{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666)\n- CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601)\n- CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595)\n- CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554)\n- CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452)\n\nThe following non-security bugs were fixed:\n\n- 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#1187263).\n- alx: Fix an error handling path in 'alx_probe()' (git-fixes).\n- asm-generic/hyperv: Add missing function prototypes per -W1 warnings (bsc#1186071).\n- ASoC: fsl-asoc-card: Set .owner attribute when registering card (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes).\n- ASoC: max98088: fix ni clock divider calculation (git-fixes).\n- ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes).\n- ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (git-fixes).\n- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).\n- ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes).\n- batman-adv: Avoid WARN_ON timing related checks (git-fixes).\n- be2net: Fix an error handling path in 'be_probe()' (git-fixes).\n- block: Discard page cache of zone reset target range (bsc#1187402).\n- Bluetooth: Add a new USB ID for RTL8822CE (git-fixes).\n- Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).\n- bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274).\n- bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1177028).\n- bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028).\n- bpfilter: Specify the log level for the kmsg message (bsc#1155518).\n- can: mcba_usb: fix memory leak in mcba_usb (git-fixes).\n- ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927).\n- cfg80211: avoid double free of PMSR request (git-fixes).\n- cfg80211: make certificate generation more robust (git-fixes).\n- cgroup1: do not allow '\\n' in renaming (bsc#1187972).\n- clocksource/drivers/hyper-v: Handle sched_clock differences inline (bsc#1186071).\n- clocksource/drivers/hyper-v: Move handling of STIMER0 interrupts (bsc#1186071).\n- clocksource/drivers/hyper-v: Set clocksource rating based on Hyper-V feature (bsc#1186071).\n- cxgb4: fix endianness when flashing boot image (jsc#SLE-15131).\n- cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131).\n- cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131).\n- cxgb4: fix wrong shift (git-fixes).\n- cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131).\n- dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).\n- dax: Add an enum for specifying dax wakup mode (bsc#1187411).\n- dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212).\n- dax: Wake up all waiters after invalidating dax entry (bsc#1187411).\n- dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes).\n- dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (git-fixes).\n- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes).\n- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).\n- dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes).\n- drivers: hv: Create a consistent pattern for checking Hyper-V hypercall status (bsc#1186071).\n- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (bsc#1186071).\n- Drivers: hv: Redo Hyper-V synthetic MSR get/set functions (bsc#1186071).\n- Drivers: hv: vmbus: Check for pending channel interrupts before taking a CPU offline (bsc#1186071).\n- Drivers: hv: vmbus: Drivers: hv: vmbus: Introduce CHANNELMSG_MODIFYCHANNEL_RESPONSE (bsc#1186071).\n- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1183682).\n- Drivers: hv: vmbus: Handle auto EOI quirk inline (bsc#1186071).\n- Drivers: hv: vmbus: Introduce and negotiate VMBus protocol version 5.3 (bsc#1186071).\n- Drivers: hv: vmbus: Move handling of VMbus interrupts (bsc#1186071).\n- Drivers: hv: vmbus: Move hyperv_report_panic_msg to arch neutral code (bsc#1186071).\n- Drivers: hv: vmbus: remove unused function (bsc#1186071).\n- Drivers: hv: vmbus: Remove unused linux/version.h header (bsc#1186071).\n- drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes).\n- drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes).\n- drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes).\n- drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes).\n- drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes).\n- drm/tegra: sor: Do not leak runtime PM reference (git-fixes).\n- drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes).\n- drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes).\n- drm: Fix use-after-free read in drm_getunique() (git-fixes).\n- drm: Lock pointer access in drm_master_release() (git-fixes).