1175232 – (ZDI-CAN-11564) VUL-0: kernel-source: DRM Memory Management Double Free Privilege Escalation Vulnerability (ZDI-CAN-11564)

Bug 1175232 (ZDI-CAN-11564) - VUL-0: kernel-source: DRM Memory Management Double Free Privilege Escalation Vulnerability (ZDI-CAN-11564)

Summary: VUL-0: kernel-source: DRM Memory Management Double Free Privilege Escalation ...

Status:	RESOLVED FIXED

Alias:	ZDI-CAN-11564

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/265259/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-08-13 14:24 UTC by Robert Frohl
Modified:	2024-06-25 15:06 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 8 Wolfgang Frisch 2020-08-19 19:22:31 UTC

via oss-sec:
Subject: Linux Kernel 5.7.9 DRM Double Free

The specific flaw exists within DRM memory management. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

This has been already addressed in the upstream commit 5de5b6ecf97a021f29403aa272cb4e03318ef586

>Note, this "vulnerability" was only accessible by root, so there's not
>all that many privileges that could really be escalated there.  Don't
>know why the original poster did not say that here, as they
>acknowledged it in the "bug report" they sent many of us.

>It was already "addressed" before this problem was pointed out to
>anyone, so this was not fixed in relation to this being reported.
>
>Also, the fix is now in the 4.19.140, 5.4.59, 5.7.16, 5.8.2 kernel
>releases for those that care.
>
>And finally, it was pointed out that any kernel running with the
>CONFIG_SLAB_FREELIST_HARDENED=y option would not have any problems with
>this issue before it was fixed.

Comment 9 Takashi Iwai 2020-08-20 07:21:24 UTC

The bug seems relevant only with SLE15-SP2 and newer, and the fix is already included.  Also SLE15-SP2 enables CONFIG_SLAB_FREELIST_HARDENED.
I'll update the patch reference tag to point this bug number, and that's all.

Reassigned back to security team.

Comment 12 OBSbugzilla Bot 2020-08-30 21:32:11 UTC

This is an autogenerated message for OBS integration:
This bug (1175232) was mentioned in
https://build.opensuse.org/request/show/830611 15.2 / kernel-source

Comment 14 OBSbugzilla Bot 2020-09-01 14:15:34 UTC

This is an autogenerated message for OBS integration:
This bug (1175232) was mentioned in
https://build.opensuse.org/request/show/831128 15.1 / kernel-source

Comment 16 Swamp Workflow Management 2020-09-02 19:23:48 UTC

openSUSE-SU-2020:1325-1: An update that solves 6 vulnerabilities and has 107 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1071995,1083548,1085030,1085308,1087082,1111666,1112178,1113956,1133021,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171688,1172073,1172108,1172418,1172428,1172783,1172871,1172872,1172873,1172963,1173485,1173798,1173954,1174003,1174026,1174205,1174387,1174484,1174547,1174550,1174625,1174689,1174699,1174734,1174771,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873
CVE References: CVE-2018-3639,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.63.1, kernel-default-4.12.14-lp151.28.63.1, kernel-docs-4.12.14-lp151.28.63.1, kernel-kvmsmall-4.12.14-lp151.28.63.1, kernel-obs-build-4.12.14-lp151.28.63.1, kernel-obs-qa-4.12.14-lp151.28.63.1, kernel-source-4.12.14-lp151.28.63.1, kernel-syms-4.12.14-lp151.28.63.1, kernel-vanilla-4.12.14-lp151.28.63.1

Comment 17 Swamp Workflow Management 2020-09-03 19:24:18 UTC

SUSE-SU-2020:2485-1: An update that solves three vulnerabilities and has 112 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1071995,1085030,1120163,1133021,1149032,1152472,1152489,1154353,1154492,1155518,1156395,1159058,1160634,1167773,1169790,1171634,1171688,1172108,1172197,1172247,1172418,1172871,1172963,1173468,1173485,1173798,1173813,1173954,1174002,1174003,1174026,1174387,1174484,1174625,1174645,1174689,1174699,1174737,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175493,1175546,1175550,1175654,1175691,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175834,1175873
CVE References: CVE-2020-14314,CVE-2020-14356,CVE-2020-16166
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.15.1, kernel-source-azure-5.3.18-18.15.1, kernel-syms-azure-5.3.18-18.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2020-09-03 22:22:39 UTC

