Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-3702 (GCVE-0-2020-3702)
Vulnerability from cvelistv5 – Published: 2020-09-08 09:31 – Updated: 2024-08-04 07:44
VLAI
EPSS
Summary
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
Severity
No CVSS data available.
CWE
- Cryptographic Issues in WIFI driver(Krook)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
| https://www.arista.com/en/support/advisories-noti… | x_refsource_CONFIRM |
| https://www.debian.org/security/2021/dsa-4978 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
Affected:
APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:44:50.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58"
},
{
"name": "DSA-4978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cryptographic Issues in WIFI driver(Krook)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T00:06:47.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58"
},
{
"name": "DSA-4978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-3702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptographic Issues in WIFI driver(Krook)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58",
"refsource": "CONFIRM",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58"
},
{
"name": "DSA-4978",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-3702",
"datePublished": "2020-09-08T09:31:47.000Z",
"dateReserved": "2019-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:44:50.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-3702",
"date": "2026-05-28",
"epss": "0.00297",
"percentile": "0.53233"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-3702\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2020-09-08T10:15:16.340\",\"lastModified\":\"2024-11-21T05:31:36.317\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150\"},{\"lang\":\"es\",\"value\":\"Un tr\u00e1fico espec\u00edficamente sincronizado y dise\u00f1ado puede causar errores internos en un dispositivo WLAN que conllevan a un cifrado inapropiado del Wi-Fi de capa 2 con la consiguiente posibilidad de divulgaci\u00f3n de informaci\u00f3n sobre el aire para un conjunto discreto de tr\u00e1fico en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026amp; Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking versiones APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":3.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B052615D-857A-46D4-9098-1CBFA14687C6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19B59B60-A298-4A56-A45A-E34B7AAB43D7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94CB547F-0078-47CD-B511-06DE96882D5A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA679375-BB14-4B24-8AD9-B2BFBACE2FDB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A1CC1C1-F2CA-4C43-B9E9-1288C3496C7B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC82552A-9E7C-4A13-B7A5-43CEA218675C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE28A59C-7AA6-4B85-84E8-07852B96108E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DEE828B-09A7-4AC1-8134-491A7C87C118\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CA1E7B0-782B-4757-B118-802943798984\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95CB08EC-AE12-4A54-AA3C-998F01FC8763\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E71452E6-551F-4E93-9951-2582C60BDFCE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca9531:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D69FB0E-FDFF-42B8-ADAD-797B7C91E979\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn5502_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D33E62D2-931E-465C-BC8E-71FB36CF6E36\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn5502:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"254F1AB0-C21A-41A6-9B9B-ED074A4C9EBD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36F5A18B-8C9E-4A38-B994-E3E2696BB83D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B703667D-DE09-40AF-BA44-E0E56252A790\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0CE1B23-6FE3-41C4-B264-C7A9E8BDBEC1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"794BA13C-3C63-4695-AA45-676F85D904BE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ABE492A-3755-4969-9DEB-4B85EBB84644\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3D3787B-6ACC-4591-B041-01307ED66C36\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F63A748F-2236-4486-83F1-DE4BCBE5D56D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"184F3DFC-27E8-48AC-B46C-C589DBCBF030\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arista:access_point:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.8.3-12\",\"matchCriteriaId\":\"5B3CF23B-9C45-4B3F-B077-02CC699A1DC5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arista:av2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74E5E321-2714-46FF-8F3F-4958EE7B3A5E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EE26D5A-486B-48F3-9C1C-4EE3FD8F0234\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arista:c75-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E2ACBF3-F2B2-414E-92AE-20E4E80636B5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41F9E4B2-63FC-4F53-9C12-7478B7B6AD48\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arista:o90e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CBAB8F1-1F56-4695-8F86-9AA994C4A6C0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F03BB48-C89A-41F6-99DE-12FF95DCD9F2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4978\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4978\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2022-AVI-100
Vulnerability from certfr_avis - Published: 2022-02-02 - Updated: 2022-02-02
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4154"
},
{
"name": "CVE-2020-25672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25672"
},
{
"name": "CVE-2020-3702",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3702"
},
{
"name": "CVE-2018-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25020"
},
{
"name": "CVE-2022-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
},
{
"name": "CVE-2020-25671",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25671"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2020-25670",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25670"
},
{
"name": "CVE-2021-23134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23134"
},
{
"name": "CVE-2021-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
},
{
"name": "CVE-2020-25673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25673"
}
],
"initial_release_date": "2022-02-02T00:00:00",
"last_revision_date": "2022-02-02T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-100",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220254-1 du 01 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220254-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220257-1 du 01 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220257-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220262-1 du 01 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220262-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220263-1 du 01 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220263-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220270-1 du 01 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220270-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220241-1 du 01 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220241-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220267-1 du 01 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220267-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220255-1 du 01 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220255-1/"
}
]
}
CERTFR-2022-AVI-108
Vulnerability from certfr_avis - Published: 2022-02-04 - Updated: 2022-02-04
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.0 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.0",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4154"
},
{
"name": "CVE-2021-45485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
},
{
"name": "CVE-2020-25672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25672"
},
{
"name": "CVE-2021-4202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4202"
},
{
"name": "CVE-2020-3702",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3702"
},
{
"name": "CVE-2018-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25020"
},
{
"name": "CVE-2021-4135",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4135"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"name": "CVE-2022-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
},
{
"name": "CVE-2021-44733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
},
{
"name": "CVE-2021-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46283"
},
{
"name": "CVE-2022-0322",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0322"
},
{
"name": "CVE-2020-25671",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25671"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2021-4149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4149"
},
{
"name": "CVE-2020-25670",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25670"
},
{
"name": "CVE-2021-23134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23134"
},
{
"name": "CVE-2021-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
},
{
"name": "CVE-2021-4197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
},
{
"name": "CVE-2020-25673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25673"
}
],
"initial_release_date": "2022-02-04T00:00:00",
"last_revision_date": "2022-02-04T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-108",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220289-1 du 02 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220288-1 du 02 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220288-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220293-1 du 02 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220293-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220291-1 du 02 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220295-1 du 02 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220295-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220292-1 du 02 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220292-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220296-1 du 02 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220296-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220298-1 du 02 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220298-1/"
}
]
}
CERTFR-2022-AVI-114
Vulnerability from certfr_avis - Published: 2022-02-07 - Updated: 2022-02-07
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP3 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-25672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25672"
},
{
"name": "CVE-2020-3702",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3702"
},
{
"name": "CVE-2018-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25020"
},
{
"name": "CVE-2020-25671",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25671"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2020-25670",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25670"
},
{
"name": "CVE-2021-23134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23134"
},
{
"name": "CVE-2019-0136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0136"
},
{
"name": "CVE-2020-25673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25673"
}
],
"initial_release_date": "2022-02-07T00:00:00",
"last_revision_date": "2022-02-07T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-114",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:0325-1 du 04 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220325-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:0329-1 du 04 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220329-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:0328-1 du 04 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220328-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:0327-1 du 04 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220327-1/"
}
]
}
CERTFR-2022-AVI-299
Vulnerability from certfr_avis - Published: 2022-04-01 - Updated: 2022-04-01
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 21.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-42327",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42327"
},
{
"name": "CVE-2020-3702",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3702"
},
{
"name": "CVE-2021-31916",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31916"
},
{
"name": "CVE-2022-27666",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27666"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2022-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2022-0516",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0516"
},
{
"name": "CVE-2021-37159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37159"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2021-4090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4090"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2022-25636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25636"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2021-43976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2022-23960",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23960"
},
{
"name": "CVE-2022-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0001"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2021-0935",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0935"
},
{
"name": "CVE-2022-1055",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1055"
},
{
"name": "CVE-2022-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2020-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26141"
},
{
"name": "CVE-2021-28964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28964"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2021-39636",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39636"
},
{
"name": "CVE-2022-0742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0742"
},
{
"name": "CVE-2020-26145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26145"
}
],
"initial_release_date": "2022-04-01T00:00:00",
"last_revision_date": "2022-04-01T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-299",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5357-2 du 31 mars 2022",
"url": "https://ubuntu.com/security/notices/USN-5357-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5361-1 du 01 avril 2022",
"url": "https://ubuntu.com/security/notices/USN-5361-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5362-1 du 01 avril 2022",
"url": "https://ubuntu.com/security/notices/USN-5362-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5358-2 du 31 mars 2022",
"url": "https://ubuntu.com/security/notices/USN-5358-2"
}
]
}
FKIE_CVE-2020-3702
Vulnerability from fkie_nvd - Published: 2020-09-08 10:15 - Updated: 2024-11-21 05:31
Severity
Summary
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qualcomm | apq8053_firmware | - | |
| qualcomm | apq8053 | - | |
| qualcomm | ipq4019_firmware | - | |
| qualcomm | ipq4019 | - | |
| qualcomm | ipq8064_firmware | - | |
| qualcomm | ipq8064 | - | |
| qualcomm | msm8909w_firmware | - | |
| qualcomm | msm8909w | - | |
| qualcomm | msm8996au_firmware | - | |
| qualcomm | msm8996au | - | |
| qualcomm | qca9531_firmware | - | |
| qualcomm | qca9531 | - | |
| qualcomm | qcn5502_firmware | - | |
| qualcomm | qcn5502 | - | |
| qualcomm | qcs405_firmware | - | |
| qualcomm | qcs405 | - | |
| qualcomm | sdx20_firmware | - | |
| qualcomm | sdx20 | - | |
| qualcomm | sm6150_firmware | - | |
| qualcomm | sm6150 | - | |
| qualcomm | sm7150_firmware | - | |
| qualcomm | sm7150 | - | |
| debian | debian_linux | 10.0 | |
| arista | access_point | * | |
| arista | av2 | - | |
| arista | c-75 | - | |
| arista | c75-e | - | |
| arista | o-90 | - | |
| arista | o90e | - | |
