

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:0515-1  
Rating: important  
References:

  * bsc#1108281
  * bsc#1177529
  * bsc#1209834
  * bsc#1212091
  * bsc#1215275
  * bsc#1215885
  * bsc#1216016
  * bsc#1216702
  * bsc#1217217
  * bsc#1217670
  * bsc#1217895
  * bsc#1217987
  * bsc#1217988
  * bsc#1217989
  * bsc#1218689
  * bsc#1218713
  * bsc#1218730
  * bsc#1218752
  * bsc#1218757
  * bsc#1218768
  * bsc#1218804
  * bsc#1218832
  * bsc#1218836
  * bsc#1218916
  * bsc#1218929
  * bsc#1218930
  * bsc#1218968
  * bsc#1219053
  * bsc#1219120
  * bsc#1219128
  * bsc#1219349
  * bsc#1219412
  * bsc#1219429
  * bsc#1219434
  * bsc#1219490
  * bsc#1219608

  
Cross-References:

  * CVE-2021-33631
  * CVE-2023-46838
  * CVE-2023-47233
  * CVE-2023-4921
  * CVE-2023-51042
  * CVE-2023-51043
  * CVE-2023-51780
  * CVE-2023-51782
  * CVE-2023-6040
  * CVE-2023-6356
  * CVE-2023-6535
  * CVE-2023-6536
  * CVE-2023-6915
  * CVE-2024-0340
  * CVE-2024-0565
  * CVE-2024-0641
  * CVE-2024-0775
  * CVE-2024-1085
  * CVE-2024-1086
  * CVE-2024-24860

  
CVSS scores:

  * CVE-2021-33631 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2021-33631 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-46838 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-46838 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-47233 ( SUSE ):  4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-47233 ( NVD ):  4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4921 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4921 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-51042 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-51042 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-51043 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-51043 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-51780 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-51780 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-51782 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-51782 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6040 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
  * CVE-2023-6040 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6356 ( SUSE ):  6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-6356 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-6535 ( SUSE ):  6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-6535 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-6536 ( SUSE ):  6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-6536 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-6915 ( SUSE ):  6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-6915 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-0340 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2024-0340 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-0565 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-0565 ( NVD ):  7.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  * CVE-2024-0641 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-0641 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-0775 ( SUSE ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  * CVE-2024-0775 ( NVD ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2024-1085 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-1085 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-1086 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-1086 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-24860 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-24860 ( NVD ):  5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

  
Affected Products:

  * openSUSE Leap 15.4
  * openSUSE Leap Micro 5.3
  * openSUSE Leap Micro 5.4
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
  * SUSE Linux Enterprise High Availability Extension 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise Live Patching 15-SP4
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Real Time 15 SP4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves 20 vulnerabilities and has 16 security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

  * CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the
    nft_setelem_catchall_deactivate() function (bsc#1219429).
  * CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables
    component that could have been exploited to achieve local privilege
    escalation (bsc#1219434).
  * CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in
    drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
  * CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c,
    because of a vcc_recvmsg race condition (bsc#1218730).
  * CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length
    transmit fragment (bsc#1218836).
  * CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end()
    (bsc#1219412).
  * CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request
    (bsc#1217988).
  * CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete
    (bsc#1217989).
  * CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec
    (bsc#1217987).
  * CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect
    the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
  * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network
    scheduler which could be exploited to achieve local privilege escalation
    (bsc#1215275).
  * CVE-2023-51043: Fixed use-after-free during a race condition between a
    nonblocking atomic commit and a driver unload in
    drivers/gpu/drm/drm_atomic.c (bsc#1219120).
  * CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c
    that could allow a local user to cause an information leak problem while
    freeing the old quota file names before a potential failure (bsc#1219053).
  * CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a
    new netfilter table, lack of a safeguard against invalid nf_tables family
    (pf) values within `nf_tables_newtable` function (bsc#1218752).
  * CVE-2024-0641: Fixed a denial of service vulnerability in
    tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
  * CVE-2024-0565: Fixed an out-of-bounds memory read flaw in
    receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
  * CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in
    lib/idr.c (bsc#1218804).
  * CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c
    because of a rose_accept race condition (bsc#1218757).
  * CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg()
    (bsc#1218689).
  * CVE-2024-24860: Fixed a denial of service caused by a race condition in
    {min,max}_key_size_set() (bsc#1219608).