SUSE-SU-2020:2486-1: An update that solves four vulnerabilities and has 116 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1071995,1085030,1120163,1133021,1149032,1152472,1152489,1153274,1154353,1154488,1154492,1155518,1156395,1159058,1160634,1167773,1169790,1171634,1171688,1172108,1172197,1172247,1172418,1172871,1172963,1173468,1173485,1173798,1173813,1173954,1174002,1174003,1174026,1174205,1174247,1174362,1174387,1174484,1174625,1174645,1174689,1174699,1174737,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175493,1175546,1175550,1175654,1175691,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175834,1175873
CVE References: CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-16166
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.12.1, kernel-livepatch-SLE15-SP2_Update_2-1-5.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Swamp Workflow Management 2020-09-03 22:34:53 UTC

SUSE-SU-2020:2486-1: An update that solves four vulnerabilities and has 116 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1071995,1085030,1120163,1133021,1149032,1152472,1152489,1153274,1154353,1154488,1154492,1155518,1156395,1159058,1160634,1167773,1169790,1171634,1171688,1172108,1172197,1172247,1172418,1172871,1172963,1173468,1173485,1173798,1173813,1173954,1174002,1174003,1174026,1174205,1174247,1174362,1174387,1174484,1174625,1174645,1174689,1174699,1174737,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175493,1175546,1175550,1175654,1175691,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175834,1175873
CVE References: CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-16166
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.12.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.12.1, kernel-livepatch-SLE15-SP2_Update_2-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.12.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.12.1, kernel-obs-build-5.3.18-24.12.1, kernel-preempt-5.3.18-24.12.1, kernel-source-5.3.18-24.12.1, kernel-syms-5.3.18-24.12.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.12.1, kernel-default-base-5.3.18-24.12.1.9.4.1, kernel-preempt-5.3.18-24.12.1, kernel-source-5.3.18-24.12.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 OBSbugzilla Bot 2020-09-04 07:02:15 UTC

This is an autogenerated message for OBS integration:
This bug (1175232) was mentioned in
https://build.opensuse.org/request/show/832013 15.2 / kernel-source

Comment 22 Swamp Workflow Management 2020-09-04 19:27:14 UTC

SUSE-SU-2020:2541-1: An update that solves 7 vulnerabilities and has 130 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1071995,1074701,1083548,1085030,1085235,1085308,1087078,1087082,1094912,1100394,1102640,1105412,1111666,1112178,1113956,1120163,1133021,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171688,1171988,1172073,1172108,1172247,1172418,1172428,1172781,1172782,1172783,1172871,1172872,1172873,1172963,1173485,1173798,1173954,1174003,1174026,1174070,1174161,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174887,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873
CVE References: CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.41.1, kernel-source-azure-4.12.14-8.41.1, kernel-syms-azure-4.12.14-8.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Swamp Workflow Management 2020-09-04 19:46:40 UTC

SUSE-SU-2020:2540-1: An update that solves 7 vulnerabilities and has 129 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1071995,1074701,1083548,1085030,1085235,1085308,1087078,1087082,1094912,1100394,1102640,1105412,1111666,1112178,1113956,1120163,1133021,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171688,1172073,1172108,1172247,1172418,1172428,1172781,1172782,1172783,1172871,1172872,1172873,1172963,1173485,1173798,1173954,1174003,1174026,1174070,1174161,1174205,1174247,1174387,1174484,1174547,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174887,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873
CVE References: CVE-2018-3639,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.25.1, kernel-source-azure-4.12.14-16.25.1, kernel-syms-azure-4.12.14-16.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2020-09-08 13:20:39 UTC