| arista | w-68 | - | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B052615D-857A-46D4-9098-1CBFA14687C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19B59B60-A298-4A56-A45A-E34B7AAB43D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94CB547F-0078-47CD-B511-06DE96882D5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA679375-BB14-4B24-8AD9-B2BFBACE2FDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1CC1C1-F2CA-4C43-B9E9-1288C3496C7B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC82552A-9E7C-4A13-B7A5-43CEA218675C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE28A59C-7AA6-4B85-84E8-07852B96108E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEE828B-09A7-4AC1-8134-491A7C87C118",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA1E7B0-782B-4757-B118-802943798984",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95CB08EC-AE12-4A54-AA3C-998F01FC8763",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E71452E6-551F-4E93-9951-2582C60BDFCE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:qca9531:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D69FB0E-FDFF-42B8-ADAD-797B7C91E979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:qcn5502_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D33E62D2-931E-465C-BC8E-71FB36CF6E36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:qcn5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "254F1AB0-C21A-41A6-9B9B-ED074A4C9EBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36F5A18B-8C9E-4A38-B994-E3E2696BB83D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B703667D-DE09-40AF-BA44-E0E56252A790",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CE1B23-6FE3-41C4-B264-C7A9E8BDBEC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794BA13C-3C63-4695-AA45-676F85D904BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ABE492A-3755-4969-9DEB-4B85EBB84644",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D3787B-6ACC-4591-B041-01307ED66C36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A748F-2236-4486-83F1-DE4BCBE5D56D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "184F3DFC-27E8-48AC-B46C-C589DBCBF030",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:access_point:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3CF23B-9C45-4B3F-B077-02CC699A1DC5",
"versionEndIncluding": "8.8.3-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:av2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74E5E321-2714-46FF-8F3F-4958EE7B3A5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE26D5A-486B-48F3-9C1C-4EE3FD8F0234",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:c75-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E2ACBF3-F2B2-414E-92AE-20E4E80636B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41F9E4B2-63FC-4F53-9C12-7478B7B6AD48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:o90e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBAB8F1-1F56-4695-8F86-9AA994C4A6C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F03BB48-C89A-41F6-99DE-12FF95DCD9F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150"
},
{
"lang": "es",
"value": "Un tr\u00e1fico espec\u00edficamente sincronizado y dise\u00f1ado puede causar errores internos en un dispositivo WLAN que conllevan a un cifrado inapropiado del Wi-Fi de capa 2 con la consiguiente posibilidad de divulgaci\u00f3n de informaci\u00f3n sobre el aire para un conjunto discreto de tr\u00e1fico en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026amp; Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking versiones APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150"
}
],
"id": "CVE-2020-3702",
"lastModified": "2024-11-21T05:31:36.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-08T10:15:16.340",
"references": [
{
"source": "product-security@qualcomm.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"source": "product-security@qualcomm.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"source": "product-security@qualcomm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58"
},
{
"source": "product-security@qualcomm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
}
],
"sourceIdentifier": "product-security@qualcomm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-H4Q5-8RRJ-HRJ2
Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2022-05-24 17:27
VLAI
Details
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
{
"affected": [],
"aliases": [
"CVE-2020-3702"
],
"database_specific": {
"cwe_ids": [
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-08T10:15:00Z",
"severity": "MODERATE"
},
"details": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"id": "GHSA-h4q5-8rrj-hrj2",
"modified": "2022-05-24T17:27:34Z",
"published": "2022-05-24T17:27:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3702"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2020-3702
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-3702",
"description": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"id": "GSD-2020-3702",
"references": [
"https://www.suse.com/security/cve/CVE-2020-3702.html",
"https://www.debian.org/security/2021/dsa-4978",
"https://ubuntu.com/security/CVE-2020-3702",
"https://advisories.mageia.org/CVE-2020-3702.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-3702"
],
"details": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"id": "GSD-2020-3702",
"modified": "2023-12-13T01:22:09.619348Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-3702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptographic Issues in WIFI driver(Krook)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58",
"refsource": "CONFIRM",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58"
},
{
"name": "DSA-4978",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qualcomm:qca9531:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:qualcomm:qcn5502_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qualcomm:qcn5502:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:arista:access_point:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.3-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arista:av2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:c75-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:o90e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security.cna@qualcomm.com",
"ID": "CVE-2020-3702"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58"
},
{
"name": "DSA-4978",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-01-06T14:19Z",
"publishedDate": "2020-09-08T10:15Z"
}
}
}
OPENSUSE-SU-2021:1357-1
Vulnerability from csaf_opensuse - Published: 2021-10-15 12:13 - Updated: 2021-10-15 12:13Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-3702: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (bnc#1191193).
- CVE-2021-3669: Fixed a denial of service to replace costly bailout check in sysvipc_find_ipc() (bsc#1159886 bsc#1188986).
- CVE-2021-3752: Fixed a use-after-free uaf bug in bluetooth (bsc#1190023).
- CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel (bnc#1190159)
- CVE-2021-3744, CVE-2021-3764: Fixed some resource leaks in the ccp driver ccp_run_aes_gcm_cmd() (bsc#1189884 bsc#1190534).
The following non-security bugs were fixed:
- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: Prevent probing virtual functions (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358).
- libata: fix ata_host_start() (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- USB: serial: option: add device id for Foxconn T99W265 (git-fixes).
- USB: serial: option: add Telit LN920 compositions (git-fixes).
- USB: serial: option: remove duplicate USB device ID (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).
Patchnames: openSUSE-2021-1357
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
76 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-3702: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (bnc#1191193).\n- CVE-2021-3669: Fixed a denial of service to replace costly bailout check in sysvipc_find_ipc() (bsc#1159886 bsc#1188986).\n- CVE-2021-3752: Fixed a use-after-free uaf bug in bluetooth (bsc#1190023).\n- CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel (bnc#1190159)\n- CVE-2021-3744, CVE-2021-3764: Fixed some resource leaks in the ccp driver ccp_run_aes_gcm_cmd() (bsc#1189884 bsc#1190534).\n\nThe following non-security bugs were fixed:\n\n- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).\n- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).\n- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).\n- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).\n- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).\n- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).\n- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).\n- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).\n- ath9k: fix sleeping in atomic context (git-fixes).\n- blk-mq: do not deactivate hctx if managed irq isn\u0027t used (bsc#1185762).\n- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).\n- blk-mq: mark if one queue map uses managed irq (bsc#1185762).\n- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).\n- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).\n- bnxt: count Tx drops (git-fixes).\n- bnxt: disable napi before canceling DIM (git-fixes).\n- bnxt: do not lock the tx queue from napi poll (git-fixes).\n- bnxt_en: Add missing DMA memory barriers (git-fixes).\n- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).\n- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).\n- bnxt_en: Store the running firmware version code (git-fixes).\n- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).\n- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).\n- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).\n- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).\n- console: consume APC, DM, DCS (git-fixes).\n- cuse: fix broken release (bsc#1190596).\n- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).\n- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).\n- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).\n- dmaengine: ioat: depends on !UML (git-fixes).\n- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).\n- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).\n- docs: Fix infiniband uverbs minor number (git-fixes).\n- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).\n- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).\n- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).\n- drm/amdgpu: Fix BUG_ON assert (git-fixes).\n- drm: avoid blocking in drm_clients_info\u0027s rcu section (git-fixes).\n- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).\n- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).\n- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).\n- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).\n- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).\n- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).\n- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).\n- erofs: fix up erofs_lookup tracepoint (git-fixes).\n- fbmem: do not allow too huge resolutions (git-fixes).\n- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).\n- fpga: machxo2-spi: Return an error on failure (git-fixes).\n- fuse: flush extending writes (bsc#1190595).\n- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).\n- genirq: add device_has_managed_msi_irq (bsc#1185762).\n- gpio: uniphier: Fix void functions to remove return value (git-fixes).\n- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).\n- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).\n- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).\n- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).\n- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).\n- hwmon: (tmp421) fix rounding for negative values (git-fixes).\n- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).\n- i40e: Add additional info to PHY type error (git-fixes).\n- i40e: Fix firmware LLDP agent related warning (git-fixes).\n- i40e: Fix logic of disabling queues (git-fixes).\n- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).\n- i40e: Fix queue-to-TC mapping on Tx (git-fixes).\n- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).\n- iavf: Set RSS LUT and key in reset handle path (git-fixes).\n- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).\n- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).\n- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).\n- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).\n- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).\n- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).\n- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).\n- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).\n- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).\n- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).\n- ice: Prevent probing virtual functions (git-fixes).\n- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).\n- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).\n- iomap: Fix negative assignment to unsigned sis-\u003epages in iomap_swapfile_activate (bsc#1190784).\n- ionic: cleanly release devlink instance (bsc#1167773).\n- ionic: count csum_none when offload enabled (bsc#1167773).\n- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).\n- ipc/util.c: use binary search for max_idx (bsc#1159886).\n- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).\n- ipvs: avoid expiring many connections from timer (bsc#1190467).\n- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).\n- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).\n- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).\n- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.\n- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.\n- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).\n- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358).\n- libata: fix ata_host_start() (git-fixes).\n- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).\n- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).\n- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).\n- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).\n- mac80211: mesh: fix potentially unaligned access (git-fixes).\n- media: cedrus: Fix SUNXI tile size calculation (git-fixes).\n- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).\n- media: dib8000: rewrite the init prbs logic (git-fixes).\n- media: imx258: Limit the max analogue gain to 480 (git-fixes).\n- media: imx258: Rectify mismatch of VTS value (git-fixes).\n- media: rc-loopback: return number of emitters rather than error (git-fixes).\n- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).\n- media: uvc: do not do DMA on stack (git-fixes).\n- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).\n- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).\n- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).\n- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).\n- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).\n- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).\n- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).\n- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).\n- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).\n- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).\n- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).\n- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).\n- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).\n- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).\n- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).\n- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).\n- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).\n- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).\n- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).\n- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).\n- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).\n- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).\n- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).\n- net/mlx5: Fix flow table chaining (git-fixes).\n- net/mlx5: Fix return value from tracer initialization (git-fixes).\n- net/mlx5: Unload device upon firmware fatal error (git-fixes).\n- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).