{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n- CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504).\n- CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765).\n- CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812)\n- CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n- CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n- CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395).\n\nThe following non-security bugs were fixed:\n\n- ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes).\n- ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes).\n- ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes).\n- ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes).\n- ACPI: sysfs: Prefer 'compatible' modalias (git-fixes).\n- ALSA: doc: Fix reference to mixart.rst (git-fixes).\n- ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes).\n- ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes).\n- ALSA: hda: Add Cometlake-R PCI ID (git-fixes).\n- ALSA: hda/hdmi - enable runtime pm for CI AMD display audio (git-fixes).\n- ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 (git-fixes).\n- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes).\n- ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T (git-fixes).\n- ALSA: hda/tegra: fix tegra-hda on tegra30 soc (git-fixes).\n- ALSA: hda/via: Add minimum mute flag (git-fixes).\n- ALSA: hda/via: Apply the workaround generically for Clevo machines (git-fixes).\n- ALSA: pcm: fix hw_rule deps kABI (bsc#1181014).\n- ALSA: pcm: One more dependency for hw constraints (bsc#1181014).\n- ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes).\n- ALSA: usb-audio: Always apply the hw constraints for implicit fb sync (bsc#1181014).\n- ALSA: usb-audio: Annotate the endpoint index in audioformat (git-fixes).\n- ALSA: usb-audio: Avoid implicit feedback on Pioneer devices (bsc#1181014).\n- ALSA: usb-audio: Avoid unnecessary interface re-setup (git-fixes).\n- ALSA: usb-audio: Choose audioformat of a counter-part substream (git-fixes).\n- ALSA: usb-audio: Fix hw constraints dependencies (bsc#1181014).\n- ALSA: usb-audio: Fix implicit feedback sync setup for Pioneer devices (git-fixes).\n- ALSA: usb-audio: Fix the missing endpoints creations for quirks (git-fixes).\n- ALSA: usb-audio: Fix UAC1 rate setup for secondary endpoints (bsc#1181014).\n- ALSA: usb-audio: Set sample rate for all sharing EPs on UAC1 (bsc#1181014).\n- arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback (bsc#1152489).\n- arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130).\n- arm64: pgtable: Fix pte_accessible() (bsc#1180130).\n- ASoC: ak4458: correct reset polarity (git-fixes).\n- ASoC: dapm: remove widget from dirty list on free (git-fixes).\n- ASoC: Intel: fix error code cnl_set_dsp_D0() (git-fixes).\n- ASoC: meson: axg-tdm-interface: fix loopback (git-fixes).\n- Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close (git-fixes).\n- bnxt_en: Fix AER recovery (jsc#SLE-8371 bsc#1153274).\n- bpf: Do not leak memory in bpf getsockopt when optlen == 0 (bsc#1155518).\n- bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback (bsc#1155518).\n- btrfs: send: fix invalid clone operations when cloning from the same file and root (bsc#1181511).\n- btrfs: send: fix wrong file path when there is an inode with a pending rmdir (bsc#1181237).\n- cachefiles: Drop superfluous readpages aops NULL check (git-fixes).\n- can: dev: prevent potential information leak in can_fill_info() (git-fixes).\n- can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).\n- CDC-NCM: remove 'connected' log message (git-fixes).\n- clk: tegra30: Add hda clock default rates to clock driver (git-fixes).\n- crypto: asym_tpm: correct zero out potential secrets (git-fixes).\n- drivers/base/memory.c: indicate all memory blocks as removable (bsc#1180264).\n- drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling (bsc#1180848).\n- drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers (bsc#1180848). - Update config files. - supported.conf:\n- drm: Added orientation quirk for ASUS tablet model T103HAF (git-fixes).\n- drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes).\n- drm/amd/display: Avoid MST manager resource leak (git-fixes).\n- drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes).\n- drm/amd/display: dchubbub p-state warning during surface planes switch (git-fixes).\n- drm/amd/display: Do not double-buffer DTO adjustments (git-fixes).\n- drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes).\n- drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init (git-fixes).\n- drm/amd/display: Free gamma after calculating legacy transfer function (git-fixes).\n- drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes).\n- drm/amd/display: Increase timeout for DP Disable (git-fixes).\n- drm/amd/display: Reject overlay plane configurations in multi-display scenarios (git-fixes).\n- drm/amd/display: remove useless if/else (git-fixes).\n- drm/amd/display: Retry AUX write when fail occurs (git-fixes).\n- drm/amd/display: Stop if retimer is not available (git-fixes).\n- drm/amd/display: update nv1x stutter latencies (git-fixes).\n- drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes).\n- drm/amdgpu: correct the gpu reset handling for job != NULL case (git-fixes).\n- drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is (git-fixes).\n- drm/amdgpu: do not map BO in reserved region (git-fixes).\n- drm/amdgpu: fix a GPU hang issue when remove device (git-fixes).