The following non-security bugs were fixed:

  * Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
  * bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
    (git-fixes).
  * bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
  * bcache: add code comments for bch_btree_node_get() and
    __bch_btree_node_alloc() (git-fixes).
  * bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
  * bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
  * bcache: check return value from btree_node_alloc_replacement() (git-fixes).
  * bcache: fixup btree_cache_wait list damage (git-fixes).
  * bcache: fixup init dirty data errors (git-fixes).
  * bcache: fixup lock c->root error (git-fixes).
  * bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-
    fixes).
  * bcache: prevent potential division by zero error (git-fixes).
  * bcache: remove redundant assignment to variable cur_idx (git-fixes).
  * bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
    btree_gc_coalesce() (git-fixes).
  * bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
  * block: Fix kabi header include (bsc#1218929).
  * block: free the extended dev_t minor later (bsc#1218930).
  * clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).
  * clocksource: disable watchdog checks on TSC when TSC is watchdog
    (bsc#1215885).
  * dm cache policy smq: ensure IO does not prevent cleaner policy progress
    (git-fixes).
  * dm cache: add cond_resched() to various workqueue loops (git-fixes).
  * dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-
    fixes).
  * dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
  * dm crypt: avoid accessing uninitialized tasklet (git-fixes).
  * dm flakey: do not corrupt the zero page (git-fixes).
  * dm flakey: fix a crash with invalid table line (git-fixes).
  * dm flakey: fix logic when corrupting a bio (git-fixes).
  * dm init: add dm-mod.waitfor to wait for asynchronously probed block devices
    (git-fixes).
  * dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
    (git-fixes).
  * dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-
    fixes).
  * dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
  * dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-
    fixes).
  * dm stats: check for and propagate alloc_percpu failure (git-fixes).
  * dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-
    fixes).
  * dm thin metadata: check fail_io before using data_sm (git-fixes).
  * dm thin: add cond_resched() to various workqueue loops (git-fixes).
  * dm thin: fix deadlock when swapping to thin device (bsc#1177529).
  * dm verity: do not perform FEC for failed readahead IO (git-fixes).
  * dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
  * dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
  * dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
  * dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
  * dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata()
    (git-fixes).
  * dm-verity: align struct dm_verity_fec_io properly (git-fixes).
  * dm: add cond_resched() to dm_wq_work() (git-fixes).
  * dm: do not lock fs when the map is NULL during suspend or resume (git-
    fixes).
  * dm: do not lock fs when the map is NULL in process of resume (git-fixes).
  * dm: remove flush_scheduled_work() during local_exit() (git-fixes).
  * dm: send just one event on resize, not two (git-fixes).
  * doc/README.KSYMS: Add to repo.
  * hv_netvsc: rndis_filter needs to select NLS (git-fixes).
  * intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
  * kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
  * loop: suppress uevents while reconfiguring the device (git-fixes).
  * nbd: Fix debugfs_create_dir error checking (git-fixes).
  * nbd: fix incomplete validation of ioctl arg (git-fixes).
  * nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
  * nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
  * nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
  * null_blk: Always check queue mode setting from configfs (git-fixes).
  * powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-
    IOV device (bsc#1212091 ltc#199106 git-fixes).
  * rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-
    fixes).
  * rbd: decouple header read-in from updating rbd_dev->header (git-fixes).
  * rbd: decouple parent info read-in from updating rbd_dev (git-fixes).
  * rbd: get snapshot context after exclusive lock is ensured to be held (git-
    fixes).
  * rbd: harden get_lock_owner_info() a bit (git-fixes).
  * rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).
  * rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
  * rbd: move rbd_dev_refresh() definition (git-fixes).
  * rbd: prevent busy loop when requesting exclusive lock (git-fixes).
  * rbd: retrieve and check lock owner twice before blocklisting (git-fixes).
  * rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).
  * sched/isolation: add cpu_is_isolated() API (bsc#1217895).
  * scsi: ibmvfc: Implement channel queue depth and event buffer accounting
    (bsc#1209834 ltc#202097).
  * scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834
    ltc#202097).
  * trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
  * vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-515=1

  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4  
    zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-515=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-515=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-515=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-515=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-515=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-515=1

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2024-515=1

  * openSUSE Leap Micro 5.3  
    zypper in -t patch openSUSE-Leap-Micro-5.3-2024-515=1