\n- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).\n- nfp: update ethtool reporting of pauseframe control (git-fixes).\n- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).\n- NFS: do not store \u0027struct cred *\u0027 in struct nfs_access_entry (bsc#1190746).\n- NFS: pass cred explicitly for access tests (bsc#1190746).\n- nvme: avoid race in shutdown namespace removal (bsc#1188067).\n- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).\n- parport: remove non-zero check on count (git-fixes).\n- PCI: aardvark: Fix checking for PIO status (git-fixes).\n- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).\n- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).\n- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).\n- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).\n- PCI: Add AMD GPU multi-function power dependencies (git-fixes).\n- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).\n- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).\n- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).\n- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).\n- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).\n- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).\n- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).\n- PM: EM: Increase energy calculation precision (git-fixes).\n- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).\n- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).\n- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).\n- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).\n- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).\n- powerpc/perf: Fix the check for SIAR value (bsc#1065729).\n- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).\n- powerpc/perf: Use regs-\u003enip when SIAR is zero (bsc#1065729).\n- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).\n- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).\n- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).\n- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).\n- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).\n- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).\n- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).\n- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).\n- pwm: img: Do not modify HW state in .remove() callback (git-fixes).\n- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).\n- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).\n- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).\n- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).\n- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).\n- regmap: fix page selection for noinc reads (git-fixes).\n- regmap: fix page selection for noinc writes (git-fixes).\n- regmap: fix the offset of register error log (git-fixes).\n- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).\n- rpm: Abolish scritplet templating (bsc#1189841).\n- rtc: rx8010: select REGMAP_I2C (git-fixes).\n- rtc: tps65910: Correct driver module alias (git-fixes).\n- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).\n- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).\n- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).\n- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).\n- scsi: fc: Add EDC ELS definition (bsc#1190576).\n- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).\n- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).\n- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).\n- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).\n- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).\n- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).\n- scsi: lpfc: Add EDC ELS support (bsc#1190576).\n- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).\n- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).\n- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).\n- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).\n- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).\n- scsi: lpfc: Add support for the CM framework (bsc#1190576).\n- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).\n- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).\n- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).\n- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).\n- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).\n- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).\n- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).\n- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).\n- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).\n- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).\n- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).\n- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).\n- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).\n- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).\n- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).\n- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).\n- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).\n- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).\n- scsi: lpfc: Remove unneeded variable (bsc#1190576).\n- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).\n- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).\n- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).\n- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).\n- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).\n- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).\n- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).\n- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).\n- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).\n- serial: mvebu-uart: fix driver\u0027s tx_empty callback (git-fixes).\n- serial: sh-sci: fix break handling for sysrq (git-fixes).\n- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).\n- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).\n- staging: ks7010: Fix the initialization of the \u0027sleep_status\u0027 structure (git-fixes).\n- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).\n- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).\n- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).\n- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).\n- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).\n- tty: synclink_gt, drop unneeded forward declarations (git-fixes).\n- usb: core: hcd: Add support for deferring roothub registration (git-fixes).\n- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).\n- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).\n- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).\n- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).\n- USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).\n- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).\n- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).\n- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).\n- usb: host: fotg210: fix the endpoint\u0027s transactional opportunities calculation (git-fixes).\n- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).\n- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).\n- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).\n- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).\n- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).\n- USB: serial: option: add device id for Foxconn T99W265 (git-fixes).\n- USB: serial: option: add Telit LN920 compositions (git-fixes).\n- USB: serial: option: remove duplicate USB device ID (git-fixes).\n- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).\n- video: fbdev: asiliantfb: Error out if \u0027pixclock\u0027 equals zero (git-fixes).\n- video: fbdev: kyro: Error out if \u0027pixclock\u0027 equals zero (git-fixes).\n- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).\n- video: fbdev: riva: Error out if \u0027pixclock\u0027 equals zero (git-fixes).\n- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).\n- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).\n- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).\n- vmxnet3: prepare for version 6 changes (bsc#1190406).\n- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).\n- vmxnet3: set correct hash type based on rss information (bsc#1190406).\n- vmxnet3: update to version 6 (bsc#1190406).\n- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).\n- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).\n- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).\n- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).\n- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).\n- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).\n- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).\n- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).\n- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).\n- xgene-v2: Fix a resource leak in the error handling path of \u0027xge_probe()\u0027 (git-fixes).\n- xhci: Set HCD flag to defer primary roothub registration (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1357",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1357-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1357-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SS5B6JL55TTUNHHOGTFHK5JQ6EZOF7ZV/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1357-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SS5B6JL55TTUNHHOGTFHK5JQ6EZOF7ZV/"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1148868",
"url": "https://bugzilla.suse.com/1148868"
},
{
"category": "self",
"summary": "SUSE Bug 1152489",
"url": "https://bugzilla.suse.com/1152489"
},
{
"category": "self",
"summary": "SUSE Bug 1154353",
"url": "https://bugzilla.suse.com/1154353"
},
{
"category": "self",
"summary": "SUSE Bug 1159886",
"url": "https://bugzilla.suse.com/1159886"
},
{
"category": "self",
"summary": "SUSE Bug 1167773",
"url": "https://bugzilla.suse.com/1167773"
},
{
"category": "self",
"summary": "SUSE Bug 1170774",
"url": "https://bugzilla.suse.com/1170774"
},
{
"category": "self",
"summary": "SUSE Bug 1173746",
"url": "https://bugzilla.suse.com/1173746"
},
{
"category": "self",
"summary": "SUSE Bug 1176940",
"url": "https://bugzilla.suse.com/1176940"
},
{
"category": "self",
"summary": "SUSE Bug 1184439",
"url": "https://bugzilla.suse.com/1184439"
},
{
"category": "self",
"summary": "SUSE Bug 1184804",
"url": "https://bugzilla.suse.com/1184804"
},
{
"category": "self",
"summary": "SUSE Bug 1185302",
"url": "https://bugzilla.suse.com/1185302"
},
{
"category": "self",
"summary": "SUSE Bug 1185677",
"url": "https://bugzilla.suse.com/1185677"
},
{
"category": "self",
"summary": "SUSE Bug 1185726",
"url": "https://bugzilla.suse.com/1185726"
},
{
"category": "self",
"summary": "SUSE Bug 1185762",
"url": "https://bugzilla.suse.com/1185762"
},
{
"category": "self",
"summary": "SUSE Bug 1187167",
"url": "https://bugzilla.suse.com/1187167"
},
{
"category": "self",
"summary": "SUSE Bug 1188067",
"url": "https://bugzilla.suse.com/1188067"
},
{
"category": "self",
"summary": "SUSE Bug 1188651",
"url": "https://bugzilla.suse.com/1188651"
},
{
"category": "self",
"summary": "SUSE Bug 1188986",
"url": "https://bugzilla.suse.com/1188986"
},
{
"category": "self",
"summary": "SUSE Bug 1189297",
"url": "https://bugzilla.suse.com/1189297"
},
{
"category": "self",
"summary": "SUSE Bug 1189841",
"url": "https://bugzilla.suse.com/1189841"
},
{
"category": "self",
"summary": "SUSE Bug 1189884",
"url": "https://bugzilla.suse.com/1189884"
},
{
"category": "self",
"summary": "SUSE Bug 1190023",
"url": "https://bugzilla.suse.com/1190023"
},
{
"category": "self",
"summary": "SUSE Bug 1190062",
"url": "https://bugzilla.suse.com/1190062"
},
{
"category": "self",
"summary": "SUSE Bug 1190115",
"url": "https://bugzilla.suse.com/1190115"
},
{
"category": "self",
"summary": "SUSE Bug 1190159",
"url": "https://bugzilla.suse.com/1190159"
},
{
"category": "self",
"summary": "SUSE Bug 1190358",
"url": "https://bugzilla.suse.com/1190358"
},
{
"category": "self",
"summary": "SUSE Bug 1190406",
"url": "https://bugzilla.suse.com/1190406"
},
{
"category": "self",
"summary": "SUSE Bug 1190467",
"url": "https://bugzilla.suse.com/1190467"
},
{
"category": "self",
"summary": "SUSE Bug 1190523",
"url": "https://bugzilla.suse.com/1190523"
},
{
"category": "self",
"summary": "SUSE Bug 1190534",
"url": "https://bugzilla.suse.com/1190534"
},
{
"category": "self",
"summary": "SUSE Bug 1190543",
"url": "https://bugzilla.suse.com/1190543"
},
{
"category": "self",
"summary": "SUSE Bug 1190576",
"url": "https://bugzilla.suse.com/1190576"
},
{
"category": "self",
"summary": "SUSE Bug 1190595",
"url": "https://bugzilla.suse.com/1190595"
},
{
"category": "self",
"summary": "SUSE Bug 1190596",
"url": "https://bugzilla.suse.com/1190596"
},
{
"category": "self",
"summary": "SUSE Bug 1190598",
"url": "https://bugzilla.suse.com/1190598"
},
{
"category": "self",
"summary": "SUSE Bug 1190620",
"url": "https://bugzilla.suse.com/1190620"
},
{
"category": "self",
"summary": "SUSE Bug 1190626",
"url": "https://bugzilla.suse.com/1190626"
},
{
"category": "self",
"summary": "SUSE Bug 1190679",
"url": "https://bugzilla.suse.com/1190679"
},
{
"category": "self",
"summary": "SUSE Bug 1190705",
"url": "https://bugzilla.suse.com/1190705"
},
{
"category": "self",
"summary": "SUSE Bug 1190717",
"url": "https://bugzilla.suse.com/1190717"
},
{
"category": "self",
"summary": "SUSE Bug 1190746",
"url": "https://bugzilla.suse.com/1190746"
},
{
"category": "self",
"summary": "SUSE Bug 1190758",
"url": "https://bugzilla.suse.com/1190758"
},
{
"category": "self",
"summary": "SUSE Bug 1190784",
"url": "https://bugzilla.suse.com/1190784"
},
{
"category": "self",
"summary": "SUSE Bug 1190785",
"url": "https://bugzilla.suse.com/1190785"
},
{
"category": "self",
"summary": "SUSE Bug 1191172",
"url": "https://bugzilla.suse.com/1191172"
},
{
"category": "self",
"summary": "SUSE Bug 1191193",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "self",
"summary": "SUSE Bug 1191240",
"url": "https://bugzilla.suse.com/1191240"
},
{
"category": "self",
"summary": "SUSE Bug 1191292",
"url": "https://bugzilla.suse.com/1191292"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-3702 page",
"url": "https://www.suse.com/security/cve/CVE-2020-3702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3669 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3744 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3752 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3764 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40490 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40490/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2021-10-15T12:13:03Z",
"generator": {
"date": "2021-10-15T12:13:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1357-1",
"initial_release_date": "2021-10-15T12:13:03Z",
"revision_history": [
{
"date": "2021-10-15T12:13:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-5.3.18-lp152.95.1.noarch",
"product": {
"name": "kernel-devel-5.3.18-lp152.95.1.noarch",
"product_id": "kernel-devel-5.3.18-lp152.95.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-5.3.18-lp152.95.1.noarch",
"product": {
"name": "kernel-docs-5.3.18-lp152.95.1.noarch",
"product_id": "kernel-docs-5.3.18-lp152.95.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-5.3.18-lp152.95.1.noarch",
"product": {
"name": "kernel-docs-html-5.3.18-lp152.95.1.noarch",
"product_id": "kernel-docs-html-5.3.18-lp152.95.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-5.3.18-lp152.95.1.noarch",
"product": {
"name": "kernel-macros-5.3.18-lp152.95.1.noarch",
"product_id": "kernel-macros-5.3.18-lp152.95.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-5.3.18-lp152.95.1.noarch",
"product": {
"name": "kernel-source-5.3.18-lp152.95.1.noarch",
"product_id": "kernel-source-5.3.18-lp152.95.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"product": {
"name": "kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"product_id": "kernel-source-vanilla-5.3.18-lp152.95.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-5.3.18-lp152.95.1.x86_64",
"product": {
