SUSE-SU-2023:4035-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4035-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:4035-1
Related
Published
2023-10-10T14:42:43Z
Modified
2023-10-10T14:42:43Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
  • CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
  • CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
  • CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
  • CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
  • CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
  • CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
  • CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
  • CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
  • CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
  • CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
  • CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)

The following non-security bugs were fixed:

  • ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
  • arm64: module-plts: inline linux/moduleloader.h (git-fixes)
  • arm64: module: Use moduleinitlayout_section() to spot init sections (git-fixes)
  • arm64: sdei: abort running SDEI handlers during crash (git-fixes)
  • arm64: tegra: Update AHUB clock parent and rate (git-fixes)
  • arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
  • ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).
  • ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).
  • ASoC: imx-audmix: Fix return error with devmclkget() (git-fixes).
  • ASoC: meson: spdifin: start hw on dai probe (git-fixes).
  • ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).
  • ASoC: rt5640: Fix sleep in atomic context (git-fixes).
  • ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes).
  • ASoC: soc-utils: Export sndsocdaiisdummy() symbol (git-fixes).
  • ASoC: SOF: core: Only call sofopsfree() on remove if the probe was successful (git-fixes).
  • ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
  • blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
  • blk-iocost: use spinlockirqsave in adjustinuseandcalccost (bsc#1214992).
  • block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
  • bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
  • clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).
  • drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
  • Drivers: hv: vmbus: Bring the postmsgpage back for TDX VMs with the paravisor (bsc#1206453).
  • Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).
  • Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).
  • drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename astdevice to astprivate
  • drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename astdevice to astprivate * context changes
  • drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
  • drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).
  • drm/virtio: Correct drmgemshmemgetsg_table() error handling (git-fixes).
  • drm/virtio: Use appropriate atomic state in virtiogpuplanecleanupfb() (git-fixes).
  • ext4: avoid potential data overflow in nextlineargroup (bsc#1214951).
  • ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
  • ext4: fix memory leaks in ext4fname{setupfilename,preparelookup} (bsc#1214954).
  • ext4: fix wrong unit use in ext4mbclear_bb (bsc#1214943).
  • ext4: fix wrong unit use in ext4mbnew_blocks (bsc#1214944).
  • ext4: get block from bh in ext4freeblocks for fast commit replay (bsc#1214942).
  • ext4: reflect error codes from ext4multimount_protect() to its callers (bsc#1214941).
  • ext4: Remove ext4 locking of moved directory (bsc#1214957).
  • ext4: set goal start correctly in ext4mbnormalize_request (bsc#1214940).
  • fs: Establish locking order for unrelated directories (bsc#1214958).
  • fs: Lock moved directories (bsc#1214959).
  • fs: lockd: avoid possible wrong NULL parameter (git-fixes).
  • fs: no need to check source (bsc#1215752).
  • fuse: nlookup missing decrement in fusedirentpluslink (bsc#1215581).
  • gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
  • gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
  • gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
  • gve: Changes to add new TX queues (bsc#1214479).
  • gve: Control path for DQO-QPL (bsc#1214479).
  • gve: fix frag_list chaining (bsc#1214479).
  • gve: Fix gve interrupt names (bsc#1214479).
  • gve: RX path for DQO-QPL (bsc#1214479).
  • gve: trivial spell fix Recive to Receive (bsc#1214479).
  • gve: Tx path for DQO-QPL (bsc#1214479).
  • gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
  • gve: use vmalloc_array and vcalloc (bsc#1214479).
  • gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
  • hwrng: virtio - add an internal buffer (git-fixes).
  • hwrng: virtio - always add a pending request (git-fixes).
  • hwrng: virtio - do not wait on cleanup (git-fixes).
  • hwrng: virtio - do not waste entropy (git-fixes).
  • hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
  • i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).
  • iommu/virtio: Detach domain on endpoint release (git-fixes).
  • iommu/virtio: Return size mapped for a detached domain (git-fixes).
  • jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
  • jbd2: correct the end of the journal recovery scan range (bsc#1214955).
  • jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
  • jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
  • jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
  • jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
  • jbd2: remove journalcleanonecplist() (bsc#1214947).
  • jbd2: remove tcheckpointio_list (bsc#1214946).
  • jbd2: restore tcheckpointio_list to maintain kABI (bsc#1214946).
  • kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
  • kernel-binary: python3 is needed for build At least scripts/bpfhelpersdoc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
  • KVM: s390: fix KVMS390GETCMMABITS for GFNs in memslot holes (git-fixes bsc#1215915).
  • KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
  • KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
  • KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
  • KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
  • KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
  • KVM: x86: Fix KVMCAPSYNCREGS's syncregs() TOCTOU issues (git-fixes).
  • KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
  • loop: Fix use-after-free issues (bsc#1214991).
  • loop: loopsetstatusfrominfo() check before assignment (bsc#1214990).
  • module: Expose moduleinitlayout_section() (git-fixes)
  • net: do not allow gsosize to be set to GSOBY_FRAGS (git-fixes).