\n- drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes).\n- drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (git-fixes).\n- drm/amdgpu: fix build_coefficients() argument (git-fixes).\n- drm/amdgpu: fix calltrace during kmd unload(v3) (git-fixes).\n- drm/amdgpu: increase atombios cmd timeout (git-fixes).\n- drm/amdgpu: increase the reserved VM size to 2MB (git-fixes).\n- drm/amdgpu: perform srbm soft reset always on SDMA resume (git-fixes).\n- drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes).\n- drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes).\n- drm/amdgpu: prevent double kfree ttm->sg (git-fixes).\n- drm/amdgpu/psp: fix psp gfx ctrl cmds (git-fixes).\n- drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset (git-fixes).\n- drm/amdkfd: fix a memory leak issue (git-fixes).\n- drm/amdkfd: Fix leak in dmabuf import (git-fixes).\n- drm/amdkfd: fix restore worker race condition (git-fixes).\n- drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes).\n- drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp setting (git-fixes).\n- drm/aspeed: Fix Kconfig warning & subsequent build errors (bsc#1152472)\n- drm/aspeed: Fix Kconfig warning & subsequent build errors (git-fixes).\n- drm/atomic: put state on error path (git-fixes).\n- drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1152472)\n- drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes).\n- drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes).\n- drm/dp_aux_dev: check aux_dev before use in (bsc#1152472)\n- drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes).\n- drm/etnaviv: always start/stop scheduler in timeout processing (git-fixes).\n- drm/exynos: dsi: Remove bridge node reference in error handling path in probe function (git-fixes).\n- drm/gma500: fix double free of gma_connector (bsc#1152472) Backporting notes: \t* context changes\n- drm/gma500: fix double free of gma_connector (git-fixes).\n- drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (git-fixes).\n- drm/i915: Avoid memory leak with more than 16 workarounds on a list (git-fixes).\n- drm/i915: Break up error capture compression loops with cond_resched() (git-fixes).\n- drm/i915: Check for all subplatform bits (git-fixes).\n- drm/i915: clear the gpu reloc batch (git-fixes).\n- drm/i915: Correctly set SFC capability for video engines (bsc#1152489) Backporting notes: \t* context changes\n- drm/i915/display/dp: Compute the correct slice count for VDSC on DP (git-fixes).\n- drm/i915: Drop runtime-pm assert from vgpu io accessors (git-fixes).\n- drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence (git-fixes).\n- drm/i915: Filter wake_flags passed to default_wake_function (git-fixes).\n- drm/i915: Fix mismatch between misplaced vma check and vma insert (git-fixes).\n- drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes).\n- drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes).\n- drm/i915/gt: Delay execlist processing for tgl (git-fixes).\n- drm/i915/gt: Free stale request on destroying the virtual engine (git-fixes).\n- drm/i915/gt: Prevent use of engine->wa_ctx after error (git-fixes).\n- drm/i915/gt: Program mocs:63 for cache eviction on gen9 (git-fixes).\n- drm/i915/gvt: return error when failing to take the module reference (git-fixes).\n- drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n- drm/i915: Handle max_bpc==16 (git-fixes).\n- drm/i915/selftests: Avoid passing a random 0 into ilog2 (git-fixes).\n- drm/mcde: Fix handling of platform_get_irq() error (bsc#1152472)\n- drm/mcde: Fix handling of platform_get_irq() error (git-fixes).\n- drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes).\n- drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes).\n- drm/msm/a6xx: fix a potential overflow issue (git-fixes).\n- drm/msm/a6xx: fix gmu start on newer firmware (git-fixes).\n- drm/msm: add shutdown support for display platform_driver (git-fixes).\n- drm/msm: Disable preemption on all 5xx targets (git-fixes).\n- drm/msm/dpu: Add newline to printks (git-fixes).\n- drm/msm/dpu: Fix scale params in plane validation (git-fixes).\n- drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).\n- drm/msm/dsi_pll_10nm: restore VCO rate during restore_state (git-fixes).\n- drm/msm: fix leaks if initialization fails (git-fixes).\n- drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes).\n- drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes).\n- drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes).\n- drm/nouveau: fix runtime pm imbalance on error (git-fixes).\n- drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes).\n- drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 (git-fixes).\n- drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes).\n- drm/nouveau/mmu: fix vram heap sizing (git-fixes).\n- drm/nouveau/nouveau: fix the start/end range for migration (git-fixes).\n- drm/nouveau/privring: ack interrupts the same way as RM (git-fixes).\n- drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices (git-fixes).\n- drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes).\n- drm/omap: dss: Cleanup DSS ports on initialisation failure (git-fixes).\n- drm/omap: fix incorrect lock state (git-fixes).\n- drm/omap: fix possible object reference leak (git-fixes).\n- drm/panfrost: add amlogic reset quirk callback (git-fixes).\n- drm: rcar-du: Set primary plane zpos immutably at initializing (git-fixes).