  * openSUSE Leap Micro 5.4  
    zypper in -t patch openSUSE-Leap-Micro-5.4-2024-515=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2024-515=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2024-515=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2024-515=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2024-515=1

  * SUSE Linux Enterprise Live Patching 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-515=1  
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

  * SUSE Linux Enterprise High Availability Extension 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-515=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-515=1

## Package List:

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
    * kernel-64kb-devel-5.14.21-150400.24.108.1
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-64kb-debugsource-5.14.21-150400.24.108.1
    * kernel-64kb-debuginfo-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc
    x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-obs-build-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
    * kernel-default-devel-5.14.21-150400.24.108.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.108.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-syms-5.14.21-150400.24.108.1
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * reiserfs-kmp-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
    * kernel-source-5.14.21-150400.24.108.1
    * kernel-macros-5.14.21-150400.24.108.1
    * kernel-devel-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (nosrc x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
    * kernel-default-extra-5.14.21-150400.24.108.1
    * kernel-obs-build-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
    * kernel-default-devel-5.14.21-150400.24.108.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.108.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-syms-5.14.21-150400.24.108.1
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-extra-debuginfo-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
    * kernel-source-5.14.21-150400.24.108.1
    * kernel-macros-5.14.21-150400.24.108.1
    * kernel-devel-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64)
    * kernel-64kb-devel-5.14.21-150400.24.108.1
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-64kb-debugsource-5.14.21-150400.24.108.1
    * kernel-64kb-debuginfo-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
    x86_64 nosrc)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le x86_64)
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
    x86_64)
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
    * kernel-default-devel-5.14.21-150400.24.108.1
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.108.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-syms-5.14.21-150400.24.108.1
    * kernel-obs-build-5.14.21-150400.24.108.1
    * reiserfs-kmp-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
    * kernel-source-5.14.21-150400.24.108.1
    * kernel-macros-5.14.21-150400.24.108.1
    * kernel-devel-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (s390x)
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.108.1
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le
    x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-obs-build-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
    * kernel-default-devel-5.14.21-150400.24.108.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.108.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-syms-5.14.21-150400.24.108.1
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * reiserfs-kmp-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
    * kernel-source-5.14.21-150400.24.108.1
    * kernel-macros-5.14.21-150400.24.108.1
    * kernel-devel-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.108.1
  * SUSE Manager Proxy 4.3 (nosrc x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.108.1
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
    * kernel-default-devel-5.14.21-150400.24.108.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
  * SUSE Manager Proxy 4.3 (noarch)
    * kernel-macros-5.14.21-150400.24.108.1
    * kernel-devel-5.14.21-150400.24.108.1
  * SUSE Manager Retail Branch Server 4.3 (nosrc x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.108.1
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
    * kernel-default-devel-5.14.21-150400.24.108.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
  * SUSE Manager Retail Branch Server 4.3 (noarch)
    * kernel-macros-5.14.21-150400.24.108.1
    * kernel-devel-5.14.21-150400.24.108.1
  * SUSE Manager Server 4.3 (nosrc ppc64le s390x x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Manager Server 4.3 (ppc64le x86_64)
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-devel-5.14.21-150400.24.108.1
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
  * SUSE Manager Server 4.3 (noarch)
    * kernel-macros-5.14.21-150400.24.108.1
    * kernel-devel-5.14.21-150400.24.108.1
  * SUSE Manager Server 4.3 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.108.1
  * SUSE Manager Server 4.3 (s390x)
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.108.1
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (noarch)
    * kernel-source-vanilla-5.14.21-150400.24.108.1
    * kernel-source-5.14.21-150400.24.108.1
    * kernel-docs-html-5.14.21-150400.24.108.1
    * kernel-macros-5.14.21-150400.24.108.1
    * kernel-devel-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (nosrc ppc64le x86_64)
    * kernel-debug-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (ppc64le x86_64)
    * kernel-debug-debuginfo-5.14.21-150400.24.108.1
    * kernel-debug-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-debug-livepatch-devel-5.14.21-150400.24.108.1
    * kernel-debug-devel-5.14.21-150400.24.108.1
    * kernel-debug-debugsource-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
    * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.108.1
    * kernel-kvmsmall-debuginfo-5.14.21-150400.24.108.1
    * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
    * kernel-kvmsmall-devel-5.14.21-150400.24.108.1
    * kernel-default-base-rebuild-5.14.21-150400.24.108.1.150400.24.50.2
    * kernel-kvmsmall-debugsource-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