"name": "kernel-debug-5.3.18-lp152.95.1.x86_64",
"product_id": "kernel-debug-5.3.18-lp152.95.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"product": {
"name": "kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"product_id": "kernel-debug-devel-5.3.18-lp152.95.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-5.3.18-lp152.95.1.x86_64",
"product": {
"name": "kernel-default-5.3.18-lp152.95.1.x86_64",
"product_id": "kernel-default-5.3.18-lp152.95.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"product": {
"name": "kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"product_id": "kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"product": {
"name": "kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"product_id": "kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"product": {
"name": "kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"product_id": "kernel-default-devel-5.3.18-lp152.95.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"product": {
"name": "kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"product_id": "kernel-kvmsmall-5.3.18-lp152.95.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"product_id": "kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"product": {
"name": "kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"product_id": "kernel-obs-build-5.3.18-lp152.95.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"product": {
"name": "kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"product_id": "kernel-obs-qa-5.3.18-lp152.95.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-preempt-5.3.18-lp152.95.1.x86_64",
"product": {
"name": "kernel-preempt-5.3.18-lp152.95.1.x86_64",
"product_id": "kernel-preempt-5.3.18-lp152.95.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"product": {
"name": "kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"product_id": "kernel-preempt-devel-5.3.18-lp152.95.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-5.3.18-lp152.95.1.x86_64",
"product": {
"name": "kernel-syms-5.3.18-lp152.95.1.x86_64",
"product_id": "kernel-syms-5.3.18-lp152.95.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-5.3.18-lp152.95.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64"
},
"product_reference": "kernel-debug-5.3.18-lp152.95.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-5.3.18-lp152.95.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64"
},
"product_reference": "kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-5.3.18-lp152.95.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64"
},
"product_reference": "kernel-default-5.3.18-lp152.95.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64"
},
"product_reference": "kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64"
},
"product_reference": "kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-5.3.18-lp152.95.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64"
},
"product_reference": "kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-5.3.18-lp152.95.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch"
},
"product_reference": "kernel-devel-5.3.18-lp152.95.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-5.3.18-lp152.95.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch"
},
"product_reference": "kernel-docs-5.3.18-lp152.95.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-html-5.3.18-lp152.95.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch"
},
"product_reference": "kernel-docs-html-5.3.18-lp152.95.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-5.3.18-lp152.95.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64"
},
"product_reference": "kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64"
},
"product_reference": "kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-5.3.18-lp152.95.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch"
},
"product_reference": "kernel-macros-5.3.18-lp152.95.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-5.3.18-lp152.95.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64"
},
"product_reference": "kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-5.3.18-lp152.95.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64"
},
"product_reference": "kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-preempt-5.3.18-lp152.95.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64"
},
"product_reference": "kernel-preempt-5.3.18-lp152.95.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-preempt-devel-5.3.18-lp152.95.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64"
},
"product_reference": "kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-5.3.18-lp152.95.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch"
},
"product_reference": "kernel-source-5.3.18-lp152.95.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-5.3.18-lp152.95.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch"
},
"product_reference": "kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-5.3.18-lp152.95.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
},
"product_reference": "kernel-syms-5.3.18-lp152.95.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-3702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-3702"
}
],
"notes": [
{
"category": "general",
"text": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-3702",
"url": "https://www.suse.com/security/cve/CVE-2020-3702"
},
{
"category": "external",
"summary": "SUSE Bug 1191193 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "external",
"summary": "SUSE Bug 1191529 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-15T12:13:03Z",
"details": "important"
}
],
"title": "CVE-2020-3702"
},
{
"cve": "CVE-2021-3669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3669"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3669",
"url": "https://www.suse.com/security/cve/CVE-2021-3669"
},
{
"category": "external",
"summary": "SUSE Bug 1188986 for CVE-2021-3669",
"url": "https://bugzilla.suse.com/1188986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-15T12:13:03Z",
"details": "moderate"
}
],
"title": "CVE-2021-3669"
},
{
"cve": "CVE-2021-3744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3744"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3744",
"url": "https://www.suse.com/security/cve/CVE-2021-3744"
},
{
"category": "external",
"summary": "SUSE Bug 1189884 for CVE-2021-3744",
"url": "https://bugzilla.suse.com/1189884"
},
{
"category": "external",
"summary": "SUSE Bug 1190534 for CVE-2021-3744",
"url": "https://bugzilla.suse.com/1190534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-15T12:13:03Z",
"details": "moderate"
}
],
"title": "CVE-2021-3744"
},
{
"cve": "CVE-2021-3752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3752"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in the Linux kernel\u0027s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3752",
"url": "https://www.suse.com/security/cve/CVE-2021-3752"
},
{
"category": "external",
"summary": "SUSE Bug 1190023 for CVE-2021-3752",
"url": "https://bugzilla.suse.com/1190023"
},
{
"category": "external",
"summary": "SUSE Bug 1190432 for CVE-2021-3752",
"url": "https://bugzilla.suse.com/1190432"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-15T12:13:03Z",
"details": "important"
}
],
"title": "CVE-2021-3752"
},
{
"cve": "CVE-2021-3764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3764"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak flaw was found in the Linux kernel\u0027s ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3764",
"url": "https://www.suse.com/security/cve/CVE-2021-3764"
},
{
"category": "external",
"summary": "SUSE Bug 1190534 for CVE-2021-3764",
"url": "https://bugzilla.suse.com/1190534"
},
{
"category": "external",
"summary": "SUSE Bug 1194518 for CVE-2021-3764",
"url": "https://bugzilla.suse.com/1194518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-15T12:13:03Z",
"details": "moderate"
}
],
"title": "CVE-2021-3764"
},
{
"cve": "CVE-2021-40490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40490"
}
],
"notes": [
{
"category": "general",
"text": "A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40490",
"url": "https://www.suse.com/security/cve/CVE-2021-40490"
},
{
"category": "external",
"summary": "SUSE Bug 1190159 for CVE-2021-40490",
"url": "https://bugzilla.suse.com/1190159"
},
{
"category": "external",
"summary": "SUSE Bug 1192775 for CVE-2021-40490",
"url": "https://bugzilla.suse.com/1192775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-15T12:13:03Z",
"details": "moderate"
}
],
"title": "CVE-2021-40490"
}
]
}
OPENSUSE-SU-2021:1365-1
Vulnerability from csaf_opensuse - Published: 2021-10-18 12:11 - Updated: 2021-10-18 12:11Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 15 SP2 kernel was updated.
The following security bugs were fixed:
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
The following non-security bugs were fixed:
- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: Prevent probing virtual functions (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- libata: fix ata_host_start() (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2021-1365
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
77 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise 15 SP2 kernel was updated.\n\n\nThe following security bugs were fixed:\n\n- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)\n- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel\u0027s bluetooth module. (bsc#1190023)\n- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)\n- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)\n- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)\n- CVE-2021-3669: Fixed a bug that doesn\u0027t allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)\n\nThe following non-security bugs were fixed:\n\n- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).\n- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).\n- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).\n- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).\n- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).\n- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).\n- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).\n- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).\n- ath9k: fix sleeping in atomic context (git-fixes).\n- blk-mq: do not deactivate hctx if managed irq isn\u0027t used (bsc#1185762).\n- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).\n- blk-mq: mark if one queue map uses managed irq (bsc#1185762).\n- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).\n- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).\n- bnxt_en: Add missing DMA memory barriers (git-fixes).\n- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).\n- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).\n- bnxt_en: Store the running firmware version code (git-fixes).\n- bnxt: count Tx drops (git-fixes).\n- bnxt: disable napi before canceling DIM (git-fixes).\n- bnxt: do not lock the tx queue from napi poll (git-fixes).\n- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).\n- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).\n- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).\n- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).\n- console: consume APC, DM, DCS (git-fixes).\n- cuse: fix broken release (bsc#1190596).\n- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).\n- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).\n- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).\n- dmaengine: ioat: depends on !UML (git-fixes).\n- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).\n- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).\n- docs: Fix infiniband uverbs minor number (git-fixes).\n- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).\n- drm: avoid blocking in drm_clients_info\u0027s rcu section (git-fixes).\n- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).\n- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).\n- drm/amdgpu: Fix BUG_ON assert (git-fixes).\n- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).\n- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).\n- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).\n- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).\n- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).\n- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).\n- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).\n- erofs: fix up erofs_lookup tracepoint (git-fixes).\n- fbmem: do not allow too huge resolutions (git-fixes).\n- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).\n- fpga: machxo2-spi: Return an error on failure (git-fixes).\n- fuse: flush extending writes (bsc#1190595).\n- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).\n- genirq: add device_has_managed_msi_irq (bsc#1185762).\n- gpio: uniphier: Fix void functions to remove return value (git-fixes).\n- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).\n- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).\n- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).\n- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).\n- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).\n- hwmon: (tmp421) fix rounding for negative values (git-fixes).\n- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).\n- i40e: Add additional info to PHY type error (git-fixes).\n- i40e: Fix firmware LLDP agent related warning (git-fixes).\n- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).\n- i40e: Fix logic of disabling queues (git-fixes).\n- i40e: Fix queue-to-TC mapping on Tx (git-fixes).\n- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).\n- iavf: Set RSS LUT and key in reset handle path (git-fixes).\n- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).\n- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).\n- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).\n- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).\n- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).\n- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).\n- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).\n- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).\n- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).\n- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).\n- ice: Prevent probing virtual functions (git-fixes).\n- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).\n- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).\n- iomap: Fix negative assignment to unsigned sis-\u003epages in iomap_swapfile_activate (bsc#1190784).\n- ionic: cleanly release devlink instance (bsc#1167773).\n- ionic: count csum_none when offload enabled (bsc#1167773).\n- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).\n- ipc/util.c: use binary search for max_idx (bsc#1159886).\n- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).\n- ipvs: avoid expiring many connections from timer (bsc#1190467).\n- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).\n- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).\n- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).\n- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.\n- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.\n- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).\n- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.\n- libata: fix ata_host_start() (git-fixes).\n- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).\n- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).\n- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).\n- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).\n- mac80211: mesh: fix potentially unaligned access (git-fixes).\n- media: cedrus: Fix SUNXI tile size calculation (git-fixes).\n- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).\n- media: dib8000: rewrite the init prbs logic (git-fixes).\n- media: imx258: Limit the max analogue gain to 480 (git-fixes).\n- media: imx258: Rectify mismatch of VTS value (git-fixes).\n- media: rc-loopback: return number of emitters rather than error (git-fixes).\n- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).