openSUSE-SU-2020:1382-1: An update that solves two vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1065729,1071995,1085030,1133021,1154492,1156395,1159058,1160634,1169790,1171634,1171688,1172108,1172418,1172871,1173485,1173798,1174003,1174026,1174387,1174699,1174771,1174777,1174800,1175128,1175199,1175232,1175440,1175493,1175546,1175550,1175654,1175691,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175834,1175873,1176069
CVE References: CVE-2020-14314,CVE-2020-14386
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.41.1, kernel-default-5.3.18-lp152.41.1, kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2, kernel-docs-5.3.18-lp152.41.1, kernel-kvmsmall-5.3.18-lp152.41.1, kernel-obs-build-5.3.18-lp152.41.1, kernel-obs-qa-5.3.18-lp152.41.1, kernel-preempt-5.3.18-lp152.41.1, kernel-source-5.3.18-lp152.41.1, kernel-syms-5.3.18-lp152.41.1

Comment 26 Swamp Workflow Management 2020-09-08 19:23:57 UTC

SUSE-SU-2020:2574-1: An update that solves 7 vulnerabilities and has 131 fixes is now available.

Category: security (important)
Bug References: 1058115,1065600,1065729,1071995,1074701,1083548,1085030,1085235,1085308,1087078,1087082,1094912,1100394,1102640,1105412,1111666,1112178,1113956,1120163,1133021,1136666,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171558,1171688,1172073,1172108,1172247,1172418,1172428,1172871,1172872,1172873,1172963,1173060,1173485,1173798,1173954,1174003,1174026,1174070,1174161,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175691,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873,1176069
CVE References: CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.37.1, kgraft-patch-SLE12-SP5_Update_9-1-8.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2020-09-08 19:38:18 UTC

SUSE-SU-2020:2574-1: An update that solves 7 vulnerabilities and has 131 fixes is now available.

Category: security (important)
Bug References: 1058115,1065600,1065729,1071995,1074701,1083548,1085030,1085235,1085308,1087078,1087082,1094912,1100394,1102640,1105412,1111666,1112178,1113956,1120163,1133021,1136666,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171558,1171688,1172073,1172108,1172247,1172418,1172428,1172871,1172872,1172873,1172963,1173060,1173485,1173798,1173954,1174003,1174026,1174070,1174161,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175691,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873,1176069
CVE References: CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.37.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.37.1, kernel-obs-build-4.12.14-122.37.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.37.1, kernel-source-4.12.14-122.37.1, kernel-syms-4.12.14-122.37.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.37.1, kgraft-patch-SLE12-SP5_Update_9-1-8.5.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2020-09-09 10:27:54 UTC

SUSE-SU-2020:2575-1: An update that solves 8 vulnerabilities and has 121 fixes is now available.

Category: security (important)
Bug References: 1058115,1065600,1065729,1071995,1083548,1085030,1111666,1112178,1113956,1120163,1133021,1136666,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171558,1171688,1171988,1172073,1172108,1172247,1172418,1172428,1172871,1172872,1172873,1172963,1173060,1173485,1173798,1173954,1174003,1174026,1174070,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175691,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873,1176069
CVE References: CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.56.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.56.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.56.1, kernel-obs-build-4.12.14-197.56.1, kernel-source-4.12.14-197.56.1, kernel-syms-4.12.14-197.56.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.56.1, kernel-source-4.12.14-197.56.1, kernel-zfcpdump-4.12.14-197.56.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Swamp Workflow Management 2020-09-09 11:09:46 UTC

SUSE-SU-2020:2575-1: An update that solves 8 vulnerabilities and has 121 fixes is now available.

