{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"\n\nThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2019-3459,CVE-2019-3460: Two information leaks in the bluetooth stack were fixed. (bnc#1120758).\n- CVE-2019-7221: A use-after-free in the KVM nVMX hrtimer was fixed.  (bnc#1124732).\n- CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests. (bnc#1124735).\n- CVE-2019-6974: A use-after-free in the KVM device control API was fixed.  (bnc#1124728).\n- CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971).\n\nThe following non-security bugs were fixed:\n\n- 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510).\n- 9p: clear dangling pointers in p9stat_free (bsc#1051510).\n- 9p locks: fix glock.client_id leak in do_lock (bsc#1051510).\n- 9p/net: put a lower bound on msize (bsc#1051510).\n- acpi/nfit: Block function zero DSMs (bsc#1051510).\n- acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969).\n- acpi/nfit: Fix command-supported detection (bsc#1051510).\n- acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662).\n- acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969).\n- ACPI: power: Skip duplicate power resource references in _PRx (bsc#1051510).\n- Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092).\n- af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510).\n- alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510).\n- alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510).\n- alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510).\n- alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510).\n- alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510).\n- alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510).\n- alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510).\n- alsa: hda - Serialize codec registrations (bsc#1122944).\n- alsa: hda - Use standard device registration for beep (bsc#1122944).\n- alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510).\n- alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510).\n- alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510).\n- amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927).\n- arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510).\n- arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510).\n- arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510).\n- arm/arm64: kvm:vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510).\n- arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510).\n- arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510).\n- arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510).\n- arm: kvm:Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510).\n- arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510).\n- arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510).\n- arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510).\n- ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510).\n- ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510).\n- ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04).\n- be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252).\n- blkdev: avoid migration stalls for blkdev pages (bsc#1084216).\n- blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510).\n- block: break discard submissions into the user defined size (git-fixes).\n- block: cleanup __blkdev_issue_discard() (git-fixes).\n- block: do not deal with discard limit in blkdev_issue_discard() (git-fixes).\n- block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes).\n- block: fix infinite loop if the device loses discard capability (git-fixes).\n- block: make sure discard bio is aligned with logical block size (git-fixes).\n- block: make sure writesame bio is aligned with logical block size (git-fixes).\n- block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes).\n- bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323).\n- bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323).\n- bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323).\n- bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323).\n- bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323).\n- bonding: update nest level on unlink (git-fixes).\n- bsg: allocate sense buffer if requested (bsc#1106811).\n- btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324).\n- can: bcm: check timer values before ktime conversion (bsc#1051510).\n- can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510).\n- can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510).\n- cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510).\n- char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510).\n- checkstack.pl: fix for aarch64 (bsc#1051510).\n- cifs: add missing debug entries for kconfig options (bsc#1051510).\n- cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510).\n- cifs: add sha512 secmech (bsc#1051510).\n- cifs: Add support for reading attributes on SMB2+ (bsc#1051510).\n- cifs: Add support for writing attributes on SMB2+ (bsc#1051510).\n- cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510).\n- cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510).\n- cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510).\n- cifs: Fix memory leak in smb2_set_ea() (bsc#1051510).\n- cifs: fix return value for cifs_listxattr (bsc#1051510).\n- cifs: Fix separator when building path from dentry (bsc#1051510).\n- cifs: fix set info (bsc#1051510).\n- cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510).\n- cifs: fix wrapping bugs in num_entries() (bsc#1051510).