\n- media: uvc: do not do DMA on stack (git-fixes).\n- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).\n- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).\n- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).\n- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).\n- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).\n- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).\n- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).\n- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).\n- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).\n- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).\n- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).\n- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).\n- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).\n- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).\n- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).\n- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).\n- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).\n- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).\n- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).\n- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).\n- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).\n- net/mlx5: Fix flow table chaining (git-fixes).\n- net/mlx5: Fix return value from tracer initialization (git-fixes).\n- net/mlx5: Unload device upon firmware fatal error (git-fixes).\n- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).\n- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).\n- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).\n- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).\n- nfp: update ethtool reporting of pauseframe control (git-fixes).\n- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).\n- NFS: do not store \u0027struct cred *\u0027 in struct nfs_access_entry (bsc#1190746).\n- NFS: pass cred explicitly for access tests (bsc#1190746).\n- nvme: avoid race in shutdown namespace removal (bsc#1188067).\n- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).\n- parport: remove non-zero check on count (git-fixes).\n- PCI: aardvark: Fix checking for PIO status (git-fixes).\n- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).\n- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).\n- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).\n- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).\n- PCI: Add AMD GPU multi-function power dependencies (git-fixes).\n- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).\n- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).\n- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).\n- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).\n- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).\n- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).\n- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).\n- PM: EM: Increase energy calculation precision (git-fixes).\n- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).\n- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).\n- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).\n- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).\n- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).\n- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).\n- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).\n- powerpc/perf: Fix the check for SIAR value (bsc#1065729).\n- powerpc/perf: Use regs-\u003enip when SIAR is zero (bsc#1065729).\n- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).\n- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).\n- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).\n- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).\n- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).\n- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).\n- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).\n- pwm: img: Do not modify HW state in .remove() callback (git-fixes).\n- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).\n- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).\n- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).\n- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).\n- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).\n- regmap: fix page selection for noinc reads (git-fixes).\n- regmap: fix page selection for noinc writes (git-fixes).\n- regmap: fix the offset of register error log (git-fixes).\n- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).\n- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.\n- rpm/kernel-binary.spec: Use only non-empty certificates.\n- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can\u0027t use it for dependencies. The filesystem one has to be enough (boo#1184804).\n- rtc: rx8010: select REGMAP_I2C (git-fixes).\n- rtc: tps65910: Correct driver module alias (git-fixes).\n- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).\n- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).\n- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).\n- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).\n- scsi: fc: Add EDC ELS definition (bsc#1190576).\n- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).\n- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).\n- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).\n- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).\n- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).\n- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).\n- scsi: lpfc: Add EDC ELS support (bsc#1190576).\n- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).\n- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).\n- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).\n- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).\n- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).\n- scsi: lpfc: Add support for the CM framework (bsc#1190576).\n- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).\n- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).\n- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).\n- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).\n- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).\n- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).\n- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).\n- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).\n- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).\n- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).\n- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).\n- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).\n- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).\n- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).\n- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).\n- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).\n- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).\n- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).\n- scsi: lpfc: Remove unneeded variable (bsc#1190576).\n- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).\n- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).\n- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).\n- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).\n- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).\n- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).\n- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).\n- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).\n- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).\n- serial: mvebu-uart: fix driver\u0027s tx_empty callback (git-fixes).\n- serial: sh-sci: fix break handling for sysrq (git-fixes).\n- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).\n- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).\n- staging: ks7010: Fix the initialization of the \u0027sleep_status\u0027 structure (git-fixes).\n- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).\n- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).\n- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).\n- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).\n- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).\n- tty: synclink_gt, drop unneeded forward declarations (git-fixes).\n- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).\n- usb: core: hcd: Add support for deferring roothub registration (git-fixes).\n- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).\n- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).\n- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).\n- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).\n- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).\n- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).\n- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).\n- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).\n- usb: host: fotg210: fix the endpoint\u0027s transactional opportunities calculation (git-fixes).\n- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).\n- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).\n- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).\n- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).\n- usb: serial: option: add Telit LN920 compositions (git-fixes).\n- usb: serial: option: remove duplicate USB device ID (git-fixes).\n- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).\n- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).\n- video: fbdev: asiliantfb: Error out if \u0027pixclock\u0027 equals zero (git-fixes).\n- video: fbdev: kyro: Error out if \u0027pixclock\u0027 equals zero (git-fixes).\n- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).\n- video: fbdev: riva: Error out if \u0027pixclock\u0027 equals zero (git-fixes).\n- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).\n- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).\n- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).\n- vmxnet3: prepare for version 6 changes (bsc#1190406).\n- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).\n- vmxnet3: set correct hash type based on rss information (bsc#1190406).\n- vmxnet3: update to version 6 (bsc#1190406).\n- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).\n- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).\n- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).\n- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).\n- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).\n- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).\n- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).\n- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).\n- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).\n- xgene-v2: Fix a resource leak in the error handling path of \u0027xge_probe()\u0027 (git-fixes).\n- xhci: Set HCD flag to defer primary roothub registration (git-fixes).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1365",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1365-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1365-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JSK2K2OLYKIFCAMBX4QB7AGV6SKS3BTM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1365-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JSK2K2OLYKIFCAMBX4QB7AGV6SKS3BTM/"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1148868",
"url": "https://bugzilla.suse.com/1148868"
},
{
"category": "self",
"summary": "SUSE Bug 1152489",
"url": "https://bugzilla.suse.com/1152489"
},
{
"category": "self",
"summary": "SUSE Bug 1154353",
"url": "https://bugzilla.suse.com/1154353"
},
{
"category": "self",
"summary": "SUSE Bug 1159886",
"url": "https://bugzilla.suse.com/1159886"
},
{
"category": "self",
"summary": "SUSE Bug 1167773",
"url": "https://bugzilla.suse.com/1167773"
},
{
"category": "self",
"summary": "SUSE Bug 1170774",
"url": "https://bugzilla.suse.com/1170774"
},
{
"category": "self",
"summary": "SUSE Bug 1173746",
"url": "https://bugzilla.suse.com/1173746"
},
{
"category": "self",
"summary": "SUSE Bug 1176940",
"url": "https://bugzilla.suse.com/1176940"
},
{
"category": "self",
"summary": "SUSE Bug 1184439",
"url": "https://bugzilla.suse.com/1184439"
},
{
"category": "self",
"summary": "SUSE Bug 1184804",
"url": "https://bugzilla.suse.com/1184804"
},
{
"category": "self",
"summary": "SUSE Bug 1185302",
"url": "https://bugzilla.suse.com/1185302"
},
{
"category": "self",
"summary": "SUSE Bug 1185677",
"url": "https://bugzilla.suse.com/1185677"
},
{
"category": "self",
"summary": "SUSE Bug 1185726",
"url": "https://bugzilla.suse.com/1185726"
},
{
"category": "self",
"summary": "SUSE Bug 1185762",
"url": "https://bugzilla.suse.com/1185762"
},
{
"category": "self",
"summary": "SUSE Bug 1187167",
"url": "https://bugzilla.suse.com/1187167"
},
{
"category": "self",
"summary": "SUSE Bug 1188067",
"url": "https://bugzilla.suse.com/1188067"
},
{
"category": "self",
"summary": "SUSE Bug 1188651",
"url": "https://bugzilla.suse.com/1188651"
},
{
"category": "self",
"summary": "SUSE Bug 1188986",
"url": "https://bugzilla.suse.com/1188986"
},
{
"category": "self",
"summary": "SUSE Bug 1189297",
"url": "https://bugzilla.suse.com/1189297"
},
{
"category": "self",
"summary": "SUSE Bug 1189841",
"url": "https://bugzilla.suse.com/1189841"
},
{
"category": "self",
"summary": "SUSE Bug 1189884",
"url": "https://bugzilla.suse.com/1189884"
},
{
"category": "self",
"summary": "SUSE Bug 1190023",
"url": "https://bugzilla.suse.com/1190023"
},
{
"category": "self",
"summary": "SUSE Bug 1190062",
"url": "https://bugzilla.suse.com/1190062"
},
{
"category": "self",
"summary": "SUSE Bug 1190115",
"url": "https://bugzilla.suse.com/1190115"
},
{
"category": "self",
"summary": "SUSE Bug 1190159",
"url": "https://bugzilla.suse.com/1190159"
},
{
"category": "self",
"summary": "SUSE Bug 1190358",
"url": "https://bugzilla.suse.com/1190358"
},
{
"category": "self",
"summary": "SUSE Bug 1190406",
"url": "https://bugzilla.suse.com/1190406"
},
{
"category": "self",
"summary": "SUSE Bug 1190432",
"url": "https://bugzilla.suse.com/1190432"
},
{
"category": "self",
"summary": "SUSE Bug 1190467",
"url": "https://bugzilla.suse.com/1190467"
},
{
"category": "self",
"summary": "SUSE Bug 1190523",
"url": "https://bugzilla.suse.com/1190523"
},
{
"category": "self",
"summary": "SUSE Bug 1190534",
"url": "https://bugzilla.suse.com/1190534"
},
{
"category": "self",
"summary": "SUSE Bug 1190543",
"url": "https://bugzilla.suse.com/1190543"
},
{
"category": "self",
"summary": "SUSE Bug 1190576",
"url": "https://bugzilla.suse.com/1190576"
},
{
"category": "self",
"summary": "SUSE Bug 1190595",
"url": "https://bugzilla.suse.com/1190595"
},
{
"category": "self",
"summary": "SUSE Bug 1190596",
"url": "https://bugzilla.suse.com/1190596"
},
{
"category": "self",
"summary": "SUSE Bug 1190598",
"url": "https://bugzilla.suse.com/1190598"
},
{
"category": "self",
"summary": "SUSE Bug 1190620",
"url": "https://bugzilla.suse.com/1190620"
},
{
"category": "self",
"summary": "SUSE Bug 1190626",
"url": "https://bugzilla.suse.com/1190626"
},
{
"category": "self",
"summary": "SUSE Bug 1190679",
"url": "https://bugzilla.suse.com/1190679"
},
{
"category": "self",
"summary": "SUSE Bug 1190705",
"url": "https://bugzilla.suse.com/1190705"
},
{
"category": "self",
"summary": "SUSE Bug 1190717",
"url": "https://bugzilla.suse.com/1190717"
},
{
"category": "self",
"summary": "SUSE Bug 1190746",
"url": "https://bugzilla.suse.com/1190746"
},
{
"category": "self",
"summary": "SUSE Bug 1190758",
"url": "https://bugzilla.suse.com/1190758"
},
{
"category": "self",
"summary": "SUSE Bug 1190784",
"url": "https://bugzilla.suse.com/1190784"
},
{
"category": "self",
"summary": "SUSE Bug 1190785",
"url": "https://bugzilla.suse.com/1190785"
},
{
"category": "self",
"summary": "SUSE Bug 1191172",
"url": "https://bugzilla.suse.com/1191172"
},
{
"category": "self",
"summary": "SUSE Bug 1191193",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "self",
"summary": "SUSE Bug 1191240",
"url": "https://bugzilla.suse.com/1191240"
},
{
"category": "self",
"summary": "SUSE Bug 1191292",
"url": "https://bugzilla.suse.com/1191292"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-3702 page",