\n- drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (bsc#1152472)\n- drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes).\n- drm/scheduler: Avoid accessing freed bad job (git-fixes).\n- drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1152472)\n- drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes).\n- drm/sun4i: frontend: Reuse the ch0 phase for RGB formats (git-fixes).\n- drm/sun4i: frontend: Rework a bit the phase data (git-fixes).\n- drm/sun4i: mixer: Extend regmap max_register (git-fixes).\n- drm/syncobj: Fix use-after-free (git-fixes).\n- drm/tegra: replace idr_init() by idr_init_base() (git-fixes).\n- drm/tegra: sor: Disable clocks on error in tegra_sor_init() (git-fixes).\n- drm/ttm: fix eviction valuable range check (git-fixes).\n- drm/tve200: Fix handling of platform_get_irq() error (bsc#1152472)\n- drm/tve200: Fix handling of platform_get_irq() error (git-fixes).\n- drm/tve200: Stabilize enable/disable (git-fixes).\n- drm/vc4: drv: Add error handding for bind (git-fixes).\n- e1000e: bump up timeout to wait when ME un-configures ULP mode (jsc#SLE-8100).\n- ehci: fix EHCI host controller initialization sequence (git-fixes).\n- ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).\n- Exclude Symbols.list again. Removing the exclude builds vanilla/linux-next builds. Fixes: 55877625c800 ('kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.')\n- firmware: imx: select SOC_BUS to fix firmware build (git-fixes).\n- floppy: reintroduce O_NDELAY fix (boo#1181018).\n- futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032).\n- futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).\n- futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).\n- futex: Remove needless goto's (bsc#1149032).\n- futex: Remove unused empty compat_exit_robust_list() (bsc#1149032).\n- futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).\n- futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).\n- futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032).\n- HID: Ignore battery for Elan touchscreen on ASUS UX550 (git-fixes).\n- HID: logitech-dj: add the G602 receiver (git-fixes).\n- HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input devices (git-fixes).\n- HID: multitouch: do not filter mice nodes (git-fixes).\n- HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad device (git-fixes).\n- HID: multitouch: Remove MT_CLS_WIN_8_DUAL (git-fixes).\n- HID: wacom: Constify attribute_groups (git-fixes).\n- HID: wacom: Correct NULL dereference on AES pen proximity (git-fixes).\n- HID: wacom: do not call hid_set_drvdata(hdev, NULL) (git-fixes).\n- HID: wacom: Fix memory leakage caused by kfifo_alloc (git-fixes).\n- hwmon: (pwm-fan) Ensure that calculation does not discard big period values (git-fixes).\n- i2c: bpmp-tegra: Ignore unknown I2C_M flags (git-fixes).\n- i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes).\n- ice: avoid premature Rx buffer reuse (jsc#SLE-7926).\n- ice, xsk: clear the status bits for the next_to_use descriptor (jsc#SLE-7926).\n- iio: ad5504: Fix setting power-down state (git-fixes).\n- iomap: fix WARN_ON_ONCE() from unprivileged users (bsc#1181494).\n- iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1181217).\n- ionic: account for vlan tag len in rx buffer len (bsc#1167773).\n- kABI fixup for dwc3 introduction of DWC_usb32 (git-fixes).\n- kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot (git fixes (kernel/kprobe)).\n- KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails (bsc#1181218).\n- KVM: s390: pv: Mark mm as protected after the set secure parameters and improve cleanup (jsc#SLE-7512 bsc#1165545).\n- KVM: SVM: Initialize prev_ga_tag before use (bsc#1180809).\n- leds: trigger: fix potential deadlock with libata (git-fixes).\n- lib/genalloc: fix the overflow when size is too big (git-fixes).\n- lockd: do not use interval-based rebinding over TCP (for-next).\n- mac80211: check if atf has been disabled in __ieee80211_schedule_txq (git-fixes).\n- mac80211: do not drop tx nulldata packets on encrypted links (git-fixes).\n- md: fix a warning caused by a race between concurrent md_ioctl()s (for-next).\n- media: dvb-usb: Fix memory leak at error in dvb_usb_device_init() (bsc#1181104).\n- media: dvb-usb: Fix use-after-free access (bsc#1181104).\n- media: rc: ensure that uevent can be read directly after rc device register (git-fixes).\n- misdn: dsp: select CONFIG_BITREVERSE (git-fixes).\n- mmc: core: do not initialize block size from ext_csd if not present (git-fixes).\n- mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).\n- mm: memcontrol: fix missing wakeup polling thread (bsc#1181584).\n- mm/vmalloc: Fix unlock order in s_stop() (git fixes (mm/vmalloc)).\n- module: delay kobject uevent until after module init call (bsc#1178631).\n- mt7601u: fix kernel crash unplugging the device (git-fixes).\n- mt7601u: fix rx buffer refcounting (git-fixes).\n- net/af_iucv: fix null pointer dereference on shutdown (bsc#1179567 LTC#190111).\n- net/af_iucv: set correct sk_protocol for child sockets (git-fixes).\n- net: fix proc_fs init handling in af_packet and tls (bsc#1154353).\n- net: hns3: fix a phy loopback fail issue (bsc#1154353).\n- net: hns3: remove a misused pragma packed (bsc#1154353).\n- net/mlx5e: ethtool, Fix restriction of autoneg with 56G (jsc#SLE-8464).\n- net: mscc: ocelot: allow offloading of bridge on top of LAG (git-fixes).\n- net/smc: cancel event worker during device removal (git-fixes).\n- net/smc: check for valid ib_client_data (git-fixes).