    * kernel-default-livepatch-5.14.21-150400.24.108.1
    * kernel-default-optional-5.14.21-150400.24.108.1
    * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-syms-5.14.21-150400.24.108.1
    * kernel-default-extra-debuginfo-5.14.21-150400.24.108.1
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-optional-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
    * dlm-kmp-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-devel-5.14.21-150400.24.108.1
    * dlm-kmp-default-5.14.21-150400.24.108.1
    * kernel-default-extra-5.14.21-150400.24.108.1
    * kselftests-kmp-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-obs-qa-5.14.21-150400.24.108.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.108.1
    * gfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * reiserfs-kmp-default-5.14.21-150400.24.108.1
    * cluster-md-kmp-default-5.14.21-150400.24.108.1
    * ocfs2-kmp-default-5.14.21-150400.24.108.1
    * kernel-default-livepatch-devel-5.14.21-150400.24.108.1
    * gfs2-kmp-default-5.14.21-150400.24.108.1
    * kselftests-kmp-default-5.14.21-150400.24.108.1
    * kernel-obs-build-5.14.21-150400.24.108.1
    * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
    * kernel-default-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
    * kernel-kvmsmall-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (ppc64le s390x x86_64)
    * kernel-livepatch-SLE15-SP4_Update_23-debugsource-1-150400.9.5.1
    * kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-1-150400.9.5.1
    * kernel-livepatch-5_14_21-150400_24_108-default-1-150400.9.5.1
  * openSUSE Leap 15.4 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (s390x)
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.108.1
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (nosrc)
    * dtb-aarch64-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (aarch64)
    * dtb-altera-5.14.21-150400.24.108.1
    * dtb-amlogic-5.14.21-150400.24.108.1
    * dtb-nvidia-5.14.21-150400.24.108.1
    * dtb-xilinx-5.14.21-150400.24.108.1
    * kernel-64kb-livepatch-devel-5.14.21-150400.24.108.1
    * kselftests-kmp-64kb-5.14.21-150400.24.108.1
    * dtb-apm-5.14.21-150400.24.108.1
    * reiserfs-kmp-64kb-5.14.21-150400.24.108.1
    * dtb-lg-5.14.21-150400.24.108.1
    * gfs2-kmp-64kb-5.14.21-150400.24.108.1
    * dtb-qcom-5.14.21-150400.24.108.1
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1
    * ocfs2-kmp-64kb-5.14.21-150400.24.108.1
    * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
    * kernel-64kb-devel-5.14.21-150400.24.108.1
    * dtb-allwinner-5.14.21-150400.24.108.1
    * dtb-hisilicon-5.14.21-150400.24.108.1
    * dtb-rockchip-5.14.21-150400.24.108.1
    * dlm-kmp-64kb-5.14.21-150400.24.108.1
    * dtb-freescale-5.14.21-150400.24.108.1
    * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
    * dtb-amazon-5.14.21-150400.24.108.1
    * cluster-md-kmp-64kb-5.14.21-150400.24.108.1
    * dtb-broadcom-5.14.21-150400.24.108.1
    * dtb-renesas-5.14.21-150400.24.108.1
    * kernel-64kb-extra-debuginfo-5.14.21-150400.24.108.1
    * kernel-64kb-extra-5.14.21-150400.24.108.1
    * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
    * dtb-cavium-5.14.21-150400.24.108.1
    * kernel-64kb-optional-debuginfo-5.14.21-150400.24.108.1
    * kernel-64kb-optional-5.14.21-150400.24.108.1
    * dtb-apple-5.14.21-150400.24.108.1
    * dtb-marvell-5.14.21-150400.24.108.1
    * dtb-mediatek-5.14.21-150400.24.108.1
    * dtb-arm-5.14.21-150400.24.108.1
    * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
    * dtb-sprd-5.14.21-150400.24.108.1
    * kernel-64kb-debuginfo-5.14.21-150400.24.108.1
    * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
    * dtb-exynos-5.14.21-150400.24.108.1
    * dtb-amd-5.14.21-150400.24.108.1
    * dtb-socionext-5.14.21-150400.24.108.1
    * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
    * kernel-64kb-debugsource-5.14.21-150400.24.108.1
  * openSUSE Leap 15.4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.108.1
  * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * openSUSE Leap Micro 5.3 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
  * openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * openSUSE Leap Micro 5.4 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
  * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.108.1
    * kernel-default-livepatch-devel-5.14.21-150400.24.108.1
    * kernel-livepatch-SLE15-SP4_Update_23-debugsource-1-150400.9.5.1
    * kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-1-150400.9.5.1
    * kernel-default-livepatch-5.14.21-150400.24.108.1
    * kernel-livepatch-5_14_21-150400_24_108-default-1-150400.9.5.1
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
    s390x x86_64)
    * ocfs2-kmp-default-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
    * gfs2-kmp-default-5.14.21-150400.24.108.1
    * cluster-md-kmp-default-5.14.21-150400.24.108.1
    * dlm-kmp-default-debuginfo-5.14.21-150400.24.108.1
    * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1
    * gfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1
    * dlm-kmp-default-5.14.21-150400.24.108.1
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    nosrc)
    * kernel-64kb-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
    * kernel-64kb-devel-5.14.21-150400.24.108.1
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-64kb-debugsource-5.14.21-150400.24.108.1
    * kernel-64kb-debuginfo-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc
    x86_64)
    * kernel-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
    * kernel-obs-build-5.14.21-150400.24.108.1
    * kernel-default-debugsource-5.14.21-150400.24.108.1
    * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
    * kernel-default-devel-5.14.21-150400.24.108.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.108.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
    * kernel-syms-5.14.21-150400.24.108.1
    * kernel-default-debuginfo-5.14.21-150400.24.108.1
    * reiserfs-kmp-default-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
    * kernel-source-5.14.21-150400.24.108.1
    * kernel-macros-5.14.21-150400.24.108.1
    * kernel-devel-5.14.21-150400.24.108.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.108.1