\n- cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510).\n- cifs: hide unused functions (bsc#1051510).\n- cifs: hide unused functions (bsc#1051510).\n- cifs: implement v3.11 preauth integrity (bsc#1051510).\n- cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510).\n- cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510).\n- cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510).\n- cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510).\n- cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510).\n- cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510).\n- cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510).\n- cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510).\n- cifs: Use ULL suffix for 64-bit constant (bsc#1051510).\n- clk: imx6q: reset exclusive gates on init (bsc#1051510).\n- clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510).\n- clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510).\n- clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510).\n- cpufreq: imx6q: add return value check for voltage scale (bsc#1051510).\n- Cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510).\n- crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510).\n- crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510).\n- crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510).\n- crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510).\n- crypto: user - support incremental algorithm dumps (bsc#1120902).\n- dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510).\n- dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510).\n- dlm: memory leaks on error path in dlm_user_request() (bsc#1051510).\n- dlm: possible memory leak on error path in create_lkb() (bsc#1051510).\n- dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510).\n- dmaengine: at_hdmac: fix module unloading (bsc#1051510).\n- dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510).\n- dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510).\n- dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510).\n- dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes).\n- dm: call blk_queue_split() to impose device limits on bios (git-fixes).\n- dm: do not allow readahead to limit IO size (git-fixes).\n- dm thin: send event about thin-pool state change _after_ making it (git-fixes).\n- dm zoned: Fix target BIO completion handling (git-fixes).\n- Do not log expected error on DFS referral request (bsc#1051510).\n- driver core: Move async_synchronize_full call (bsc#1051510).\n- drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510).\n- drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510).\n- drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ).\n- drivers/sbus/char: add of_node_put() (bsc#1051510).\n- drivers/tty: add missing of_node_put() (bsc#1051510).\n- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)\n- drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722)\n- drm/i915/gvt: Fix mmap range check (bsc#1120902)\n- drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538).\n- drm/vmwgfx: Fix setting of dma masks (bsc#1120902)\n- drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902)\n- e1000e: allow non-monotonic SYSTIM readings (bsc#1051510).\n- exportfs: do not read dentry after free (bsc#1051510).\n- ext4: Fix crash during online resizing (bsc#1122779).\n- fanotify: fix handling of events on child sub-directory (bsc#1122019).\n- fat: validate ->i_start before using (bsc#1051510).\n- fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510).\n- fork: do not copy inconsistent signal handler state to child (bsc#1051510).\n- fork: record start_time late (git-fixes).\n- fork: unconditionally clear stack on fork (git-fixes).\n- fs/cifs: require sha512 (bsc#1051510).\n- gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510).\n- gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510).\n- gpio: pl061: handle failed allocations (bsc#1051510).\n- gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510).\n- gpio: vf610: Mask all GPIO interrupts (bsc#1051510).\n- gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04).\n- hfs: do not free node before using (bsc#1051510).\n- hfsplus: do not free node before using (bsc#1051510).\n- hfsplus: prevent btree data loss on root split (bsc#1051510).\n- hfs: prevent btree data loss on root split (bsc#1051510).\n- i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510).\n- i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662).\n- i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662).\n- i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662).\n- ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).\n- ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04).\n- ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).\n- ibmvnic: Increase maximum queue size limit (bsc#1121726).\n- ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).\n- ide: pmac: add of_node_put() (bsc#1051510).\n- ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04).\n- input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bsc#1051510).\n- input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510).\n- input: raspberrypi-ts - fix link error (git-fixes).\n- input: restore EV_ABS ABS_RESERVED (bsc#1051510).\n- input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510).\n- input: synaptics - enable SMBus for HP EliteBook 840 G4 (bsc#1051510).\n- input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666).\n- iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).