\n- net/smc: fix cleanup for linkgroup setup failures (git-fixes).\n- net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (git-fixes).\n- net/smc: fix dmb buffer shortage (git-fixes).\n- net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes).\n- net/smc: fix sock refcounting in case of termination (git-fixes).\n- net/smc: fix valid DMBE buffer sizes (git-fixes).\n- net/smc: no peer ID in CLC decline for SMCD (git-fixes).\n- net/smc: remove freed buffer from list (git-fixes).\n- net/smc: reset sndbuf_desc if freed (git-fixes).\n- net/smc: set rx_off for SMCR explicitly (git-fixes).\n- net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).\n- net/smc: transfer fasync_list in case of fallback (git-fixes).\n- net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs' (for-next).\n- net: sunrpc: interpret the return value of kstrtou32 correctly (for-next).\n- net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes).\n- net: vlan: avoid leaks on register_vlan_dev() failures (bsc#1154353).\n- NFC: fix possible resource leak (git-fixes).\n- NFC: fix resource leak when target index is invalid (git-fixes).\n- NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (for-next).\n- nfs_common: need lock during iterate through the list (for-next).\n- nfsd4: readdirplus shouldn't return parent of export (git-fixes).\n- nfsd: Fix message level for normal termination (for-next).\n- NFS: nfs_delegation_find_inode_server must first reference the superblock (for-next).\n- NFS: nfs_igrab_and_active must first reference the superblock (for-next).\n- NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter (for-next).\n- NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read() (for-next).\n- NFS: switch nfsiod to be an UNBOUND workqueue (for-next).\n- NFSv4.2: condition READDIR's mask for security label based on LSM state (for-next).\n- NFSv4: Fix the alignment of page data in the getdeviceinfo reply (for-next).\n- nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161).\n- nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161).\n- platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes).\n- platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634 (git-fixes).\n- platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list (git-fixes).\n- platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on some HP x360 models (git-fixes).\n- PM: hibernate: flush swap writer after marking (git-fixes).\n- pNFS: Mark layout for return if return-on-close was not sent (git-fixes).\n- powerpc: Fix build error in paravirt.h (bsc#1181148 ltc#190702).\n- powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted() (bsc#1181148 ltc#190702).\n- powerpc: Refactor is_kvm_guest() declaration to new header (bsc#1181148 ltc#190702).\n- powerpc: Reintroduce is_kvm_guest() as a fast-path check (bsc#1181148 ltc#190702).\n- powerpc: Rename is_kvm_guest() to check_kvm_guest() (bsc#1181148 ltc#190702).\n- power: vexpress: add suppress_bind_attrs to true (git-fixes).\n- prom_init: enable verbose prints (bsc#1178142 bsc#1180759).\n- ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930).\n- ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930).\n- r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).\n- Revert 'nfsd4: support change_attr_type attribute' (for-next).\n- Revive usb-audio Keep Interface mixer (bsc#1181014).\n- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032).\n- s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes).\n- s390/dasd: fix hanging device offline processing (bsc#1181169 LTC#190914).\n- s390/dasd: fix list corruption of lcu list (git-fixes).\n- s390/dasd: fix list corruption of pavgroup group list (git-fixes).\n- s390/dasd: prevent inconsistent LCU device data (git-fixes).\n- s390/kexec_file: fix diag308 subcode when loading crash kernel (git-fixes).\n- s390/qeth: consolidate online/offline code (git-fixes).\n- s390/qeth: do not raise NETDEV_REBOOT event from L3 offline path (git-fixes).\n- s390/qeth: fix deadlock during recovery (git-fixes).\n- s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes).\n- s390/qeth: fix locking for discipline setup / removal (git-fixes).\n- s390/smp: perform initial CPU reset also for SMT siblings (git-fixes).\n- scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252).\n- scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891).\n- scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891).\n- scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891).\n- scsi: lpfc: Fix crash when nvmet transport calls host_release (bsc#1180891).\n- scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891).\n- scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891).\n- scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891).\n- scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).\n- scsi: lpfc: Fix target reset failing (bsc#1180891).\n- scsi: lpfc: Fix vport create logging (bsc#1180891).\n- scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891).\n- scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891).\n- scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891).\n- scsi: lpfc: Simplify bool comparison (bsc#1180891).\n- scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891).\n- scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891).\n- scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142).\n- scsi: scsi_transport_srp: Do not block target in failfast state (bsc#1172355).