Category: security (important)
Bug References: 1058115,1065600,1065729,1071995,1083548,1085030,1111666,1112178,1113956,1120163,1133021,1136666,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171558,1171688,1171988,1172073,1172108,1172247,1172418,1172428,1172871,1172872,1172873,1172963,1173060,1173485,1173798,1173954,1174003,1174026,1174070,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175691,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873,1176069
CVE References: CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.56.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.56.1, kernel-livepatch-SLE15-SP1_Update_15-1-3.3.2
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.56.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.56.1, kernel-obs-build-4.12.14-197.56.1, kernel-source-4.12.14-197.56.1, kernel-syms-4.12.14-197.56.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.56.1, kernel-source-4.12.14-197.56.1, kernel-zfcpdump-4.12.14-197.56.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Swamp Workflow Management 2020-09-11 10:25:28 UTC

SUSE-SU-2020:2605-1: An update that solves 8 vulnerabilities and has 122 fixes is now available.

Category: security (important)
Bug References: 1065729,1071995,1074701,1083548,1085030,1085235,1085308,1087078,1087082,1094912,1100394,1102640,1105412,1111666,1112178,1113956,1120163,1133021,1144333,1171988,1172108,1172247,1172418,1172428,1172781,1172782,1172783,1172871,1172872,1172963,1173485,1173798,1173954,1174026,1174070,1174161,1174205,1174247,1174343,1174356,1174387,1174409,1174438,1174462,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174887,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175518,1175526,1175550,1175654,1175666,1175668,1175669,1175670,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175992
CVE References: CVE-2018-3639,CVE-2020-0305,CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-16166,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.16.1, kernel-rt_debug-4.12.14-10.16.1, kernel-source-rt-4.12.14-10.16.1, kernel-syms-rt-4.12.14-10.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Swamp Workflow Management 2020-09-14 22:23:56 UTC

SUSE-SU-2020:2631-1: An update that solves 5 vulnerabilities and has 124 fixes is now available.

Category: security (important)
Bug References: 1065729,1071995,1074701,1083548,1085030,1085235,1085308,1087078,1100394,1102640,1105412,1111666,1112178,1113956,1120163,1133021,1144333,1169790,1171688,1172108,1172247,1172418,1172428,1172781,1172782,1172783,1172871,1172872,1172963,1173485,1173798,1173954,1174003,1174026,1174070,1174161,1174205,1174247,1174298,1174299,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174887,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175668,1175669,1175670,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873,1175992
CVE References: CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-16166,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.31.1, kernel-rt_debug-4.12.14-14.31.1, kernel-source-rt-4.12.14-14.31.1, kernel-syms-rt-4.12.14-14.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 33 Alexandros Toptsoglou 2020-10-27 15:22:47 UTC

DONE

Comment 35 Swamp Workflow Management 2021-02-05 21:13:07 UTC

openSUSE-SU-2021:0242-1: An update that solves 79 vulnerabilities and has 676 fixes is now available.