\n- iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).\n- iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).\n- iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).\n- ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04).\n- ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes).\n- ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510).\n- ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes).\n- ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04).\n- ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12).\n- ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12).\n- ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04).\n- ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12).\n- ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04).\n- ip: validate header length on virtual device xmit (networking-stable-19_01_04).\n- iscsi target: fix session creation failure handling (bsc#1051510).\n- isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510).\n- iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).\n- iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).\n- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).\n- jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510).\n- kABI: fix xhci kABI stability (bsc#1119086).\n- kABI: protect struct sctp_association (kabi).\n- kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944).\n- kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944).\n- kdb: use memmove instead of overlapping memcpy (bsc#1120954).\n- kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes).\n- kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155).\n- kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155).\n- kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155).\n- kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155).\n- kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589).\n- kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279).\n- kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204).\n- lan78xx: Resolve issue with changing MAC address (bsc#1051510).\n- libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).\n- lib/rbtree-test: lower default params (git-fixes).\n- lockd: fix access beyond unterminated strings in prints (git-fixes).\n- LSM: Check for NULL cred-security on free (bsc#1051510).\n- md: fix raid10 hang issue caused by barrier (git-fixes).\n- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510).\n- media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610).\n- media: v4l2-tpg: array index could become negative (bsc#1051510).\n- media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510).\n- media: vb2: be sure to unlock mutex on errors (bsc#1051510).\n- media: vb2: vb2_mmap: move lock up (bsc#1051510).\n- media: vivid: fix error handling of kthread_run (bsc#1051510).\n- media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510).\n- media: vivid: set min width/height to a value > 0 (bsc#1051510).\n- mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510).\n- mfd: tps6586x: Handle interrupts on suspend (bsc#1051510).\n- misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510).\n- misc: hmc6352: fix potential Spectre v1 (bsc#1051510).\n- misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510).\n- misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510).\n- misc: sram: enable clock before registering regions (bsc#1051510).\n- misc: sram: fix resource leaks in probe error path (bsc#1051510).\n- misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510).\n- misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510).\n- mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510).\n- mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510).\n- mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510).\n- mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510).\n- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).\n- mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).\n- mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).\n- mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).\n- mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).\n- mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216).\n- mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216)\n- mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216).\n- mm: migration: factor out code to compute expected number of page references (bsc#1084216).\n- Move the upstreamed HD-audio fix into sorted section\n- mpt3sas: check sense buffer before copying sense data (bsc#1106811).\n- neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12).\n- net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12).\n- net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04).\n- net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04).\n- net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353).\n- net: hns3: add handling for big TX fragment (bsc#1104353 ).\n- net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353).\n- net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ).\n- net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ).\n- net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ).\n- net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ).\n- net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ).\n- net: hns3: remove hns3_fill_desc_tso (bsc#1104353).\n- net: hns3: rename hns_nic_dma_unmap (bsc#1104353).\n- net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353).