  • net: mana: Add page pool for RX buffers (bsc#1214040).
  • net: mana: Configure hwc timeout from hardware (bsc#1214037).
  • net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
  • NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
  • nfs/blocklayout: Use the passed in gfp flags (git-fixes).
  • NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
  • NFSD: daaddrbody field missing in some GETDEVICEINFO replies (git-fixes).
  • nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
  • nfsd: Fix race to FREESTATEID and clrevoked (git-fixes).
  • NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
  • NFSv4: fix out path in _nfs4getacluncached (git-fixes).
  • NFSv4.2: fix error handling in nfs42procgetxattr (git-fixes).
  • NFSv4.2: fix handling of COPY ERROFFLOADNO_REQ (git-fixes).
  • NFSv4/pnfs: minor fix for cleanup path in nfs4getdevice_info (git-fixes).
  • nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
  • nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
  • nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
  • nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
  • nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
  • platform/x86: intelscuipc: Check status after timeout in busy_loop() (git-fixes).
  • platform/x86: intelscuipc: Check status upon timeout in ipcwaitfor_interrupt() (git-fixes).
  • platform/x86: intelscuipc: Do not override scu in intelscuipcdevsimple_command() (git-fixes).
  • platform/x86: intelscuipc: Fail IPC send if still busy (git-fixes).
  • pNFS: Fix assignment of xprtdata.cred (git-fixes).
  • powerpc/fadump: make iskdumpkernel() return false when fadump is active (bsc#1212639 ltc#202582).
  • printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
  • quota: add new helper dquot_active() (bsc#1214998).
  • quota: factor out dquotwritedquot() (bsc#1214995).
  • quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
  • quota: fix warning in dqgrab() (bsc#1214962).
  • quota: Properly disable quotas when adddquotref() fails (bsc#1214961).
  • quota: rename dquotactive() to inodequota_active() (bsc#1214997).
  • RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)
  • scsi: lpfc: Early return after marking final NLPDROPPED flag in devloss_tmo (git-fixes).
  • scsi: lpfc: Fix the NULL vs ISERR() bug for debugfscreate_file() (git-fixes).
  • scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
  • scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
  • scsi: qla2xxx: Fix NULL vs ISERR() bug for debugfscreate_dir() (git-fixes).
  • scsi: qla2xxx: Use rawsmpprocessorid() instead of smpprocessor_id() (git-fixes).
  • scsi: storvsc: Handle additional SRB status values (git-fixes).
  • scsi: zfcp: Fix a double put in zfcpportenqueue() (git-fixes bsc#1215941).
  • selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).
  • spi: Add TPM HW flow flag (bsc#1213534)
  • spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)
  • spi: tegra210-quad: set half duplex flag (bsc#1213534)
  • SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
  • tpmtisspi: Add hardware wait polling (bsc#1213534)
  • uapi: stddef.h: Fix _DECLAREFLEX_ARRAY for C++ (git-fixes).
  • udf: Fix extension of the last extent in the file (bsc#1214964).
  • udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
  • udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
  • udf: Fix uninitialized array access for some pathnames (bsc#1214967).
  • Update metadata
  • usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
  • usb: ehci: move new member hascipec_bug into hole (git-fixes).
  • vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
  • vhost-scsi: unbreak any layout for response (git-fixes).
  • vhost: allow batching hint without size (git-fixes).
  • vhost: allow batching hint without size (git-fixes).
  • vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
  • vhost: handle error while adding split ranges to iotlb (git-fixes).
  • virtio_net: add checking sq is full inside xdp xmit (git-fixes).
  • virtionet: Fix probe failed when modprobe virtionet (git-fixes).
  • virtio_net: reorder some funcs (git-fixes).
  • virtio_net: separate the logic of checking whether sq is full (git-fixes).
  • virtioring: fix availwrapcounter in virtqueueadd_packed (git-fixes).
  • virtio-blk: set req->state to MQRQCOMPLETE after polling I/O is finished (git-fixes).
  • virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
  • virtio-net: fix race between set queues and probe (git-fixes).
  • virtio-net: set queues after driver_ok (git-fixes).
  • virtio-rng: make device ready before making request (git-fixes).
  • virtio: acknowledge all features before access (git-fixes).
  • vmcore: remove dependency with iskdumpkernel() for exporting vmcore (bsc#1212639 ltc#202582).
  • x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).
  • x86/coco: Export cc_vendor (bsc#1206453).
  • x86/hyperv: Add hvwriteefer() for a TDX VM with the paravisor (bsc#1206453).
  • x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).
  • x86/hyperv: Add missing 'inline' to hvsnpboot_ap() stub (bsc#1206453).
  • x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)
  • x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).
  • x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).
  • x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).
  • x86/hyperv: Fix undefined reference to isolationtypeensnp without CONFIGHYPERV (bsc#1206453).
  • x86/hyperv: Introduce a global variable hypervparavisorpresent (bsc#1206453).
  • x86/hyperv: Mark hvghcbterminate() as noreturn (bsc#1206453).
  • x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
  • x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).
  • x86/hyperv: Remove hvisolationtypeensnp (bsc#1206453).
  • x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).
  • x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).
  • x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).
  • x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).
  • x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
  • x86/srso: Do not probe microcode in a guest (git-fixes).
  • x86/srso: Fix SBPB enablement for specrstackoverflow=off (git-fixes).
  • x86/srso: Fix srsoshowstate() side effect (git-fixes).
  • x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
  • xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
  • xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Micro 5.5 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.14.21-150500.13.21.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 15 SP5 / kernel-livepatch-SLE15-SP5-RT_Update_6