Category: security (moderate)
Bug References: 1034995,1040855,1043347,1044120,1044767,1055014,1055117,1055186,1058115,1061843,1065600,1065729,1066382,1071995,1077428,1085030,1094244,1094840,1109695,1115431,1120163,1129923,1133021,1134760,1136666,1138374,1139944,1148868,1149032,1152148,1152457,1152472,1152489,1153274,1154353,1154488,1154492,1154824,1155518,1155798,1156315,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158775,1158983,1159058,1159781,1159867,1159886,1160388,1160634,1160947,1161099,1161495,1162002,1162063,1162209,1162400,1162702,1163592,1163727,1164648,1164777,1164780,1165211,1165455,1165629,1165692,1165933,1165975,1166146,1166166,1166340,1166965,1166985,1167030,1167104,1167527,1167651,1167657,1167773,1167851,1168230,1168461,1168468,1168779,1168838,1168952,1168959,1169021,1169094,1169194,1169263,1169514,1169681,1169763,1169771,1169790,1169795,1170011,1170139,1170232,1170284,1170415,1170442,1170617,1170621,1170774,1170879,1170891,1170895,1171000,1171068,1171073,1171078,1171117,1171150,1171156,1171189,1171191,1171218,1171219,1171220,1171236,1171242,1171246,1171285,1171293,1171374,1171390,1171391,1171392,1171417,1171426,1171507,1171513,1171514,1171529,1171530,1171558,1171634,1171644,1171662,1171675,1171688,1171699,1171709,1171730,1171732,1171736,1171739,1171742,1171743,1171759,1171773,1171774,1171775,1171776,1171777,1171778,1171779,1171780,1171781,1171782,1171783,1171784,1171785,1171786,1171787,1171788,1171789,1171790,1171791,1171792,1171793,1171794,1171795,1171796,1171797,1171798,1171799,1171810,1171827,1171828,1171832,1171833,1171834,1171835,1171839,1171840,1171841,1171842,1171843,1171844,1171849,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172108,1172145,1172169,1172170,1172197,1172201,1172208,1172223,1172247,1172317,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172418,1172419,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172733,1172739,1172751,1172757,1172759,1172775,1172781,1172782,1172783,1172814,1172823,1172841,1172871,1172873,1172938,1172939,1172940,1172956,1172963,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173017,1173068,1173074,1173085,1173115,1173139,1173206,1173267,1173271,1173280,1173284,1173428,1173438,1173461,1173468,1173485,1173514,1173552,1173573,1173625,1173746,1173776,1173798,1173813,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1173954,1174002,1174003,1174018,1174026,1174029,1174072,1174098,1174110,1174111,1174116,1174126,1174127,1174128,1174129,1174146,1174185,1174205,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174358,1174362,1174387,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174484,1174486,1174513,1174527,1174625,1174627,1174645,1174689,1174699,1174737,1174748,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174899,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175079,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175306,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175480,1175493,1175546,1175550,1175599,1175621,1175654,1175667,1175691,1175718,1175721,1175749,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175787,1175807,1175834,1175873,1175882,1175898,1175918,1175952,1175995,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176069,1176109,1176137,1176180,1176200,1176235,1176236,1176237,1176242,1176354,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176396,1176400,1176423,1176449,1176481,1176485,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176543,1176544,1176545,1176546,1176548,1176558,1176559,1176564,1176586,1176587,1176588,1176659,1176698,1176699,1176700,1176713,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176855,1176869,1176877,1176907,1176925,1176942,1176956,1176962,1176979,1176980,1176983,1176990,1177021,1177030,1177066,1177070,1177086,1177090,1177109,1177121,1177193,1177194,1177206,1177258,1177271,1177281,1177283,1177284,1177285,1177286,1177297,1177326,1177353,1177384,1177397,1177410,1177411,1177470,1177500,1177511,1177617,1177666,1177679,1177681,1177683,1177687,1177694,1177697,1177698,1177703,1177719,1177724,1177725,1177726,1177733,1177739,1177749,1177750,1177754,1177755,1177765,1177766,1177799,1177801,1177814,1177817,1177820,1177854,1177855,1177856,1177861,1178002,1178049,1178079,1178123,1178166,1178173,1178175,1178176,1178177,1178182,1178183,1178184,1178185,1178186,1178190,1178191,1178203,1178227,1178246,1178255,1178270,1178286,1178307,1178330,1178393,1178395,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178590,1178612,1178634,1178635,1178653,1178659,1178660,1178661,1178669,1178686,1178740,1178755,1178756,1178762,1178780,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179204,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179434,1179435,1179442,1179519,1179550,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179887,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180349,1180506,1180541,1180559,1180566,173030,744692,789311,954532,995541
CVE References: CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0110,CVE-2020-0305,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-0543,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-11668,CVE-2020-12351,CVE-2020-12352,CVE-2020-12652,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14314,CVE-2020-14331,CVE-2020-14351,CVE-2020-14356,CVE-2020-14385,CVE-2020-14386,CVE-2020-14390,CVE-2020-14416,CVE-2020-15393,CVE-2020-15436,CVE-2020-15437,CVE-2020-15780,CVE-2020-16120,CVE-2020-16166,CVE-2020-1749,CVE-2020-24490,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29370,CVE-2020-29371,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2020-8694
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-rt-5.3.18-lp152.3.5.1, kernel-rt_debug-5.3.18-lp152.3.5.1, kernel-source-rt-5.3.18-lp152.3.5.1, kernel-syms-rt-5.3.18-lp152.3.5.1