\n- selftests/ftrace: Select an existing function in kprobe_eventname test (bsc#1179396 ltc#185738).\n- selftests: net: fib_tests: remove duplicate log test (git-fixes).\n- selftests/powerpc: Add a test of bad (out-of-range) accesses (bsc#1181158 ltc#190851).\n- selftests/powerpc: Add a test of spectre_v2 mitigations (bsc#1181158 ltc#190851).\n- selftests/powerpc: Ignore generated files (bsc#1181158 ltc#190851).\n- selftests/powerpc: Move Hash MMU check to utilities (bsc#1181158 ltc#190851).\n- selftests/powerpc: Move set_dscr() into rfi_flush.c (bsc#1181158 ltc#190851).\n- selftests/powerpc: Only test lwm/stmw on big endian (bsc#1180412 ltc#190579).\n- selftests/powerpc: spectre_v2 test must be built 64-bit (bsc#1181158 ltc#190851).\n- serial: mvebu-uart: fix tx lost characters at power off (git-fixes).\n- spi: cadence: cache reference clock rate during probe (git-fixes).\n- SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() (for-next).\n- sunrpc: fix xs_read_xdr_buf for partial pages receive (for-next).\n- SUNRPC: rpc_wake_up() should wake up tasks in the correct order (for-next).\n- timers: Preserve higher bits of expiration on index calculation (bsc#1181318).\n- timers: Use only bucket expiry for base->next_expiry value (bsc#1181318).\n- udp: Prevent reuseport_select_sock from reading uninitialized socks (git-fixes).\n- USB: cdc-acm: blacklist another IR Droid device (git-fixes).\n- USB: cdc-wdm: Fix use after free in service_outstanding_interrupt() (git-fixes).\n- usb: dwc3: Add support for DWC_usb32 IP (git-fixes).\n- usb: dwc3: core: Properly default unspecified speed (git-fixes).\n- usb: dwc3: Update soft-reset wait polling rate (git-fixes).\n- USB: ehci: fix an interrupt calltrace error (git-fixes).\n- usb: gadget: aspeed: fix stop dma register setting (git-fixes).\n- usb: gadget: configfs: Fix use-after-free issue with udc_name (git-fixes).\n- usb: gadget: enable super speed plus (git-fixes).\n- usb: gadget: Fix spinlock lockup on usb_function_deactivate (git-fixes).\n- usb: gadget: function: printer: Fix a memory leak for interface descriptor (git-fixes).\n- USB: serial: option: add LongSung M5710 module support (git-fixes).\n- USB: serial: option: add Quectel EM160R-GL (git-fixes).\n- usb: typec: Fix copy paste error for NVIDIA alt-mode description (git-fixes).\n- usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes).\n- usb: udc: core: Use lock when write to soft_connect (git-fixes).\n- USB: usblp: fix DMA to stack (git-fixes).\n- vfio iommu: Add dma available capability (bsc#1179572 LTC#190110).\n- vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc#1181219).\n- vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181220).\n- video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() (git-fixes).\n- video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes).\n- video: fbdev: pvr2fb: initialize variables (git-fixes).\n- video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes).\n- x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1152489).\n- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (bsc#1181077).\n- x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1152489).\n- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).\n- x86/kprobes: Restore BTF if the single-stepping is cancelled (bsc#1152489).\n- x86/topology: Make __max_die_per_package available unconditionally (bsc#1152489).\n- x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1181335).\n- xen-blkfront: allow discard-* nodes to be optional (bsc#1181346).\n- xen/privcmd: allow fetching resource sizes (bsc#1065600).\n- xfs: show the proper user quota options (bsc#1181538).\n- xhci: make sure TRB is fully written before giving it to the controller (git-fixes).\n- xhci: tegra: Delay for disabling LFPS detector (git-fixes).\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2021-241","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0241-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2021:0241-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GZRN6BW22C4S3GVCJVPHDT4HHTLVGVZE/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2021:0241-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GZRN6BW22C4S3GVCJVPHDT4HHTLVGVZE/"},{"category":"self","summary":"SUSE Bug 1065600","url":"https://bugzilla.suse.com/1065600"},{"category":"self","summary":"SUSE Bug 1149032","url":"https://bugzilla.suse.com/1149032"},{"category":"self","summary":"SUSE Bug 1152472","url":"https://bugzilla.suse.com/1152472"},{"category":"self","summary":"SUSE Bug 1152489","url":"https://bugzilla.suse.com/1152489"},{"category":"self","summary":"SUSE Bug 1153274","url":"https://bugzilla.suse.com/1153274"},{"category":"self","summary":"SUSE Bug 1154353","url":"https://bugzilla.suse.com/1154353"},{"category":"self","summary":"SUSE Bug 1155518","url":"https://bugzilla.suse.com/1155518"},{"category":"self","summary":"SUSE Bug 1163930","url":"https://bugzilla.suse.com/1163930"},{"category":"self","summary":"SUSE Bug 1165545","url":"https://bugzilla.suse.com/1165545"},{"category":"self","summary":"SUSE Bug 1167773","url":"https://bugzilla.suse.com/1167773"},{"category":"self","summary":"SUSE Bug 1172355","url":"https://bugzilla.suse.com/1172355"},{"category":"self","summary":"SUSE Bug 1176395","url":"https://bugzilla.suse.com/1176395"},{"category":"self","summary":"SUSE Bug 1176831","url":"https://bugzilla.suse.com/1176831"},{"category":"self","summary":"SUSE Bug 1178142","url":"https://bugzilla.suse.com/1178142"},{"category":"self","summary":"SUSE Bug 