\n- net: macb: restart tx after tx used bit read (networking-stable-19_01_04).\n- net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12).\n- net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04).\n- net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04).\n- net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12).\n- net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04).\n- netrom: fix locking in nr_find_socket() (networking-stable-19_01_04).\n- net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03).\n- net/smc: fix TCP fallback socket release (networking-stable-19_01_04).\n- net: stmmac: Fix PCI module removal leak (git-fixes).\n- net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03).\n- net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03).\n- net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04).\n- nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes).\n- nfsd: Fix an Oops in free_session() (git-fixes).\n- nfs: Fix a missed page unlock after pg_doio() (git-fixes).\n- NFS: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes).\n- NFSv4.1: Fix the r/wsize checking (git-fixes).\n- NFSv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes).\n- nvme-multipath: round-robin I/O policy (bsc#1110705).\n- omap2fb: Fix stack memory disclosure (bsc#1120902)\n- packet: Do not leak dev refcounts on error exit (git-fixes).\n- packet: validate address length if non-zero (networking-stable-19_01_04).\n- packet: validate address length (networking-stable-19_01_04).\n- PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318).\n- phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04).\n- platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510).\n- platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510).\n- platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510).\n- powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338).\n- powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695).\n- powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695).\n- powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695).\n- powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121).\n- powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121).\n- powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338).\n- powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338).\n- powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).\n- powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).\n- powerpc/smp: Add Power9 scheduler topology (bsc#1109695).\n- powerpc/smp: Rework CPU topology construction (bsc#1109695).\n- powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).\n- powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338).\n- powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338).\n- powerpc/tm: Fix comment (bsc#1118338).\n- powerpc/tm: Fix endianness flip on trap (bsc#1118338).\n- powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338).\n- powerpc/tm: Fix HTM documentation (bsc#1118338).\n- powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338).\n- powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338).\n- powerpc/tm: Print 64-bits MSR (bsc#1118338).\n- powerpc/tm: Print scratch value (bsc#1118338).\n- powerpc/tm: Reformat comments (bsc#1118338).\n- powerpc/tm: Remove msr_tm_active() (bsc#1118338).\n- powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338).\n- powerpc/tm: Save MSR to PACA before RFID (bsc#1118338).\n- powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955).\n- powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338).\n- powerpc/tm: Update function prototype comment (bsc#1118338).\n- powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695).\n- powerpc/xmon: Fix invocation inside lock region (bsc#1122885).\n- pstore/ram: Avoid allocation and leak of platform data (bsc#1051510).\n- pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510).\n- pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510).\n- pstore/ram: Do not treat empty buffers as valid (bsc#1051510).\n- ptp_kvm: probe for kvm guest availability (bsc#1098382).\n- ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04).\n- qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301).\n- qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ).\n- qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ).\n- qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ).\n- qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301).\n- qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301).\n- qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301).\n- qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ).\n- qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301).\n- qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301).\n- qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301).\n- qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301).\n- qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301).\n- qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301).\n- qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301).\n- qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870).\n- qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04).\n- qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04).\n- qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04).\n- rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03).\n- RDMA/core: Fix unwinding flow in case of error to register device (bsc#1046306).\n- Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510).