\n- dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).\n- ethtool: strset: fix message length calculation (bsc#1176447).\n- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408).\n- ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404).\n- ext4: fix error code in ext4_commit_super (bsc#1187407).\n- ext4: fix memory leak in ext4_fill_super (bsc#1187409).\n- FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886).\n- fs: fix reporting supported extra file attributes for statx() (bsc#1187410).\n- ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).\n- ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).\n- fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356).\n- HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).\n- HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).\n- HID: hid-input: add mapping for emoji picker key (git-fixes).\n- HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes).\n- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes).\n- HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).\n- HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes).\n- hv: hyperv.h: a few mundane typo fixes (bsc#1186071).\n- hv_netvsc: Add a comment clarifying batching logic (bsc#1186071).\n- hv_netvsc: Add error handling while switching data path (bsc#1186071).\n- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (bsc#1186071).\n- hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes).\n- i2c: mpc: Make use of i2c_recover_bus() (git-fixes).\n- ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926).\n- ice: parameterize functions responsible for Tx ring management (jsc#SLE-12878).\n- isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).\n- kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.\n- kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes).\n- kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867).\n- kthread_worker: split code for canceling the delayed work timer (bsc#1187867).\n- kyber: fix out of bounds access when preempted (bsc#1187403).\n- lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493).\n- media: mtk-mdp: Check return value of of_clk_get (git-fixes).\n- media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).\n- media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes).\n- mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1176774).\n- mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes).\n- module: limit enabling module.sig_enforce (git-fixes).\n- net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes).\n- net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172).\n- net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172).\n- net/mlx5: Fix PBMC register mapping (git-fixes).\n- net/mlx5: Fix placement of log_max_flow_counter (git-fixes).\n- net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes).\n- net/mlx5: Reset mkey index on creation (jsc#SLE-15172).\n- net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes).\n- net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).\n- net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).\n- net/nfc/rawsock.c: fix a permission check bug (git-fixes).\n- net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).\n- net/x25: Return the correct errno code (git-fixes).\n- net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171).\n- netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes).\n- NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).\n- NFS: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes).\n- NFS: Fix use-after-free in nfs4_init_client() (git-fixes).\n- nvmem: rmem: fix undefined reference to memremap (git-fixes).\n- ocfs2: fix data corruption by fallocate (bsc#1187412).\n- PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).\n- PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).\n- PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).\n- PCI: hv: Drop msi_controller structure (bsc#1186071).\n- PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).\n- PCI: Mark TI C667X to avoid bus reset (git-fixes).\n- PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).\n- perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1 (git-fixes).\n- perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685).\n- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes).\n- qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486).\n- qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes).\n- radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).\n- regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes).\n- Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949)\n- Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413).