1178631","url":"https://bugzilla.suse.com/1178631"},{"category":"self","summary":"SUSE Bug 1179142","url":"https://bugzilla.suse.com/1179142"},{"category":"self","summary":"SUSE Bug 1179396","url":"https://bugzilla.suse.com/1179396"},{"category":"self","summary":"SUSE Bug 1179508","url":"https://bugzilla.suse.com/1179508"},{"category":"self","summary":"SUSE Bug 1179509","url":"https://bugzilla.suse.com/1179509"},{"category":"self","summary":"SUSE Bug 1179567","url":"https://bugzilla.suse.com/1179567"},{"category":"self","summary":"SUSE Bug 1179572","url":"https://bugzilla.suse.com/1179572"},{"category":"self","summary":"SUSE Bug 1180130","url":"https://bugzilla.suse.com/1180130"},{"category":"self","summary":"SUSE Bug 1180264","url":"https://bugzilla.suse.com/1180264"},{"category":"self","summary":"SUSE Bug 1180412","url":"https://bugzilla.suse.com/1180412"},{"category":"self","summary":"SUSE Bug 1180759","url":"https://bugzilla.suse.com/1180759"},{"category":"self","summary":"SUSE Bug 1180765","url":"https://bugzilla.suse.com/1180765"},{"category":"self","summary":"SUSE Bug 1180809","url":"https://bugzilla.suse.com/1180809"},{"category":"self","summary":"SUSE Bug 1180812","url":"https://bugzilla.suse.com/1180812"},{"category":"self","summary":"SUSE Bug 1180848","url":"https://bugzilla.suse.com/1180848"},{"category":"self","summary":"SUSE Bug 1180889","url":"https://bugzilla.suse.com/1180889"},{"category":"self","summary":"SUSE Bug 1180891","url":"https://bugzilla.suse.com/1180891"},{"category":"self","summary":"SUSE Bug 1180971","url":"https://bugzilla.suse.com/1180971"},{"category":"self","summary":"SUSE Bug 1181014","url":"https://bugzilla.suse.com/1181014"},{"category":"self","summary":"SUSE Bug 1181018","url":"https://bugzilla.suse.com/1181018"},{"category":"self","summary":"SUSE Bug 1181077","url":"https://bugzilla.suse.com/1181077"},{"category":"self","summary":"SUSE Bug 1181104","url":"https://bugzilla.suse.com/1181104"},{"category":"self","summary":"SUSE Bug 1181148","url":"https://bugzilla.suse.com/1181148"},{"category":"self","summary":"SUSE Bug 1181158","url":"https://bugzilla.suse.com/1181158"},{"category":"self","summary":"SUSE Bug 1181161","url":"https://bugzilla.suse.com/1181161"},{"category":"self","summary":"SUSE Bug 1181169","url":"https://bugzilla.suse.com/1181169"},{"category":"self","summary":"SUSE Bug 1181203","url":"https://bugzilla.suse.com/1181203"},{"category":"self","summary":"SUSE Bug 1181217","url":"https://bugzilla.suse.com/1181217"},{"category":"self","summary":"SUSE Bug 1181218","url":"https://bugzilla.suse.com/1181218"},{"category":"self","summary":"SUSE Bug 1181219","url":"https://bugzilla.suse.com/1181219"},{"category":"self","summary":"SUSE Bug 1181220","url":"https://bugzilla.suse.com/1181220"},{"category":"self","summary":"SUSE Bug 1181237","url":"https://bugzilla.suse.com/1181237"},{"category":"self","summary":"SUSE Bug 1181318","url":"https://bugzilla.suse.com/1181318"},{"category":"self","summary":"SUSE Bug 1181335","url":"https://bugzilla.suse.com/1181335"},{"category":"self","summary":"SUSE Bug 1181346","url":"https://bugzilla.suse.com/1181346"},{"category":"self","summary":"SUSE Bug 1181349","url":"https://bugzilla.suse.com/1181349"},{"category":"self","summary":"SUSE Bug 1181425","url":"https://bugzilla.suse.com/1181425"},{"category":"self","summary":"SUSE Bug 1181494","url":"https://bugzilla.suse.com/1181494"},{"category":"self","summary":"SUSE Bug 1181504","url":"https://bugzilla.suse.com/1181504"},{"category":"self","summary":"SUSE Bug 1181511","url":"https://bugzilla.suse.com/1181511"},{"category":"self","summary":"SUSE Bug 1181538","url":"https://bugzilla.suse.com/1181538"},{"category":"self","summary":"SUSE Bug 1181584","url":"https://bugzilla.suse.com/1181584"},{"category":"self","summary":"SUSE CVE CVE-2020-25211 page","url":"https://www.suse.com/security/cve/CVE-2020-25211/"},{"category":"self","summary":"SUSE CVE CVE-2020-29568 page","url":"https://www.suse.com/security/cve/CVE-2020-29568/"},{"category":"self","summary":"SUSE CVE CVE-2020-29569 page","url":"https://www.suse.com/security/cve/CVE-2020-29569/"},{"category":"self","summary":"SUSE CVE CVE-2021-0342 page","url":"https://www.suse.com/security/cve/CVE-2021-0342/"},{"category":"self","summary":"SUSE CVE CVE-2021-20177 page","url":"https://www.suse.com/security/cve/CVE-2021-20177/"},{"category":"self","summary":"SUSE CVE CVE-2021-3347 page","url":"https://www.suse.com/security/cve/CVE-2021-3347/"},{"category":"self","summary":"SUSE CVE CVE-2021-3348 page","url":"https://www.suse.com/security/cve/CVE-2021-3348/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2021-02-05T15:14:38Z","generator":{"date":"2021-02-05T15:14:38Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2021:0241-1","initial_release_date":"2021-02-05T15:14:38Z","revision_history":[{"date":"2021-02-05T15:14:38Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-devel-5.3.18-lp152.63.1.noarch","product":{"name":"kernel-devel-5.3.18-lp152.63.1.noarch","product_id":"kernel-devel-5.3.18-lp152.63.1.noarch"}},{"category":"product_version","name":"kernel-docs-5.3.18-lp152.63.1.noarch","product":{"name":"kernel-docs-5.3.18-lp152.63.1.noarch","product_id":"kernel-docs-5.3.18-lp152.63.1.noarch"}},{"category":"product_version","name":"kernel-docs-html-5.3.18-lp152.63.1.noarch","product":{"name":"kernel-docs-html-5.3.18-lp152.63.1.noarch","product_id":"kernel-docs-html-5.3.18-lp152.63.1.noarch"}},{"category":"product_version","name":"kernel-macros-5.3.18-lp152.63.1.noarch","product":{"name":"kernel-macros-5.3.18-lp152.63.1.noarch","product_id":"kernel-macros-5.3.18-lp152.63.1.noarch"}},{"category":"product_version","name":"kernel-source-5.3.18-lp152.63.1.noarch","product":{"name":"kernel-source-5.3.18-lp152.63.1.noarch","product_id":"kernel-source-5.3.18-lp152.63.1.noarch"}},{"category":"product_version","name":"kernel-source-vanilla-5.3.18-lp152.63.1.noarch","product":{"name":"kernel-source-vanilla-5.3.18-lp152.63.1.noarch","product_id":"kernel-source-vanilla-5.3.18-lp152.63.