\n- rpm/release-projects: Add SUSE:Maintenance:* for MU kernels (bsc#1123317)\n- rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12).\n- s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061).\n- sbus: char: add of_node_put() (bsc#1051510).\n- sched/wait: Fix rcuwait_wake_up() ordering (git-fixes).\n- scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes\n- scripts/git_sort/git_sort.py: Add s390/linux.git fixes.\n- scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712).\n- scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985).\n- scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933).\n- sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04).\n- sctp: kfree_rcu asoc (networking-stable-18_12_12).\n- selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579).\n- selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510).\n- selinux: fix GPF on invalid policy (bsc#1051510).\n- serial: imx: fix error handling in console_setup (bsc#1051510).\n- serial: set suppress_bind_attrs flag only if builtin (bsc#1051510).\n- serial/sunsu: fix refcount leak (bsc#1051510).\n- serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510).\n- shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).\n- shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).\n- signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes).\n- slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)).\n- smb3.1.1 dialect is no longer experimental (bsc#1051510).\n- smb311: Fix reconnect (bsc#1051510).\n- smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510).\n- smb3: allow stats which track session and share reconnects to be reset (bsc#1051510).\n- smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510).\n- smb3: check for and properly advertise directory lease support (bsc#1051510).\n- smb3: directory sync should not return an error (bsc#1051510).\n- smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510).\n- smb3: do not request leases in symlink creation and query (bsc#1051510).\n- smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510).\n- smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510).\n- smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510).\n- smb3: Fix root directory when server returns inode number of zero (bsc#1051510).\n- smb3: fix various xid leaks (bsc#1051510).\n- smb3: Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510).\n- smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510).\n- smb3: Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510).\n- smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510).\n- staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510).\n- sunrpc: correct the computation for page_ptr when truncating (git-fixes).\n- sunrpc: Fix a potential race in xprt_connect() (git-fixes).\n- sunrpc: Fix leak of krb5p encode pages (git-fixes).\n- sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes).\n- sunrpc: safely reallow resvport min/max inversion (git-fixes).\n- tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12).\n- tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04).\n- tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12).\n- tcp: lack of available data can also cause TSO defer (git-fixes).\n- thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510).\n- tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04).\n- tipc: fix a double kfree_skb() (networking-stable-19_01_04).\n- tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04).\n- tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973).\n- tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).\n- tty: Handle problem if line discipline does not have receive_buf (bsc#1051510).\n- tty/n_hdlc: fix __might_sleep warning (bsc#1051510).\n- tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510).\n- tun: forbid iface creation with rtnl ops (networking-stable-18_12_12).\n- uart: Fix crash in uart_write and uart_put_char (bsc#1051510).\n- usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902).\n- usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902).\n- usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902).\n- usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902).\n- usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03).\n- usb: serial: option: add Fibocom NL678 series (bsc#1120902).\n- usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902).\n- usb: storage: add quirk for SMI SM3350 (bsc#1120902).\n- usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902).\n- usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086).\n- vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).\n- vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04).\n- virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03).\n- virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12).\n- vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04).\n- vt: invoke notifier on screen size change (bsc#1051510).\n- watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434).\n- writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)).\n- x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279).\n- x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279).\n- x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382).\n- x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279).\n- x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279).\n- x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279).\n- x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279).\n- x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382).