\n- Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041).\n- Revert 'PCI: PM: Do not read power state in pci_enable_device_flags()' (git-fixes).\n- Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes).\n- Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489)\n- s390/dasd: add missing discipline function (git-fixes).\n- s390/stack: fix possible register corruption with stack switch helper (bsc#1185677).\n- sched/debug: Fix cgroup_path[] serialization (git-fixes)\n- sched/fair: Keep load_avg and load_sum synced (git-fixes)\n- scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883).\n- scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886).\n- scsi: storvsc: Enable scatterlist entry lengths > 4Kbytes (bsc#1186071).\n- scsi: storvsc: Parameterize number hardware queues (bsc#1186071).\n- scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795).\n- SCSI: ufs: fix ktime_t kabi change (bsc#1187795).\n- scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).\n- spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes).\n- spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).\n- spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes).\n- SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).\n- SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).\n- tracing: Correct the length check which causes memory corruption (git-fixes).\n- tracing: Do no increment trace_clock_global() by one (git-fixes).\n- tracing: Do not stop recording cmdlines when tracing is off (git-fixes).\n- tracing: Do not stop recording comms if the trace file is being read (git-fixes).\n- tracing: Restructure trace_clock_global() to never block (git-fixes).\n- USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).\n- USB: dwc3: core: fix kernel panic when do reboot (git-fixes).\n- USB: dwc3: core: fix kernel panic when do reboot (git-fixes).\n- USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes).\n- USB: dwc3: ep0: fix NULL pointer exception (git-fixes).\n- USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes).\n- USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes).\n- USB: fix various gadget panics on 10gbps cabling (git-fixes).\n- USB: fix various gadget panics on 10gbps cabling (git-fixes).\n- USB: gadget: eem: fix wrong eem header operation (git-fixes).\n- USB: gadget: eem: fix wrong eem header operation (git-fixes).\n- USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes).\n- USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes).\n- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).\n- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).\n- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).\n- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).\n- video: hgafb: correctly handle card detect failure during probe (git-fixes).\n- video: hgafb: fix potential NULL pointer dereference (git-fixes).\n- vrf: fix maximum MTU (git-fixes).\n- x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134).\n- x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() (bsc#1178134).\n- x86/hyper-v: Move hv_message_type to architecture neutral module\n- x86/hyperv: Fix unused variable 'hi' warning in hv_apic_read (bsc#1186071).\n- x86/hyperv: Fix unused variable 'msr_val' warning in hv_qlock_wait (bsc#1186071).\n- x86/hyperv: Move hv_do_rep_hypercall to asm-generic (bsc#1186071).\n- x86/hyperv: remove unused linux/version.h header (bsc#1186071).\n- x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489).\n- x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489).\n- xen-blkback: fix compatibility bug with single page rings (git-fixes).\n- xen-pciback: reconfigure also from backend watch handler (git-fixes).\n- xen-pciback: redo VF placement in the virtual topology (git-fixes).\n- xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes).\n- xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675).\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-SLE-15.3-2021-2305","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_2305-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2021:2305-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BBGE5AIDX3NT46HPS2IYLFESAEFCTG6O/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2021:2305-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BBGE5AIDX3NT46HPS2IYLFESAEFCTG6O/"},{"category":"self","summary":"SUSE Bug 1152489","url":"https://bugzilla.suse.com/1152489"},{"category":"self","summary":"SUSE Bug 1153274","url":"https://bugzilla.suse.com/1153274"},{"category":"self","summary":"SUSE Bug 1154353","url":"https://bugzilla.suse.com/1154353"},{"category":"self","summary":"SUSE