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"kernel-debug-5.3.18-lp152.63.1.x86_64","product":{"name":"kernel-debug-5.3.18-lp152.63.1.x86_64","product_id":"kernel-debug-5.3.18-lp152.63.1.x86_64"}},{"category":"product_version","name":"kernel-debug-devel-5.3.18-lp152.63.1.x86_64","product":{"name":"kernel-debug-devel-5.3.18-lp152.63.1.x86_64","product_id":"kernel-debug-devel-5.3.18-lp152.63.1.x86_64"}},{"category":"product_version","name":"kernel-default-5.3.18-lp152.63.1.x86_64","product":{"name":"kernel-default-5.3.18-lp152.63.1.x86_64","product_id":"kernel-default-5.3.18-lp152.63.1.x86_64"}},{"category":"product_version","name":"kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","product":{"name":"kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","product_id":"kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64"}},{"category":"product_version","name":"kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","product":{"name":"kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","product_id":"kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64"}},{"category":"product_version","name":"kernel-default-devel-5.3.18-lp152.63.1.x86_64","product":{"name":"kernel-default-devel-5.3.18-lp152.63.1.x86_64","product_id":"kernel-default-devel-5.3.18-lp152.63.1.x86_64"}},{"category":"product_version","name":"kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","product":{"name":"kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","product_id":"kernel-kvmsmall-5.3.18-lp152.63.1.x86_64"}},{"category":"product_version","name":"kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","product":{"name":"kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","product_id":"kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64"}},{"category":"product_version","name":"kernel-obs-build-5.3.18-lp152.63.1.x86_64","product":{"name":"kernel-obs-build-5.3.18-lp152.63.1.x86_64","product_id":"kernel-obs-build-5.3.18-lp152.63.1.x86_64"}},{"category":"product_version","name":"kernel-obs-qa-5.3.18-lp152.63.1.x86_64","product":{"name":"kernel-obs-qa-5.3.18-lp152.63.1.x86_64","product_id":"kernel-obs-qa-5.3.18-lp152.63.1.x86_64"}},{"category":"product_version","name":"kernel-preempt-5.3.18-lp152.63.1.x86_64","product":{"name":"kernel-preempt-5.3.18-lp152.63.1.x86_64","product_id":"kernel-preempt-5.3.18-lp152.63.1.x86_64"}},{"category":"product_version","name":"kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","product":{"name":"kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","product_id":"kernel-preempt-devel-5.3.18-lp152.63.1.x86_64"}},{"category":"product_version","name":"kernel-syms-5.3.18-lp152.63.1.x86_64","product":{"name":"kernel-syms-5.3.18-lp152.63.1.x86_64","product_id":"kernel-syms-5.3.18-lp152.63.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.2","product":{"name":"openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.2"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-debug-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64"},"product_reference":"kernel-debug-5.3.18-lp152.63.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-debug-devel-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64"},"product_reference":"kernel-debug-devel-5.3.18-lp152.63.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-default-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64"},"product_reference":"kernel-default-5.3.18-lp152.63.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64"},"product_reference":"kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64"},"product_reference":"kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-default-devel-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64"},"product_reference":"kernel-default-devel-5.3.18-lp152.63.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-devel-5.3.18-lp152.63.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch"},"product_reference":"kernel-devel-5.3.18-lp152.63.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-docs-5.3.18-lp152.63.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch"},"product_reference":"kernel-docs-5.3.18-lp152.63.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-docs-html-5.3.18-lp152.63.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch"},"product_reference":"kernel-docs-html-5.3.18-lp152.63.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-kvmsmall-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64"},"product_reference":"kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64"},"product_reference":"kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-macros-5.3.18-lp152.63.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch"},"product_reference":"kernel-macros-5.3.18-lp152.63.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-obs-build-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64"},"product_reference":"kernel-obs-build-5.3.18-lp152.63.