\n- x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279).\n- x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279).\n- x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279).\n- x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382).\n- x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382).\n- x86/xen/time: setup vcpu 0 time info page (bsc#1098382).\n- xen: Fix x86 sched_clock() interface for xen (bsc#1098382).\n- xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854).\n- xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086).\n- xprtrdma: Reset credit grant properly after a disconnect (git-fixes).\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2019-203","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0203-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2019:0203-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UIEBC5XKVMKKVG2FBX5VPRFS2CNKDSF3/#UIEBC5XKVMKKVG2FBX5VPRFS2CNKDSF3"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2019:0203-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UIEBC5XKVMKKVG2FBX5VPRFS2CNKDSF3/#UIEBC5XKVMKKVG2FBX5VPRFS2CNKDSF3"},{"category":"self","summary":"SUSE Bug 1046306","url":"https://bugzilla.suse.com/1046306"},{"category":"self","summary":"SUSE Bug 1050252","url":"https://bugzilla.suse.com/1050252"},{"category":"self","summary":"SUSE Bug 1051510","url":"https://bugzilla.suse.com/1051510"},{"category":"self","summary":"SUSE Bug 1054610","url":"https://bugzilla.suse.com/1054610"},{"category":"self","summary":"SUSE Bug 1055121","url":"https://bugzilla.suse.com/1055121"},{"category":"self","summary":"SUSE Bug 1056658","url":"https://bugzilla.suse.com/1056658"},{"category":"self","summary":"SUSE Bug 1056662","url":"https://bugzilla.suse.com/1056662"},{"category":"self","summary":"SUSE Bug 1084216","url":"https://bugzilla.suse.com/1084216"},{"category":"self","summary":"SUSE Bug 1086301","url":"https://bugzilla.suse.com/1086301"},{"category":"self","summary":"SUSE Bug 1086313","url":"https://bugzilla.suse.com/1086313"},{"category":"self","summary":"SUSE Bug 1086314","url":"https://bugzilla.suse.com/1086314"},{"category":"self","summary":"SUSE Bug 1086323","url":"https://bugzilla.suse.com/1086323"},{"category":"self","summary":"SUSE Bug 1087082","url":"https://bugzilla.suse.com/1087082"},{"category":"self","summary":"SUSE Bug 1087092","url":"https://bugzilla.suse.com/1087092"},{"category":"self","summary":"SUSE Bug 1098382","url":"https://bugzilla.suse.com/1098382"},{"category":"self","summary":"SUSE Bug 1098425","url":"https://bugzilla.suse.com/1098425"},{"category":"self","summary":"SUSE Bug 1104353","url":"https://bugzilla.suse.com/1104353"},{"category":"self","summary":"SUSE Bug 1106105","url":"https://bugzilla.suse.com/1106105"},{"category":"self","summary":"SUSE Bug 1106434","url":"https://bugzilla.suse.com/1106434"},{"category":"self","summary":"SUSE Bug 1106811","url":"https://bugzilla.suse.com/1106811"},{"category":"self","summary":"SUSE Bug 1108870","url":"https://bugzilla.suse.com/1108870"},{"category":"self","summary":"SUSE Bug 1109695","url":"https://bugzilla.suse.com/1109695"},{"category":"self","summary":"SUSE Bug 1110705","url":"https://bugzilla.suse.com/1110705"},{"category":"self","summary":"SUSE Bug 1111666","url":"https://bugzilla.suse.com/1111666"},{"category":"self","summary":"SUSE Bug 1113712","url":"https://bugzilla.suse.com/1113712"},{"category":"self","summary":"SUSE Bug 1113722","url":"https://bugzilla.suse.com/1113722"},{"category":"self","summary":"SUSE Bug 1114279","url":"https://bugzilla.suse.com/1114279"},{"category":"self","summary":"SUSE Bug 1117155","url":"https://bugzilla.suse.com/1117155"},{"category":"self","summary":"SUSE Bug 1118338","url":"https://bugzilla.suse.com/1118338"},{"category":"self","summary":"SUSE Bug 1118505","url":"https://bugzilla.suse.com/1118505"},{"category":"self","summary":"SUSE Bug 1119086","url":"https://bugzilla.suse.com/1119086"},{"category":"self","summary":"SUSE Bug 1119766","url":"https://bugzilla.suse.com/1119766"},{"category":"self","summary":"SUSE Bug 1120318","url":"https://bugzilla.suse.com/1120318"},{"category":"self","summary":"SUSE Bug 1120758","url":"https://bugzilla.suse.com/1120758"},{"category":"self","summary":"SUSE Bug 1120854","url":"https://bugzilla.suse.com/1120854"},{"category":"self","summary":"SUSE Bug 1120902","url":"https://bugzilla.suse.com/1120902"},{"category":"self","summary":"SUSE Bug 1120954","url":"https://bugzilla.suse.com/1120954"},{"category":"self","summary":"SUSE Bug 1120955","url":"https://bugzilla.suse.com/1120955"},{"category":"self","summary":"SUSE Bug 1121599","url":"https://bugzilla.suse.com/1121599"},{"category":"self","summary":"SUSE Bug 1121726","url":"https://bugzilla.suse.com/1121726"},{"category":"self","summary":"SUSE Bug 1121973","url":"https://bugzilla.suse.com/1121973"},{"category":"self","summary":"SUSE Bug 1122019","url":"https://bugzilla.suse.com/1122019"},{"category":"self","summary":"SUSE Bug 1122324","url":"https://bugzilla.suse.com/1122324"},{"category":"self","summary":"SUSE Bug 1122554","url":"https://bugzilla.suse.com/1122554"},{"category":"self","summary":"SUSE Bug 1122662","url":"https://bugzilla.suse.com/1122662"},{"category":"self","summary":"SUSE Bug 1122779","url":"https://bugzilla.suse.com/1122779"},{"category":"self","summary":"SUSE Bug 1122885","url":"https://bugzilla.suse.com/1122885"},{"category":"self","summary":"SUSE Bug 1122927","url":"https://bugzilla.suse.com/1122927"},{"category":"self","summary":"SUSE Bug 