Package

Name
kernel-livepatch-SLE15-SP5-RT_Update_6
Purl
pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-150500.11.3.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-livepatch-5_14_21-150500_13_21-rt": "1-150500.11.3.1"
        }
    ]
}

SUSE:Real Time Module 15 SP5 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.14.21-150500.13.21.1",
            "dlm-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug": "5.14.21-150500.13.21.1",
            "kernel-rt-devel": "5.14.21-150500.13.21.1",
            "cluster-md-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-devel": "5.14.21-150500.13.21.1",
            "kernel-source-rt": "5.14.21-150500.13.21.1",
            "kernel-rt": "5.14.21-150500.13.21.1",
            "ocfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-vdso": "5.14.21-150500.13.21.1",
            "kernel-rt-vdso": "5.14.21-150500.13.21.1",
            "gfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-syms-rt": "5.14.21-150500.13.21.1"
        }
    ]
}

SUSE:Real Time Module 15 SP5 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.14.21-150500.13.21.1",
            "dlm-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug": "5.14.21-150500.13.21.1",
            "kernel-rt-devel": "5.14.21-150500.13.21.1",
            "cluster-md-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-devel": "5.14.21-150500.13.21.1",
            "kernel-source-rt": "5.14.21-150500.13.21.1",
            "kernel-rt": "5.14.21-150500.13.21.1",
            "ocfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-vdso": "5.14.21-150500.13.21.1",
            "kernel-rt-vdso": "5.14.21-150500.13.21.1",
            "gfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-syms-rt": "5.14.21-150500.13.21.1"
        }
    ]
}

SUSE:Real Time Module 15 SP5 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.14.21-150500.13.21.1",
            "dlm-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug": "5.14.21-150500.13.21.1",
            "kernel-rt-devel": "5.14.21-150500.13.21.1",
            "cluster-md-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-devel": "5.14.21-150500.13.21.1",
            "kernel-source-rt": "5.14.21-150500.13.21.1",
            "kernel-rt": "5.14.21-150500.13.21.1",
            "ocfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-vdso": "5.14.21-150500.13.21.1",
            "kernel-rt-vdso": "5.14.21-150500.13.21.1",
            "gfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-syms-rt": "5.14.21-150500.13.21.1"
        }
    ]
}