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-obs-qa-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64"},"product_reference":"kernel-obs-qa-5.3.18-lp152.63.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-preempt-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64"},"product_reference":"kernel-preempt-5.3.18-lp152.63.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-preempt-devel-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64"},"product_reference":"kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-5.3.18-lp152.63.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch"},"product_reference":"kernel-source-5.3.18-lp152.63.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-vanilla-5.3.18-lp152.63.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch"},"product_reference":"kernel-source-vanilla-5.3.18-lp152.63.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-syms-5.3.18-lp152.63.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"},"product_reference":"kernel-syms-5.3.18-lp152.63.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"}]},"vulnerabilities":[{"cve":"CVE-2020-25211","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-25211"}],"notes":[{"category":"general","text":"In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-25211","url":"https://www.suse.com/security/cve/CVE-2020-25211"},{"category":"external","summary":"SUSE Bug 1176395 for CVE-2020-25211","url":"https://bugzilla.suse.com/1176395"},{"category":"external","summary":"SUSE Bug 1192356 for CVE-2020-25211","url":"https://bugzilla.suse.com/1192356"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.9,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-02-05T15:14:38Z","details":"moderate"}],"title":"CVE-2020-25211"},{"cve":"CVE-2020-29568","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-29568"}],"notes":[{"category":"general","text":"An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-29568","url":"https://www.suse.com/security/cve/CVE-2020-29568"},{"category":"external","summary":"SUSE Bug 1179508 for CVE-2020-29568","url":"https://bugzilla.suse.com/1179508"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-02-05T15:14:38Z","details":"moderate"}],"title":"CVE-2020-29568"},{"cve":"CVE-2020-29569","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-29569"}],"notes":[{"category":"general","text":"An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-29569","url":"https://www.suse.com/security/cve/CVE-2020-29569"},{"category":"external","summary":"SUSE Bug 1179509 for CVE-2020-29569","url":"https://bugzilla.suse.com/1179509"},{"category":"external","summary":"SUSE Bug 1180008 for CVE-2020-29569","url":"https://bugzilla.suse.com/1180008"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-02-05T15:14:38Z","details":"important"}],"title":"CVE-2020-29569"},{"cve":"CVE-2021-0342","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-0342"}],"notes":[{"category":"general","text":"In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-0342","url":"https://www.suse.com/security/cve/CVE-2021-0342"},{"category":"external","summary":"SUSE Bug 1180812 for CVE-2021-0342","url":"https://bugzilla.suse.com/1180812"},{"category":"external","summary":"SUSE Bug 1180859 for CVE-2021-0342","url":"https://bugzilla.suse.com/1180859"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-02-05T15:14:38Z","details":"important"}],"title":"CVE-2021-0342"},{"cve":"CVE-2021-20177","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-20177"}],"notes":[{"category":"general","text":"A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-20177","url":"https://www.suse.com/security/cve/CVE-2021-20177"},{"category":"external","summary":"SUSE Bug 1180765 for CVE-2021-20177","url":"https://bugzilla.suse.com/1180765"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-02-05T15:14:38Z","details":"moderate"}],"title":"CVE-2021-20177"},{"cve":"CVE-2021-3347","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-3347"}],"notes":[{"category":"general","text":"An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-3347","url":"https://www.suse.com/security/cve/CVE-2021-3347"},{"category":"external","summary":"SUSE Bug 1181349 for CVE-2021-3347","url":"https://bugzilla.suse.com/1181349"},{"category":"external","summary":"SUSE Bug 1181553 for CVE-2021-3347","url":"https://bugzilla.suse.com/1181553"},{"category":"external","summary":"SUSE Bug 1190859 for CVE-2021-3347","url":"https://bugzilla.suse.com/1190859"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.4,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-02-05T15:14:38Z","details":"important"}],"title":"CVE-2021-3347"},{"cve":"CVE-2021-3348","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-3348"}],"notes":[{"category":"general","text":"nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-3348","url":"https://www.suse.com/security/cve/CVE-2021-3348"},{"category":"external","summary":"SUSE Bug 1181504 for CVE-2021-3348","url":"https://bugzilla.suse.com/1181504"},{"category":"external","summary":"SUSE Bug 1181645 for CVE-2021-3348","url":"https://bugzilla.suse.com/1181645"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.63.1.lp152.8.21.1.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.63.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.63.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.63.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-02-05T15:14:38Z","details":"moderate"}],"title":"CVE-2021-3348"}]}