1122944","url":"https://bugzilla.suse.com/1122944"},{"category":"self","summary":"SUSE Bug 1122971","url":"https://bugzilla.suse.com/1122971"},{"category":"self","summary":"SUSE Bug 1123061","url":"https://bugzilla.suse.com/1123061"},{"category":"self","summary":"SUSE Bug 1123317","url":"https://bugzilla.suse.com/1123317"},{"category":"self","summary":"SUSE Bug 1123348","url":"https://bugzilla.suse.com/1123348"},{"category":"self","summary":"SUSE Bug 1123357","url":"https://bugzilla.suse.com/1123357"},{"category":"self","summary":"SUSE Bug 1123538","url":"https://bugzilla.suse.com/1123538"},{"category":"self","summary":"SUSE Bug 1123697","url":"https://bugzilla.suse.com/1123697"},{"category":"self","summary":"SUSE Bug 1123933","url":"https://bugzilla.suse.com/1123933"},{"category":"self","summary":"SUSE Bug 1124204","url":"https://bugzilla.suse.com/1124204"},{"category":"self","summary":"SUSE Bug 1124579","url":"https://bugzilla.suse.com/1124579"},{"category":"self","summary":"SUSE Bug 1124589","url":"https://bugzilla.suse.com/1124589"},{"category":"self","summary":"SUSE Bug 1124728","url":"https://bugzilla.suse.com/1124728"},{"category":"self","summary":"SUSE Bug 1124732","url":"https://bugzilla.suse.com/1124732"},{"category":"self","summary":"SUSE Bug 1124735","url":"https://bugzilla.suse.com/1124735"},{"category":"self","summary":"SUSE Bug 1124969","url":"https://bugzilla.suse.com/1124969"},{"category":"self","summary":"SUSE Bug 1124985","url":"https://bugzilla.suse.com/1124985"},{"category":"self","summary":"SUSE Bug 1125109","url":"https://bugzilla.suse.com/1125109"},{"category":"self","summary":"SUSE Bug 802154","url":"https://bugzilla.suse.com/802154"},{"category":"self","summary":"SUSE CVE CVE-2018-20669 page","url":"https://www.suse.com/security/cve/CVE-2018-20669/"},{"category":"self","summary":"SUSE CVE CVE-2019-3459 page","url":"https://www.suse.com/security/cve/CVE-2019-3459/"},{"category":"self","summary":"SUSE CVE CVE-2019-3460 page","url":"https://www.suse.com/security/cve/CVE-2019-3460/"},{"category":"self","summary":"SUSE CVE CVE-2019-6974 page","url":"https://www.suse.com/security/cve/CVE-2019-6974/"},{"category":"self","summary":"SUSE CVE CVE-2019-7221 page","url":"https://www.suse.com/security/cve/CVE-2019-7221/"},{"category":"self","summary":"SUSE CVE CVE-2019-7222 page","url":"https://www.suse.com/security/cve/CVE-2019-7222/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2019-03-23T11:04:58Z","generator":{"date":"2019-03-23T11:04:58Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2019:0203-1","initial_release_date":"2019-03-23T11:04:58Z","revision_history":[{"date":"2019-03-23T11:04:58Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-devel-4.12.14-lp150.12.48.1.noarch","product":{"name":"kernel-devel-4.12.14-lp150.12.48.1.noarch","product_id":"kernel-devel-4.12.14-lp150.12.48.1.noarch"}},{"category":"product_version","name":"kernel-docs-4.12.14-lp150.12.48.1.noarch","product":{"name":"kernel-docs-4.12.14-lp150.12.48.1.noarch","product_id":"kernel-docs-4.12.14-lp150.12.48.1.noarch"}},{"category":"product_version","name":"kernel-docs-html-4.12.14-lp150.12.48.1.noarch","product":{"name":"kernel-docs-html-4.12.14-lp150.12.48.1.noarch","product_id":"kernel-docs-html-4.12.14-lp150.12.48.1.noarch"}},{"category":"product_version","name":"kernel-macros-4.12.14-lp150.12.48.1.noarch","product":{"name":"kernel-macros-4.12.14-lp150.12.48.1.noarch","product_id":"kernel-macros-4.12.14-lp150.12.48.1.noarch"}},{"category":"product_version","name":"kernel-source-4.12.14-lp150.12.48.1.noarch","product":{"name":"kernel-source-4.12.14-lp150.12.48.1.noarch","product_id":"kernel-source-4.12.14-lp150.12.48.1.noarch"}},{"category":"product_version","name":"kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","product":{"name":"kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","product_id":"kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"kernel-debug-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-debug-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-debug-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-debug-base-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-default-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-default-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-default-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-default-base-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-default-base-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-default-base-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-default-devel-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-obs-build-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-syms-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-syms-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-syms-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-vanilla-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64"}},{"category":"product_version","name":"kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64","product":{"name":"kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64","product_id":"kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.0","product":{"name":"openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.0"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-debug-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-debug-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-debug-base-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-default-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-default-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-default-base-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-default-base-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-default-devel-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-devel-4.12.14-lp150.12.48.1.noarch