"url": "https://www.suse.com/security/cve/CVE-2020-3702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3669 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3744 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3752 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3764 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40490 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40490/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2021-10-18T12:11:59Z",
"generator": {
"date": "2021-10-18T12:11:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1365-1",
"initial_release_date": "2021-10-18T12:11:59Z",
"revision_history": [
{
"date": "2021-10-18T12:11:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kmod-25-lp152.8.3.1.i586",
"product": {
"name": "kmod-25-lp152.8.3.1.i586",
"product_id": "kmod-25-lp152.8.3.1.i586"
}
},
{
"category": "product_version",
"name": "kmod-compat-25-lp152.8.3.1.i586",
"product": {
"name": "kmod-compat-25-lp152.8.3.1.i586",
"product_id": "kmod-compat-25-lp152.8.3.1.i586"
}
},
{
"category": "product_version",
"name": "libkmod-devel-25-lp152.8.3.1.i586",
"product": {
"name": "libkmod-devel-25-lp152.8.3.1.i586",
"product_id": "libkmod-devel-25-lp152.8.3.1.i586"
}
},
{
"category": "product_version",
"name": "libkmod2-25-lp152.8.3.1.i586",
"product": {
"name": "libkmod2-25-lp152.8.3.1.i586",
"product_id": "libkmod2-25-lp152.8.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "kmod-bash-completion-25-lp152.8.3.1.noarch",
"product": {
"name": "kmod-bash-completion-25-lp152.8.3.1.noarch",
"product_id": "kmod-bash-completion-25-lp152.8.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kmod-25-lp152.8.3.1.x86_64",
"product": {
"name": "kmod-25-lp152.8.3.1.x86_64",
"product_id": "kmod-25-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kmod-compat-25-lp152.8.3.1.x86_64",
"product": {
"name": "kmod-compat-25-lp152.8.3.1.x86_64",
"product_id": "kmod-compat-25-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libkmod-devel-25-lp152.8.3.1.x86_64",
"product": {
"name": "libkmod-devel-25-lp152.8.3.1.x86_64",
"product_id": "libkmod-devel-25-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libkmod2-25-lp152.8.3.1.x86_64",
"product": {
"name": "libkmod2-25-lp152.8.3.1.x86_64",
"product_id": "libkmod2-25-lp152.8.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kmod-25-lp152.8.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586"
},
"product_reference": "kmod-25-lp152.8.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kmod-25-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64"
},
"product_reference": "kmod-25-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kmod-bash-completion-25-lp152.8.3.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch"
},
"product_reference": "kmod-bash-completion-25-lp152.8.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kmod-compat-25-lp152.8.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586"
},
"product_reference": "kmod-compat-25-lp152.8.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kmod-compat-25-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64"
},
"product_reference": "kmod-compat-25-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libkmod-devel-25-lp152.8.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586"
},
"product_reference": "libkmod-devel-25-lp152.8.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libkmod-devel-25-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64"
},
"product_reference": "libkmod-devel-25-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libkmod2-25-lp152.8.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586"
},
"product_reference": "libkmod2-25-lp152.8.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libkmod2-25-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
},
"product_reference": "libkmod2-25-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-3702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-3702"
}
],
"notes": [
{
"category": "general",
"text": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-3702",
"url": "https://www.suse.com/security/cve/CVE-2020-3702"
},
{
"category": "external",
"summary": "SUSE Bug 1191193 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "external",
"summary": "SUSE Bug 1191529 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-18T12:11:59Z",
"details": "important"
}
],
"title": "CVE-2020-3702"
},
{
"cve": "CVE-2021-3669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3669"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3669",
"url": "https://www.suse.com/security/cve/CVE-2021-3669"
},
{
"category": "external",
"summary": "SUSE Bug 1188986 for CVE-2021-3669",
"url": "https://bugzilla.suse.com/1188986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-18T12:11:59Z",
"details": "moderate"
}
],
"title": "CVE-2021-3669"
},
{
"cve": "CVE-2021-3744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3744"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3744",
"url": "https://www.suse.com/security/cve/CVE-2021-3744"
},
{
"category": "external",
"summary": "SUSE Bug 1189884 for CVE-2021-3744",
"url": "https://bugzilla.suse.com/1189884"
},
{
"category": "external",
"summary": "SUSE Bug 1190534 for CVE-2021-3744",
"url": "https://bugzilla.suse.com/1190534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-18T12:11:59Z",
"details": "moderate"
}
],
"title": "CVE-2021-3744"
},
{
"cve": "CVE-2021-3752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3752"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in the Linux kernel\u0027s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3752",
"url": "https://www.suse.com/security/cve/CVE-2021-3752"
},
{
"category": "external",
"summary": "SUSE Bug 1190023 for CVE-2021-3752",
"url": "https://bugzilla.suse.com/1190023"
},
{
"category": "external",
"summary": "SUSE Bug 1190432 for CVE-2021-3752",
"url": "https://bugzilla.suse.com/1190432"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-18T12:11:59Z",
"details": "important"
}
],
"title": "CVE-2021-3752"
},
{
"cve": "CVE-2021-3764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3764"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak flaw was found in the Linux kernel\u0027s ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3764",
"url": "https://www.suse.com/security/cve/CVE-2021-3764"
},
{
"category": "external",
"summary": "SUSE Bug 1190534 for CVE-2021-3764",
"url": "https://bugzilla.suse.com/1190534"
},
{
"category": "external",
"summary": "SUSE Bug 1194518 for CVE-2021-3764",
"url": "https://bugzilla.suse.com/1194518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-18T12:11:59Z",
"details": "moderate"
}
],
"title": "CVE-2021-3764"
},
{
"cve": "CVE-2021-40490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40490"
}
],
"notes": [
{
"category": "general",
"text": "A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40490",
"url": "https://www.suse.com/security/cve/CVE-2021-40490"
},
{
"category": "external",
"summary": "SUSE Bug 1190159 for CVE-2021-40490",
"url": "https://bugzilla.suse.com/1190159"
},
{
"category": "external",
"summary": "SUSE Bug 1192775 for CVE-2021-40490",
"url": "https://bugzilla.suse.com/1192775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:kmod-bash-completion-25-lp152.8.3.1.noarch",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:kmod-compat-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod-devel-25-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libkmod2-25-lp152.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-18T12:11:59Z",
"details": "moderate"
}
],
"title": "CVE-2021-40490"
}
]
}
OPENSUSE-SU-2021:3338-1
Vulnerability from csaf_opensuse - Published: 2021-10-12 09:06 - Updated: 2021-10-12 09:06Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
The following non-security bugs were fixed:
- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: Intel: Fix platform ID matching (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: rt5682: Implement remove callback (git-fixes).
- ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes).
- ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
- bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649).
- bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (git-fixes).
- bpf: Fix ringbuf helper function compatibility (git-fixes).
- bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- devlink: Clear whole devlink_flash_notify struct (bsc#1176447).
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/ast: Fix missing conversions to managed API (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/i915: Allow the sysadmin to override security mitigations (git-fixes).
- drm/i915/rkl: Remove require_force_probe protection (bsc#1189257).
- drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes).
- drm/mgag200: Select clock in PLL update functions (git-fixes).
- drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes).
- drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes).
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- enetc: Fix uninitialized struct dim_sample field usage (git-fixes).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- i40e: improve locking of mac_filter_hash (jsc#SLE-13701).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: do not abort devlink info if board identifier can't be found (jsc#SLE-12878).
- ice: do not remove netdev->dev_addr from uc sync list (git-fixes).
- ice: Prevent probing virtual functions (git-fixes).
- igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ionic: drop useless check of PCI driver data validity (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- libata: fix ata_host_start() (git-fixes).
- libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes).
- libbpf: Fix the possible memory leak on error (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes).
- misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes).
- net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme-multipath: revalidate paths during rescan (bsc#1187211).
- nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
- optee: Fix memory leak when failing to register shm pages (git-fixes).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777).
- RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175).
- RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175).
- RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sch_cake: fix srchost/dsthost hashing mode (bsc#1176447).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576).
- selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes).
- selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes).
- selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes).
- selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).
Patchnames: openSUSE-SLE-15.3-2021-3338
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
87 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP3 kernel was updated.\n\nThe following security bugs were fixed:\n\n- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)\n- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel\u0027s bluetooth module. (bsc#1190023)\n- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)\n- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)\n- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)\n- CVE-2021-3669: Fixed a bug that doesn\u0027t allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)\n\nThe following non-security bugs were fixed:\n\n- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).\n- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).\n- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).\n- ASoC: Intel: Fix platform ID matching (git-fixes).\n- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).\n- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).\n- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).\n- ASoC: rt5682: Implement remove callback (git-fixes).\n- ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes).\n- ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes).\n- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).\n- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).\n- ath9k: fix sleeping in atomic context (git-fixes).\n- backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).\n- bareudp: Fix invalid read beyond skb\u0027s linear data (jsc#SLE-15172).\n- blk-mq: do not deactivate hctx if managed irq isn\u0027t used (bsc#1185762).\n- blk-mq: do not deactivate hctx if managed irq isn\u0027t used (bsc#1185762).\n- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).\n- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).\n- blk-mq: mark if one queue map uses managed irq (bsc#1185762).\n- blk-mq: mark if one queue map uses managed irq (bsc#1185762).\n- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).\n- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).\n- bnxt_en: Add missing DMA memory barriers (git-fixes).\n- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).\n- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).\n- bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649).\n- bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649).\n- bnxt_en: Store the running firmware version code (git-fixes).\n- bnxt: count Tx drops (git-fixes).\n- bnxt: disable napi before canceling DIM (git-fixes).\n- bnxt: do not lock the tx queue from napi poll (git-fixes).\n- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).\n- bpf, samples: Add missing mprog-disable to xdp_redirect_cpu\u0027s optstring (git-fixes).\n- bpf: Fix ringbuf helper function compatibility (git-fixes).\n- bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028).\n- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).\n- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).\n- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).\n- console: consume APC, DM, DCS (git-fixes).\n- cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128).\n- cuse: fix broken release (bsc#1190596).\n- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).\n- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).\n- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).\n- devlink: Clear whole devlink_flash_notify struct (bsc#1176447).\n- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes).\n- dmaengine: ioat: depends on !UML (git-fixes).\n- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).\n- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).\n- docs: Fix infiniband uverbs minor number (git-fixes).\n- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).\n- drm: avoid blocking in drm_clients_info\u0027s rcu section (git-fixes).\n- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).\n- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).\n- drm/amdgpu: Fix BUG_ON assert (git-fixes).\n- drm/ast: Fix missing conversions to managed API (git-fixes).\n- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).\n- drm/i915: Allow the sysadmin to override security mitigations (git-fixes).\n- drm/i915/rkl: Remove require_force_probe protection (bsc#1189257).\n- drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes).\n- drm/mgag200: Select clock in PLL update functions (git-fixes).\n- drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes).\n- drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes).\n- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).\n- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).\n- drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes).\n- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes).\n- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).\n- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).\n- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).\n- EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138).\n- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).\n- enetc: Fix uninitialized struct dim_sample field usage (git-fixes).\n- erofs: fix up erofs_lookup tracepoint (git-fixes).\n- fbmem: do not allow too huge resolutions (git-fixes).\n- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).