Bug 1155518","url":"https://bugzilla.suse.com/1155518"},{"category":"self","summary":"SUSE Bug 1164648","url":"https://bugzilla.suse.com/1164648"},{"category":"self","summary":"SUSE Bug 1176447","url":"https://bugzilla.suse.com/1176447"},{"category":"self","summary":"SUSE Bug 1176774","url":"https://bugzilla.suse.com/1176774"},{"category":"self","summary":"SUSE Bug 1176919","url":"https://bugzilla.suse.com/1176919"},{"category":"self","summary":"SUSE Bug 1177028","url":"https://bugzilla.suse.com/1177028"},{"category":"self","summary":"SUSE Bug 1178134","url":"https://bugzilla.suse.com/1178134"},{"category":"self","summary":"SUSE Bug 1182470","url":"https://bugzilla.suse.com/1182470"},{"category":"self","summary":"SUSE Bug 1183682","url":"https://bugzilla.suse.com/1183682"},{"category":"self","summary":"SUSE Bug 1184212","url":"https://bugzilla.suse.com/1184212"},{"category":"self","summary":"SUSE Bug 1184685","url":"https://bugzilla.suse.com/1184685"},{"category":"self","summary":"SUSE Bug 1185486","url":"https://bugzilla.suse.com/1185486"},{"category":"self","summary":"SUSE Bug 1185675","url":"https://bugzilla.suse.com/1185675"},{"category":"self","summary":"SUSE Bug 1185677","url":"https://bugzilla.suse.com/1185677"},{"category":"self","summary":"SUSE Bug 1186071","url":"https://bugzilla.suse.com/1186071"},{"category":"self","summary":"SUSE Bug 1186206","url":"https://bugzilla.suse.com/1186206"},{"category":"self","summary":"SUSE Bug 1186666","url":"https://bugzilla.suse.com/1186666"},{"category":"self","summary":"SUSE Bug 1186949","url":"https://bugzilla.suse.com/1186949"},{"category":"self","summary":"SUSE Bug 1187171","url":"https://bugzilla.suse.com/1187171"},{"category":"self","summary":"SUSE Bug 1187263","url":"https://bugzilla.suse.com/1187263"},{"category":"self","summary":"SUSE Bug 1187356","url":"https://bugzilla.suse.com/1187356"},{"category":"self","summary":"SUSE Bug 1187402","url":"https://bugzilla.suse.com/1187402"},{"category":"self","summary":"SUSE Bug 1187403","url":"https://bugzilla.suse.com/1187403"},{"category":"self","summary":"SUSE Bug 1187404","url":"https://bugzilla.suse.com/1187404"},{"category":"self","summary":"SUSE Bug 1187407","url":"https://bugzilla.suse.com/1187407"},{"category":"self","summary":"SUSE Bug 1187408","url":"https://bugzilla.suse.com/1187408"},{"category":"self","summary":"SUSE Bug 1187409","url":"https://bugzilla.suse.com/1187409"},{"category":"self","summary":"SUSE Bug 1187410","url":"https://bugzilla.suse.com/1187410"},{"category":"self","summary":"SUSE Bug 1187411","url":"https://bugzilla.suse.com/1187411"},{"category":"self","summary":"SUSE Bug 1187412","url":"https://bugzilla.suse.com/1187412"},{"category":"self","summary":"SUSE Bug 1187413","url":"https://bugzilla.suse.com/1187413"},{"category":"self","summary":"SUSE Bug 1187452","url":"https://bugzilla.suse.com/1187452"},{"category":"self","summary":"SUSE Bug 1187554","url":"https://bugzilla.suse.com/1187554"},{"category":"self","summary":"SUSE Bug 1187595","url":"https://bugzilla.suse.com/1187595"},{"category":"self","summary":"SUSE Bug 1187601","url":"https://bugzilla.suse.com/1187601"},{"category":"self","summary":"SUSE Bug 1187795","url":"https://bugzilla.suse.com/1187795"},{"category":"self","summary":"SUSE Bug 1187867","url":"https://bugzilla.suse.com/1187867"},{"category":"self","summary":"SUSE Bug 1187883","url":"https://bugzilla.suse.com/1187883"},{"category":"self","summary":"SUSE Bug 1187886","url":"https://bugzilla.suse.com/1187886"},{"category":"self","summary":"SUSE Bug 1187927","url":"https://bugzilla.suse.com/1187927"},{"category":"self","summary":"SUSE Bug 1187972","url":"https://bugzilla.suse.com/1187972"},{"category":"self","summary":"SUSE Bug 1187980","url":"https://bugzilla.suse.com/1187980"},{"category":"self","summary":"SUSE CVE CVE-2021-0512 page","url":"https://www.suse.com/security/cve/CVE-2021-0512/"},{"category":"self","summary":"SUSE CVE CVE-2021-0605 page","url":"https://www.suse.com/security/cve/CVE-2021-0605/"},{"category":"self","summary":"SUSE CVE CVE-2021-33624 page","url":"https://www.suse.com/security/cve/CVE-2021-33624/"},{"category":"self","summary":"SUSE CVE CVE-2021-34693 page","url":"https://www.suse.com/security/cve/CVE-2021-34693/"},{"category":"self","summary":"SUSE CVE CVE-2021-3573 page","url":"https://www.suse.com/security/cve/CVE-2021-3573/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2021-07-13T11:02:02Z","generator":{"date":"2021-07-13T11:02:02Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2021:2305-1","initial_release_date":"2021-07-13T11:02:02Z","revision_history":[{"date":"2021-07-13T11:02:02Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-devel-azure-5.3.18-38.11.1.noarch","product":{"name":"kernel-devel-azure-5.3.18-38.11.1.noarch","product_id":"kernel-devel-azure-5.3.18-38.11.1.noarch"}},{"category":"product_version","name":"kernel-source-azure-5.3.18-38.11.1.noarch","product":{"name":"kernel-source-azure-5.3.18-38.11.1.noarch","product_id":"kernel-source-azure-5.3.18-38.11.