as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch"},"product_reference":"kernel-devel-4.12.14-lp150.12.48.1.noarch","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-docs-4.12.14-lp150.12.48.1.noarch as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch"},"product_reference":"kernel-docs-4.12.14-lp150.12.48.1.noarch","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-docs-html-4.12.14-lp150.12.48.1.noarch as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch"},"product_reference":"kernel-docs-html-4.12.14-lp150.12.48.1.noarch","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-macros-4.12.14-lp150.12.48.1.noarch as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch"},"product_reference":"kernel-macros-4.12.14-lp150.12.48.1.noarch","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-obs-build-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-4.12.14-lp150.12.48.1.noarch as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch"},"product_reference":"kernel-source-4.12.14-lp150.12.48.1.noarch","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch"},"product_reference":"kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-syms-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-syms-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-vanilla-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"},"product_reference":"kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"}]},"vulnerabilities":[{"cve":"CVE-2018-20669","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-20669"}],"notes":[{"category":"general","text":"An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-20669","url":"https://www.suse.com/security/cve/CVE-2018-20669"},{"category":"external","summary":"SUSE Bug 1122971 for CVE-2018-20669","url":"https://bugzilla.suse.com/1122971"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-03-23T11:04:58Z","details":"important"}],"title":"CVE-2018-20669"},{"cve":"CVE-2019-3459","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-3459"}],"notes":[{"category":"general","text":"A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-3459","url":"https://www.suse.com/security/cve/CVE-2019-3459"},{"category":"external","summary":"SUSE Bug 1120758 for CVE-2019-3459","url":"https://bugzilla.suse.com/1120758"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":2.6,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","version":"3.0"},"products":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-03-23T11:04:58Z","details":"moderate"}],"title":"CVE-2019-3459"},{"cve":"CVE-2019-3460","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-3460"}],"notes":[{"category":"general","text":"A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-3460","url":"https://www.suse.com/security/cve/CVE-2019-3460"},{"category":"external","summary":"SUSE Bug 1120758 for CVE-2019-3460","url":"https://bugzilla.suse.com/1120758"},{"category":"external","summary":"SUSE Bug 1155131 for CVE-2019-3460","url":"https://bugzilla.suse.com/1155131"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":2.6,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","version":"3.0"},"products":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-03-23T11:04:58Z","details":"moderate"}],"title":"CVE-2019-3460"},{"cve":"CVE-2019-6974","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-6974"}],"notes":[{"category":"general","text":"In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-6974","url":"https://www.suse.com/security/cve/CVE-2019-6974"},{"category":"external","summary":"SUSE Bug 1124728 for CVE-2019-6974","url":"https://bugzilla.suse.com/1124728"},{"category":"external","summary":"SUSE Bug 1124729 for CVE-2019-6974","url":"https://bugzilla.suse.com/1124729"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-03-23T11:04:58Z","details":"moderate"}],"title":"CVE-2019-6974"},{"cve":"CVE-2019-7221","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-7221"}],"notes":[{"category":"general","text":"The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-7221","url":"https://www.suse.com/security/cve/CVE-2019-7221"},{"category":"external","summary":"SUSE Bug 1124732 for CVE-2019-7221","url":"https://bugzilla.suse.com/1124732"},{"category":"external","summary":"SUSE Bug 1124734 for CVE-2019-7221","url":"https://bugzilla.suse.com/1124734"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-03-23T11:04:58Z","details":"moderate"}],"title":"CVE-2019-7221"},{"cve":"CVE-2019-7222","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-7222"}],"notes":[{"category":"general","text":"The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-7222","url":"https://www.suse.com/security/cve/CVE-2019-7222"},{"category":"external","summary":"SUSE Bug 1124735 for CVE-2019-7222","url":"https://bugzilla.suse.com/1124735"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":2.8,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N","version":"3.0"},"products":["openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.48.1.noarch","openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.48.1.x86_64","openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.48.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-03-23T11:04:58Z","details":"low"}],"title":"CVE-2019-7222"}]}