\n- fpga: machxo2-spi: Return an error on failure (git-fixes).\n- fuse: flush extending writes (bsc#1190595).\n- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).\n- genirq: add device_has_managed_msi_irq (bsc#1185762).\n- genirq: add device_has_managed_msi_irq (bsc#1185762).\n- gpio: uniphier: Fix void functions to remove return value (git-fixes).\n- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).\n- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).\n- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).\n- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).\n- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).\n- hwmon: (tmp421) fix rounding for negative values (git-fixes).\n- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).\n- i40e: Add additional info to PHY type error (git-fixes).\n- i40e: Fix firmware LLDP agent related warning (git-fixes).\n- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).\n- i40e: Fix logic of disabling queues (git-fixes).\n- i40e: Fix queue-to-TC mapping on Tx (git-fixes).\n- i40e: improve locking of mac_filter_hash (jsc#SLE-13701).\n- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).\n- iavf: Set RSS LUT and key in reset handle path (git-fixes).\n- IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208).\n- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).\n- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).\n- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).\n- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).\n- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).\n- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).\n- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).\n- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).\n- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).\n- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).\n- ice: do not abort devlink info if board identifier can\u0027t be found (jsc#SLE-12878).\n- ice: do not remove netdev-\u003edev_addr from uc sync list (git-fixes).\n- ice: Prevent probing virtual functions (git-fixes).\n- igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533).\n- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).\n- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).\n- iomap: Fix negative assignment to unsigned sis-\u003epages in iomap_swapfile_activate (bsc#1190784).\n- ionic: cleanly release devlink instance (bsc#1167773).\n- ionic: cleanly release devlink instance (bsc#1167773).\n- ionic: count csum_none when offload enabled (bsc#1167773).\n- ionic: drop useless check of PCI driver data validity (bsc#1167773).\n- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).\n- ipc/util.c: use binary search for max_idx (bsc#1159886).\n- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).\n- ipvs: avoid expiring many connections from timer (bsc#1190467).\n- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).\n- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).\n- iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes).\n- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).\n- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.\n- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.\n- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.\n- libata: fix ata_host_start() (git-fixes).\n- libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes).\n- libbpf: Fix the possible memory leak on error (git-fixes).\n- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).\n- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).\n- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).\n- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).\n- mac80211: mesh: fix potentially unaligned access (git-fixes).\n- media: cedrus: Fix SUNXI tile size calculation (git-fixes).\n- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).\n- media: dib8000: rewrite the init prbs logic (git-fixes).\n- media: imx258: Limit the max analogue gain to 480 (git-fixes).\n- media: imx258: Rectify mismatch of VTS value (git-fixes).\n- media: rc-loopback: return number of emitters rather than error (git-fixes).\n- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).\n- media: uvc: do not do DMA on stack (git-fixes).\n- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).\n- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).\n- misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes).\n- misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes).\n- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).\n- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).\n- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).\n- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).\n- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).\n- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).\n- mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes).\n- net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes).\n- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).\n- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).\n- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).\n- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).\n- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).\n- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).\n- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).\n- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).\n- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).\n- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).\n- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).\n- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).\n- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).\n- net/mlx5: Fix flow table chaining (git-fixes).\n- net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172).\n- net/mlx5: Fix return value from tracer initialization (git-fixes).\n- net/mlx5: Unload device upon firmware fatal error (git-fixes).\n- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).\n- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).\n- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).\n- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).\n- nfp: update ethtool reporting of pauseframe control (git-fixes).\n- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).\n- NFS: do not store \u0027struct cred *\u0027 in struct nfs_access_entry (bsc#1190746).\n- NFS: pass cred explicitly for access tests (bsc#1190746).\n- nvme-multipath: revalidate paths during rescan (bsc#1187211).\n- nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).\n- nvme: avoid race in shutdown namespace removal (bsc#1188067).\n- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).\n- nvme: only call synchronize_srcu when clearing current path (bsc#1188067).\n- optee: Fix memory leak when failing to register shm pages (git-fixes).\n- parport: remove non-zero check on count (git-fixes).\n- PCI: aardvark: Fix checking for PIO status (git-fixes).\n- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).\n- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).\n- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).\n- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).\n- PCI: Add AMD GPU multi-function power dependencies (git-fixes).\n- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).\n- PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing \u0027ranges\u0027 (git-fixes).\n- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).\n- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).\n- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).\n- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).\n- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).\n- phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes).\n- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).\n- PM: EM: Increase energy calculation precision (git-fixes).\n- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).\n- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).\n- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).\n- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).\n- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).\n- powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520).\n- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).\n- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).\n- powerpc/perf: Fix the check for SIAR value (bsc#1065729).\n- powerpc/perf: Use regs-\u003enip when SIAR is zero (bsc#1065729).\n- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).\n- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).\n- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).\n- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).\n- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).\n- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).\n- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).\n- pwm: img: Do not modify HW state in .remove() callback (git-fixes).\n- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).\n- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).\n- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).\n- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).\n- RDMA/hns: Fix QP\u0027s resp incomplete assignment (jsc#SLE-14777).\n- RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175).\n- RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175).\n- RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).\n- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).\n- regmap: fix page selection for noinc reads (git-fixes).\n- regmap: fix page selection for noinc writes (git-fixes).\n- regmap: fix the offset of register error log (git-fixes).\n- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).\n- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.\n- rpm/kernel-binary.spec: Use only non-empty certificates.\n- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can\u0027t use it for dependencies. The filesystem one has to be enough (boo#1184804).\n- rtc: rx8010: select REGMAP_I2C (git-fixes).\n- rtc: tps65910: Correct driver module alias (git-fixes).\n- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).\n- sch_cake: fix srchost/dsthost hashing mode (bsc#1176447).\n- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).\n- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).\n- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).\n- scsi: fc: Add EDC ELS definition (bsc#1190576).\n- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).\n- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).\n- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).\n- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).\n- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).\n- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).\n- scsi: lpfc: Add EDC ELS support (bsc#1190576).\n- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).\n- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).\n- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).\n- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).\n- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).\n- scsi: lpfc: Add support for the CM framework (bsc#1190576).\n- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).\n- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).\n- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).\n- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).\n- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).\n- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).\n- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).\n- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).\n- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).\n- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).\n- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).\n- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).\n- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).\n- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).\n- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).\n- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).\n- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).\n- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).\n- scsi: lpfc: Remove unneeded variable (bsc#1190576).\n- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).\n- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).\n- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).\n- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).\n- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).\n- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).\n- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).\n- scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576).\n- selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes).\n- selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes).\n- selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes).\n- selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes).\n- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).\n- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).\n- serial: mvebu-uart: fix driver\u0027s tx_empty callback (git-fixes).\n- serial: sh-sci: fix break handling for sysrq (git-fixes).\n- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).\n- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).\n- staging: ks7010: Fix the initialization of the \u0027sleep_status\u0027 structure (git-fixes).\n- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).\n- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).\n- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).\n- tools: bpf: Fix error in \u0027make -C tools/ bpf_install\u0027 (git-fixes).\n- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).\n- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).\n- tty: synclink_gt, drop unneeded forward declarations (git-fixes).\n- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).\n- usb: core: hcd: Add support for deferring roothub registration (git-fixes).\n- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).\n- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).\n- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).\n- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).\n- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).\n- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).\n- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).\n- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).\n- usb: host: fotg210: fix the endpoint\u0027s transactional opportunities calculation (git-fixes).\n- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).\n- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).\n- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).\n- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).\n- usb: serial: option: add Telit LN920 compositions (git-fixes).\n- usb: serial: option: remove duplicate USB device ID (git-fixes).\n- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).\n- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).\n- video: fbdev: asiliantfb: Error out if \u0027pixclock\u0027 equals zero (git-fixes).\n- video: fbdev: kyro: Error out if \u0027pixclock\u0027 equals zero (git-fixes).\n- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).\n- video: fbdev: riva: Error out if \u0027pixclock\u0027 equals zero (git-fixes).\n- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).\n- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).\n- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).\n- vmxnet3: prepare for version 6 changes (bsc#1190406).\n- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).\n- vmxnet3: set correct hash type based on rss information (bsc#1190406).\n- vmxnet3: update to version 6 (bsc#1190406).\n- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).\n- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).\n- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561).\n- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).\n- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134).\n- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).\n- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).\n- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).\n- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).\n- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).\n- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).\n- xgene-v2: Fix a resource leak in the error handling path of \u0027xge_probe()\u0027 (git-fixes).\n- xhci: Set HCD flag to defer primary roothub registration (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-3338",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_3338-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:3338-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H64LCXMISTZ7YB7R4ABO2Y73X23DJFXU/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:3338-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H64LCXMISTZ7YB7R4ABO2Y73X23DJFXU/"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1148868",