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","product":{"name":"cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","product_id":"cluster-md-kmp-azure-5.3.18-38.11.1.x86_64"}},{"category":"product_version","name":"dlm-kmp-azure-5.3.18-38.11.1.x86_64","product":{"name":"dlm-kmp-azure-5.3.18-38.11.1.x86_64","product_id":"dlm-kmp-azure-5.3.18-38.11.1.x86_64"}},{"category":"product_version","name":"gfs2-kmp-azure-5.3.18-38.11.1.x86_64","product":{"name":"gfs2-kmp-azure-5.3.18-38.11.1.x86_64","product_id":"gfs2-kmp-azure-5.3.18-38.11.1.x86_64"}},{"category":"product_version","name":"kernel-azure-5.3.18-38.11.1.x86_64","product":{"name":"kernel-azure-5.3.18-38.11.1.x86_64","product_id":"kernel-azure-5.3.18-38.11.1.x86_64"}},{"category":"product_version","name":"kernel-azure-devel-5.3.18-38.11.1.x86_64","product":{"name":"kernel-azure-devel-5.3.18-38.11.1.x86_64","product_id":"kernel-azure-devel-5.3.18-38.11.1.x86_64"}},{"category":"product_version","name":"kernel-azure-extra-5.3.18-38.11.1.x86_64","product":{"name":"kernel-azure-extra-5.3.18-38.11.1.x86_64","product_id":"kernel-azure-extra-5.3.18-38.11.1.x86_64"}},{"category":"product_version","name":"kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","product":{"name":"kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","product_id":"kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64"}},{"category":"product_version","name":"kernel-azure-optional-5.3.18-38.11.1.x86_64","product":{"name":"kernel-azure-optional-5.3.18-38.11.1.x86_64","product_id":"kernel-azure-optional-5.3.18-38.11.1.x86_64"}},{"category":"product_version","name":"kernel-syms-azure-5.3.18-38.11.1.x86_64","product":{"name":"kernel-syms-azure-5.3.18-38.11.1.x86_64","product_id":"kernel-syms-azure-5.3.18-38.11.1.x86_64"}},{"category":"product_version","name":"kselftests-kmp-azure-5.3.18-38.11.1.x86_64","product":{"name":"kselftests-kmp-azure-5.3.18-38.11.1.x86_64","product_id":"kselftests-kmp-azure-5.3.18-38.11.1.x86_64"}},{"category":"product_version","name":"ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","product":{"name":"ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","product_id":"ocfs2-kmp-azure-5.3.18-38.11.1.x86_64"}},{"category":"product_version","name":"reiserfs-kmp-azure-5.3.18-38.11.1.x86_64","product":{"name":"reiserfs-kmp-azure-5.3.18-38.11.1.x86_64","product_id":"reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.3","product":{"name":"openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.3"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"cluster-md-kmp-azure-5.3.18-38.11.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64"},"product_reference":"cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"dlm-kmp-azure-5.3.18-38.11.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64"},"product_reference":"dlm-kmp-azure-5.3.18-38.11.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"gfs2-kmp-azure-5.3.18-38.11.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64"},"product_reference":"gfs2-kmp-azure-5.3.18-38.11.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"kernel-azure-5.3.18-38.11.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64"},"product_reference":"kernel-azure-5.3.18-38.11.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"kernel-azure-devel-5.3.18-38.11.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64"},"product_reference":"kernel-azure-devel-5.3.18-38.11.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"kernel-azure-extra-5.3.18-38.11.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64"},"product_reference":"kernel-azure-extra-5.3.18-38.11.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64"},"product_reference":"kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"kernel-azure-optional-5.3.18-38.11.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64"},"product_reference":"kernel-azure-optional-5.3.18-38.11.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"kernel-devel-azure-5.3.18-38.11.1.noarch as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch"},"product_reference":"kernel-devel-azure-5.3.18-38.11.1.noarch","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-azure-5.3.18-38.11.1.noarch as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch"},"product_reference":"kernel-source-azure-5.3.18-38.11.1.noarch","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"kernel-syms-azure-5.3.18-38.11.