1212561, 1212563, 1212564, 1212584, 1212592, 1212603, 1212605, 1212606, 1212619, 1212685, 1212701, 1212741, 1212835, 1212838, 1212842, 1212848, 1212861, 1212869, 1212892, 1212961, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213116, 1213134
CVE References: CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1829, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-2430, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-28866, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-3090, CVE-2023-31084, CVE-2023-3111, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3220, CVE-2023-32233, CVE-2023-33288, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-33951, CVE-2023-33952, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-1549, PED-3210, PED-3259, PED-3692, PED-370, PED-3750, PED-3759, PED-376, PED-3931, PED-4022, PED-835, SES-1880, SLE-18375, SLE-18377, SLE-18378, SLE-18379, SLE-18383, SLE-18384, SLE-18385, SLE-18978, SLE-18992, SLE-19001, SLE-19253, SLE-19255, SLE-19556
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5_Update_1-1-150500.11.7.1, kernel-syms-5.14.21-150500.55.7.1, kernel-obs-qa-5.14.21-150500.55.7.1, kernel-obs-build-5.14.21-150500.55.7.1, kernel-source-5.14.21-150500.55.7.1, kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5
Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.7.1, kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5
Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.7.1, kernel-syms-5.14.21-150500.55.7.1, kernel-obs-build-5.14.21-150500.55.7.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_1-1-150500.11.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 73 Maintenance Automation 2023-10-10 16:35:45 UTC

SUSE-SU-2023:4028-1: An update that solves eight vulnerabilities and contains one feature can now be installed.

Category: security (important)
Bug References: 1208600, 1208995, 1210448, 1213666, 1213927, 1214348, 1214451, 1215115
CVE References: CVE-2023-1077, CVE-2023-1192, CVE-2023-2007, CVE-2023-20588, CVE-2023-3772, CVE-2023-4385, CVE-2023-4459, CVE-2023-4623
Jira References: PED-4579
Sources used:
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (src): kernel-syms-3.0.101-108.147.1, kernel-source-3.0.101-108.147.1
SUSE Linux Enterprise Server 11 SP4 (src): kernel-syms-3.0.101-108.147.1, kernel-source-3.0.101-108.147.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 74 Roy Hopkins 2023-10-12 07:30:48 UTC

I continued my investigation into this by examining the scenarios that could
potentially cause the error condition. I have concluded that it does not seem
possible to trigger the conditions to cause an invalid pointer to be returned.
As I said in my previous comment, this would require a breaking of the
synchronisation between `(rt_prio_array *)array->bitmap` and the corresponding
priority queues, which can only be caused by changing the content of the queues
without regard to the bitmap. The only time this happens is when a task yields
after a change in priority in the `rt` structure.

The priority inside the task structure is only changed as part of a change in
scheduler policy or the nice value in `kernel/sched/core.c`. In all cases the
changes to the are preceded by dequeuing the task if it is current queued (or
switching tasks if running) then re-adding the task to the queue. This
effectively calls `__delist_rt_entity()` and `__enqueue_rt_entity()` outlined in
2. and 3. in my comment above which correctly updates the state of the bitmap.

Therefore, although the patch fixes a potential vulnerability that can be caused
by a future regression over changes to the priority queuing, I cannot see how
it is possible to trigger the vulnerability with the current codebase.

Comment 75 Michal Hocko 2023-10-12 07:41:58 UTC

Thanks a lot Roy for you analysis. This sounds like a good argument to dispute the CVE. As you have said the fix is reasonable and it makes sense regardless of no security consequences but the CVE assigned seems inappropriate. Security team, would you be willing to start dispute process? Roy are you ok to use your reasoning to back that claim?

Comment 76 Roy Hopkins 2023-10-12 11:13:00 UTC

> Roy are you ok to use your reasoning to back that claim?

Yes I'm happy to use it to back the claim.

Comment 77 Maintenance Automation 2024-02-27 12:01:04 UTC

SUSE-SU-2023:2646-1: An update that solves 69 vulnerabilities, contains six features and has 292 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1186449, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198438, 1198835, 1199304, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204662, 1204993, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206552, 1206578, 1206640, 1206649, 1206677, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207050, 1207088, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209292, 1209367, 1209457, 1209504, 1209532, 1209556, 1209600, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210336, 1210409, 1210439, 1210449, 1210450, 1210469, 1210498, 1210506, 1210533, 1210551, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210940, 1210943, 1210947, 1210953, 1210986, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211140, 1211205, 1211263, 1211280, 1211281, 1211299, 1211387, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211855, 1211960, 1212129, 1212154, 1212155, 1212158
CVE References: CVE-2022-2196, CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1380, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-32233, CVE-2023-33288, CVE-2023-33951, CVE-2023-33952
Jira References: PED-3210, PED-3259, PED-3692, PED-3750, PED-3759, PED-4022
Sources used:
openSUSE Leap 15.5 (src): kernel-source-azure-5.14.21-150500.33.3.1, kernel-syms-azure-5.14.21-150500.33.3.1
Public Cloud Module 15-SP5 (src): kernel-source-azure-5.14.21-150500.33.3.1, kernel-syms-azure-5.14.21-150500.33.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 81 Robert Frohl 2024-05-06 08:19:29 UTC

done, closing