"url": "https://bugzilla.suse.com/1148868"
},
{
"category": "self",
"summary": "SUSE Bug 1152489",
"url": "https://bugzilla.suse.com/1152489"
},
{
"category": "self",
"summary": "SUSE Bug 1154353",
"url": "https://bugzilla.suse.com/1154353"
},
{
"category": "self",
"summary": "SUSE Bug 1159886",
"url": "https://bugzilla.suse.com/1159886"
},
{
"category": "self",
"summary": "SUSE Bug 1167773",
"url": "https://bugzilla.suse.com/1167773"
},
{
"category": "self",
"summary": "SUSE Bug 1170774",
"url": "https://bugzilla.suse.com/1170774"
},
{
"category": "self",
"summary": "SUSE Bug 1171688",
"url": "https://bugzilla.suse.com/1171688"
},
{
"category": "self",
"summary": "SUSE Bug 1173746",
"url": "https://bugzilla.suse.com/1173746"
},
{
"category": "self",
"summary": "SUSE Bug 1174003",
"url": "https://bugzilla.suse.com/1174003"
},
{
"category": "self",
"summary": "SUSE Bug 1176447",
"url": "https://bugzilla.suse.com/1176447"
},
{
"category": "self",
"summary": "SUSE Bug 1176940",
"url": "https://bugzilla.suse.com/1176940"
},
{
"category": "self",
"summary": "SUSE Bug 1177028",
"url": "https://bugzilla.suse.com/1177028"
},
{
"category": "self",
"summary": "SUSE Bug 1178134",
"url": "https://bugzilla.suse.com/1178134"
},
{
"category": "self",
"summary": "SUSE Bug 1184439",
"url": "https://bugzilla.suse.com/1184439"
},
{
"category": "self",
"summary": "SUSE Bug 1184804",
"url": "https://bugzilla.suse.com/1184804"
},
{
"category": "self",
"summary": "SUSE Bug 1185302",
"url": "https://bugzilla.suse.com/1185302"
},
{
"category": "self",
"summary": "SUSE Bug 1185550",
"url": "https://bugzilla.suse.com/1185550"
},
{
"category": "self",
"summary": "SUSE Bug 1185677",
"url": "https://bugzilla.suse.com/1185677"
},
{
"category": "self",
"summary": "SUSE Bug 1185726",
"url": "https://bugzilla.suse.com/1185726"
},
{
"category": "self",
"summary": "SUSE Bug 1185762",
"url": "https://bugzilla.suse.com/1185762"
},
{
"category": "self",
"summary": "SUSE Bug 1187211",
"url": "https://bugzilla.suse.com/1187211"
},
{
"category": "self",
"summary": "SUSE Bug 1188067",
"url": "https://bugzilla.suse.com/1188067"
},
{
"category": "self",
"summary": "SUSE Bug 1188418",
"url": "https://bugzilla.suse.com/1188418"
},
{
"category": "self",
"summary": "SUSE Bug 1188651",
"url": "https://bugzilla.suse.com/1188651"
},
{
"category": "self",
"summary": "SUSE Bug 1188986",
"url": "https://bugzilla.suse.com/1188986"
},
{
"category": "self",
"summary": "SUSE Bug 1189257",
"url": "https://bugzilla.suse.com/1189257"
},
{
"category": "self",
"summary": "SUSE Bug 1189297",
"url": "https://bugzilla.suse.com/1189297"
},
{
"category": "self",
"summary": "SUSE Bug 1189841",
"url": "https://bugzilla.suse.com/1189841"
},
{
"category": "self",
"summary": "SUSE Bug 1189884",
"url": "https://bugzilla.suse.com/1189884"
},
{
"category": "self",
"summary": "SUSE Bug 1190023",
"url": "https://bugzilla.suse.com/1190023"
},
{
"category": "self",
"summary": "SUSE Bug 1190062",
"url": "https://bugzilla.suse.com/1190062"
},
{
"category": "self",
"summary": "SUSE Bug 1190115",
"url": "https://bugzilla.suse.com/1190115"
},
{
"category": "self",
"summary": "SUSE Bug 1190138",
"url": "https://bugzilla.suse.com/1190138"
},
{
"category": "self",
"summary": "SUSE Bug 1190159",
"url": "https://bugzilla.suse.com/1190159"
},
{
"category": "self",
"summary": "SUSE Bug 1190358",
"url": "https://bugzilla.suse.com/1190358"
},
{
"category": "self",
"summary": "SUSE Bug 1190406",
"url": "https://bugzilla.suse.com/1190406"
},
{
"category": "self",
"summary": "SUSE Bug 1190432",
"url": "https://bugzilla.suse.com/1190432"
},
{
"category": "self",
"summary": "SUSE Bug 1190467",
"url": "https://bugzilla.suse.com/1190467"
},
{
"category": "self",
"summary": "SUSE Bug 1190523",
"url": "https://bugzilla.suse.com/1190523"
},
{
"category": "self",
"summary": "SUSE Bug 1190534",
"url": "https://bugzilla.suse.com/1190534"
},
{
"category": "self",
"summary": "SUSE Bug 1190543",
"url": "https://bugzilla.suse.com/1190543"
},
{
"category": "self",
"summary": "SUSE Bug 1190544",
"url": "https://bugzilla.suse.com/1190544"
},
{
"category": "self",
"summary": "SUSE Bug 1190561",
"url": "https://bugzilla.suse.com/1190561"
},
{
"category": "self",
"summary": "SUSE Bug 1190576",
"url": "https://bugzilla.suse.com/1190576"
},
{
"category": "self",
"summary": "SUSE Bug 1190595",
"url": "https://bugzilla.suse.com/1190595"
},
{
"category": "self",
"summary": "SUSE Bug 1190596",
"url": "https://bugzilla.suse.com/1190596"
},
{
"category": "self",
"summary": "SUSE Bug 1190598",
"url": "https://bugzilla.suse.com/1190598"
},
{
"category": "self",
"summary": "SUSE Bug 1190620",
"url": "https://bugzilla.suse.com/1190620"
},
{
"category": "self",
"summary": "SUSE Bug 1190626",
"url": "https://bugzilla.suse.com/1190626"
},
{
"category": "self",
"summary": "SUSE Bug 1190679",
"url": "https://bugzilla.suse.com/1190679"
},
{
"category": "self",
"summary": "SUSE Bug 1190705",
"url": "https://bugzilla.suse.com/1190705"
},
{
"category": "self",
"summary": "SUSE Bug 1190717",
"url": "https://bugzilla.suse.com/1190717"
},
{
"category": "self",
"summary": "SUSE Bug 1190746",
"url": "https://bugzilla.suse.com/1190746"
},
{
"category": "self",
"summary": "SUSE Bug 1190758",
"url": "https://bugzilla.suse.com/1190758"
},
{
"category": "self",
"summary": "SUSE Bug 1190784",
"url": "https://bugzilla.suse.com/1190784"
},
{
"category": "self",
"summary": "SUSE Bug 1190785",
"url": "https://bugzilla.suse.com/1190785"
},
{
"category": "self",
"summary": "SUSE Bug 1191172",
"url": "https://bugzilla.suse.com/1191172"
},
{
"category": "self",
"summary": "SUSE Bug 1191193",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "self",
"summary": "SUSE Bug 1191292",
"url": "https://bugzilla.suse.com/1191292"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-3702 page",
"url": "https://www.suse.com/security/cve/CVE-2020-3702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3669 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3744 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3752 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3764 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40490 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40490/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2021-10-12T09:06:02Z",
"generator": {
"date": "2021-10-12T09:06:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:3338-1",
"initial_release_date": "2021-10-12T09:06:02Z",
"revision_history": [
{
"date": "2021-10-12T09:06:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-5.3.18-38.25.2.noarch",
"product": {
"name": "kernel-devel-azure-5.3.18-38.25.2.noarch",
"product_id": "kernel-devel-azure-5.3.18-38.25.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-5.3.18-38.25.2.noarch",
"product": {
"name": "kernel-source-azure-5.3.18-38.25.2.noarch",
"product_id": "kernel-source-azure-5.3.18-38.25.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"product": {
"name": "cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"product_id": "cluster-md-kmp-azure-5.3.18-38.25.2.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"product": {
"name": "dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"product_id": "dlm-kmp-azure-5.3.18-38.25.2.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"product": {
"name": "gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"product_id": "gfs2-kmp-azure-5.3.18-38.25.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-5.3.18-38.25.2.x86_64",
"product": {
"name": "kernel-azure-5.3.18-38.25.2.x86_64",
"product_id": "kernel-azure-5.3.18-38.25.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-5.3.18-38.25.2.x86_64",
"product": {
"name": "kernel-azure-devel-5.3.18-38.25.2.x86_64",
"product_id": "kernel-azure-devel-5.3.18-38.25.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-5.3.18-38.25.2.x86_64",
"product": {
"name": "kernel-azure-extra-5.3.18-38.25.2.x86_64",
"product_id": "kernel-azure-extra-5.3.18-38.25.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"product": {
"name": "kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"product_id": "kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-5.3.18-38.25.2.x86_64",
"product": {
"name": "kernel-azure-optional-5.3.18-38.25.2.x86_64",
"product_id": "kernel-azure-optional-5.3.18-38.25.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-5.3.18-38.25.1.x86_64",
"product": {
"name": "kernel-syms-azure-5.3.18-38.25.1.x86_64",
"product_id": "kernel-syms-azure-5.3.18-38.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"product": {
"name": "kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"product_id": "kselftests-kmp-azure-5.3.18-38.25.2.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"product": {
"name": "ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"product_id": "ocfs2-kmp-azure-5.3.18-38.25.2.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-5.3.18-38.25.2.x86_64",
"product": {
"name": "reiserfs-kmp-azure-5.3.18-38.25.2.x86_64",
"product_id": "reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-5.3.18-38.25.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64"
},
"product_reference": "cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-5.3.18-38.25.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64"
},
"product_reference": "dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-5.3.18-38.25.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64"
},
"product_reference": "gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-5.3.18-38.25.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64"
},
"product_reference": "kernel-azure-5.3.18-38.25.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-5.3.18-38.25.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64"
},
"product_reference": "kernel-azure-devel-5.3.18-38.25.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-5.3.18-38.25.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64"
},
"product_reference": "kernel-azure-extra-5.3.18-38.25.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64"
},
"product_reference": "kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-5.3.18-38.25.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64"
},
"product_reference": "kernel-azure-optional-5.3.18-38.25.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-5.3.18-38.25.2.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch"
},
"product_reference": "kernel-devel-azure-5.3.18-38.25.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-5.3.18-38.25.2.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch"
},
"product_reference": "kernel-source-azure-5.3.18-38.25.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-5.3.18-38.25.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64"
},
"product_reference": "kernel-syms-azure-5.3.18-38.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-5.3.18-38.25.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64"
},
"product_reference": "kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-5.3.18-38.25.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64"
},
"product_reference": "ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-5.3.18-38.25.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
},
"product_reference": "reiserfs-kmp-azure-5.3.18-38.25.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-3702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-3702"
}
],
"notes": [
{
"category": "general",
"text": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-3702",
"url": "https://www.suse.com/security/cve/CVE-2020-3702"
},
{
"category": "external",
"summary": "SUSE Bug 1191193 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191193"
},
{
"category": "external",
"summary": "SUSE Bug 1191529 for CVE-2020-3702",
"url": "https://bugzilla.suse.com/1191529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-12T09:06:02Z",
"details": "important"
}
],
"title": "CVE-2020-3702"
},
{
"cve": "CVE-2021-3669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3669"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3669",
"url": "https://www.suse.com/security/cve/CVE-2021-3669"
},
{
"category": "external",
"summary": "SUSE Bug 1188986 for CVE-2021-3669",
"url": "https://bugzilla.suse.com/1188986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-12T09:06:02Z",
"details": "moderate"
}
],
"title": "CVE-2021-3669"
},
{
"cve": "CVE-2021-3744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3744"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3744",
"url": "https://www.suse.com/security/cve/CVE-2021-3744"
},
{
"category": "external",
"summary": "SUSE Bug 1189884 for CVE-2021-3744",
"url": "https://bugzilla.suse.com/1189884"
},
{
"category": "external",
"summary": "SUSE Bug 1190534 for CVE-2021-3744",
"url": "https://bugzilla.suse.com/1190534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-12T09:06:02Z",
"details": "moderate"
}
],
"title": "CVE-2021-3744"
},
{
"cve": "CVE-2021-3752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3752"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in the Linux kernel\u0027s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3752",
"url": "https://www.suse.com/security/cve/CVE-2021-3752"
},
{
"category": "external",
"summary": "SUSE Bug 1190023 for CVE-2021-3752",
"url": "https://bugzilla.suse.com/1190023"
},
{
"category": "external",
"summary": "SUSE Bug 1190432 for CVE-2021-3752",
"url": "https://bugzilla.suse.com/1190432"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-12T09:06:02Z",
"details": "important"
}
],
"title": "CVE-2021-3752"
},
{
"cve": "CVE-2021-3764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3764"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak flaw was found in the Linux kernel\u0027s ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3764",
"url": "https://www.suse.com/security/cve/CVE-2021-3764"
},
{
"category": "external",
"summary": "SUSE Bug 1190534 for CVE-2021-3764",
"url": "https://bugzilla.suse.com/1190534"
},
{
"category": "external",
"summary": "SUSE Bug 1194518 for CVE-2021-3764",
"url": "https://bugzilla.suse.com/1194518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-12T09:06:02Z",
"details": "moderate"
}
],
"title": "CVE-2021-3764"
},
{
"cve": "CVE-2021-40490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40490"
}
],
"notes": [
{
"category": "general",
"text": "A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40490",
"url": "https://www.suse.com/security/cve/CVE-2021-40490"
},
{
"category": "external",
"summary": "SUSE Bug 1190159 for CVE-2021-40490",
"url": "https://bugzilla.suse.com/1190159"
},
{
"category": "external",
"summary": "SUSE Bug 1192775 for CVE-2021-40490",
"url": "https://bugzilla.suse.com/1192775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.25.2.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.25.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.25.2.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.25.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-12T09:06:02Z",
"details": "moderate"
}
],
"title": "CVE-2021-40490"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…