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64"},"product_reference":"kernel-syms-azure-5.3.18-38.11.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"kselftests-kmp-azure-5.3.18-38.11.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64"},"product_reference":"kselftests-kmp-azure-5.3.18-38.11.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"ocfs2-kmp-azure-5.3.18-38.11.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64"},"product_reference":"ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"reiserfs-kmp-azure-5.3.18-38.11.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"},"product_reference":"reiserfs-kmp-azure-5.3.18-38.11.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"}]},"vulnerabilities":[{"cve":"CVE-2021-0512","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-0512"}],"notes":[{"category":"general","text":"In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-0512","url":"https://www.suse.com/security/cve/CVE-2021-0512"},{"category":"external","summary":"SUSE Bug 1187595 for CVE-2021-0512","url":"https://bugzilla.suse.com/1187595"},{"category":"external","summary":"SUSE Bug 1187597 for CVE-2021-0512","url":"https://bugzilla.suse.com/1187597"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.4,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T11:02:02Z","details":"important"}],"title":"CVE-2021-0512"},{"cve":"CVE-2021-0605","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-0605"}],"notes":[{"category":"general","text":"In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-0605","url":"https://www.suse.com/security/cve/CVE-2021-0605"},{"category":"external","summary":"SUSE Bug 1187601 for CVE-2021-0605","url":"https://bugzilla.suse.com/1187601"},{"category":"external","summary":"SUSE Bug 1187687 for CVE-2021-0605","url":"https://bugzilla.suse.com/1187687"},{"category":"external","summary":"SUSE Bug 1188381 for CVE-2021-0605","url":"https://bugzilla.suse.com/1188381"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.4,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T11:02:02Z","details":"important"}],"title":"CVE-2021-0605"},{"cve":"CVE-2021-33624","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-33624"}],"notes":[{"category":"general","text":"In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-33624","url":"https://www.suse.com/security/cve/CVE-2021-33624"},{"category":"external","summary":"SUSE Bug 1187554 for CVE-2021-33624","url":"https://bugzilla.suse.com/1187554"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T11:02:02Z","details":"moderate"}],"title":"CVE-2021-33624"},{"cve":"CVE-2021-34693","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-34693"}],"notes":[{"category":"general","text":"net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-34693","url":"https://www.suse.com/security/cve/CVE-2021-34693"},{"category":"external","summary":"SUSE Bug 1187452 for CVE-2021-34693","url":"https://bugzilla.suse.com/1187452"},{"category":"external","summary":"SUSE Bug 1192868 for CVE-2021-34693","url":"https://bugzilla.suse.com/1192868"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.2,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T11:02:02Z","details":"moderate"}],"title":"CVE-2021-34693"},{"cve":"CVE-2021-3573","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-3573"}],"notes":[{"category":"general","text":"A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-3573","url":"https://www.suse.com/security/cve/CVE-2021-3573"},{"category":"external","summary":"SUSE Bug 1186666 for CVE-2021-3573","url":"https://bugzilla.suse.com/1186666"},{"category":"external","summary":"SUSE Bug 1187054 for CVE-2021-3573","url":"https://bugzilla.suse.com/1187054"},{"category":"external","summary":"SUSE Bug 1188172 for CVE-2021-3573","url":"https://bugzilla.suse.com/1188172"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.4,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-extra-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-azure-optional-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kernel-devel-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-source-azure-5.3.18-38.11.1.noarch","openSUSE Leap 15.3:kernel-syms-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-38.11.1.x86_64","openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-38.11.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T11:02:02Z","details":"important"}],"title":"CVE-2021-3573"}]}