SUSE:Real Time Module 15 SP5 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.14.21-150500.13.21.1",
            "dlm-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug": "5.14.21-150500.13.21.1",
            "kernel-rt-devel": "5.14.21-150500.13.21.1",
            "cluster-md-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-devel": "5.14.21-150500.13.21.1",
            "kernel-source-rt": "5.14.21-150500.13.21.1",
            "kernel-rt": "5.14.21-150500.13.21.1",
            "ocfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-vdso": "5.14.21-150500.13.21.1",
            "kernel-rt-vdso": "5.14.21-150500.13.21.1",
            "gfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-syms-rt": "5.14.21-150500.13.21.1"
        }
    ]
}

openSUSE:Leap 15.5 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt-livepatch": "5.14.21-150500.13.21.1",
            "dlm-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-optional": "5.14.21-150500.13.21.1",
            "kernel-rt_debug": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-devel": "5.14.21-150500.13.21.1",
            "ocfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-livepatch-devel": "5.14.21-150500.13.21.1",
            "gfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-devel-rt": "5.14.21-150500.13.21.1",
            "reiserfs-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-extra": "5.14.21-150500.13.21.1",
            "kernel-rt-devel": "5.14.21-150500.13.21.1",
            "kselftests-kmp-rt": "5.14.21-150500.13.21.1",
            "cluster-md-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-vdso": "5.14.21-150500.13.21.1",
            "kernel-source-rt": "5.14.21-150500.13.21.1",
            "kernel-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-vdso": "5.14.21-150500.13.21.1",
            "kernel-syms-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-livepatch-devel": "5.14.21-150500.13.21.1"
        }
    ]
}

openSUSE:Leap 15.5 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt-livepatch": "5.14.21-150500.13.21.1",
            "dlm-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-optional": "5.14.21-150500.13.21.1",
            "kernel-rt_debug": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-devel": "5.14.21-150500.13.21.1",
            "ocfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-livepatch-devel": "5.14.21-150500.13.21.1",
            "gfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-devel-rt": "5.14.21-150500.13.21.1",
            "reiserfs-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-extra": "5.14.21-150500.13.21.1",
            "kernel-rt-devel": "5.14.21-150500.13.21.1",
            "kselftests-kmp-rt": "5.14.21-150500.13.21.1",
            "cluster-md-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-vdso": "5.14.21-150500.13.21.1",
            "kernel-source-rt": "5.14.21-150500.13.21.1",
            "kernel-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-vdso": "5.14.21-150500.13.21.1",
            "kernel-syms-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-livepatch-devel": "5.14.21-150500.13.21.1"
        }
    ]
}

openSUSE:Leap 15.5 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt-livepatch": "5.14.21-150500.13.21.1",
            "dlm-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-optional": "5.14.21-150500.13.21.1",
            "kernel-rt_debug": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-devel": "5.14.21-150500.13.21.1",
            "ocfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-livepatch-devel": "5.14.21-150500.13.21.1",
            "gfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-devel-rt": "5.14.21-150500.13.21.1",
            "reiserfs-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-extra": "5.14.21-150500.13.21.1",
            "kernel-rt-devel": "5.14.21-150500.13.21.1",
            "kselftests-kmp-rt": "5.14.21-150500.13.21.1",
            "cluster-md-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-vdso": "5.14.21-150500.13.21.1",
            "kernel-source-rt": "5.14.21-150500.13.21.1",
            "kernel-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-vdso": "5.14.21-150500.13.21.1",
            "kernel-syms-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-livepatch-devel": "5.14.21-150500.13.21.1"
        }
    ]
}

openSUSE:Leap 15.5 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt-livepatch": "5.14.21-150500.13.21.1",
            "dlm-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-optional": "5.14.21-150500.13.21.1",
            "kernel-rt_debug": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-devel": "5.14.21-150500.13.21.1",
            "ocfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-livepatch-devel": "5.14.21-150500.13.21.1",
            "gfs2-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-devel-rt": "5.14.21-150500.13.21.1",
            "reiserfs-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-extra": "5.14.21-150500.13.21.1",
            "kernel-rt-devel": "5.14.21-150500.13.21.1",
            "kselftests-kmp-rt": "5.14.21-150500.13.21.1",
            "cluster-md-kmp-rt": "5.14.21-150500.13.21.1",
            "kernel-rt_debug-vdso": "5.14.21-150500.13.21.1",
            "kernel-source-rt": "5.14.21-150500.13.21.1",
            "kernel-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-vdso": "5.14.21-150500.13.21.1",
            "kernel-syms-rt": "5.14.21-150500.13.21.1",
            "kernel-rt-livepatch-devel": "5.14.21-150500.13.21.1"
        }
    ]
}