## References:

  * https://www.suse.com/security/cve/CVE-2021-33631.html
  * https://www.suse.com/security/cve/CVE-2023-46838.html
  * https://www.suse.com/security/cve/CVE-2023-47233.html
  * https://www.suse.com/security/cve/CVE-2023-4921.html
  * https://www.suse.com/security/cve/CVE-2023-51042.html
  * https://www.suse.com/security/cve/CVE-2023-51043.html
  * https://www.suse.com/security/cve/CVE-2023-51780.html
  * https://www.suse.com/security/cve/CVE-2023-51782.html
  * https://www.suse.com/security/cve/CVE-2023-6040.html
  * https://www.suse.com/security/cve/CVE-2023-6356.html
  * https://www.suse.com/security/cve/CVE-2023-6535.html
  * https://www.suse.com/security/cve/CVE-2023-6536.html
  * https://www.suse.com/security/cve/CVE-2023-6915.html
  * https://www.suse.com/security/cve/CVE-2024-0340.html
  * https://www.suse.com/security/cve/CVE-2024-0565.html
  * https://www.suse.com/security/cve/CVE-2024-0641.html
  * https://www.suse.com/security/cve/CVE-2024-0775.html
  * https://www.suse.com/security/cve/CVE-2024-1085.html
  * https://www.suse.com/security/cve/CVE-2024-1086.html
  * https://www.suse.com/security/cve/CVE-2024-24860.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1108281
  * https://bugzilla.suse.com/show_bug.cgi?id=1177529
  * https://bugzilla.suse.com/show_bug.cgi?id=1209834
  * https://bugzilla.suse.com/show_bug.cgi?id=1212091
  * https://bugzilla.suse.com/show_bug.cgi?id=1215275
  * https://bugzilla.suse.com/show_bug.cgi?id=1215885
  * https://bugzilla.suse.com/show_bug.cgi?id=1216016
  * https://bugzilla.suse.com/show_bug.cgi?id=1216702
  * https://bugzilla.suse.com/show_bug.cgi?id=1217217
  * https://bugzilla.suse.com/show_bug.cgi?id=1217670
  * https://bugzilla.suse.com/show_bug.cgi?id=1217895
  * https://bugzilla.suse.com/show_bug.cgi?id=1217987
  * https://bugzilla.suse.com/show_bug.cgi?id=1217988
  * https://bugzilla.suse.com/show_bug.cgi?id=1217989
  * https://bugzilla.suse.com/show_bug.cgi?id=1218689
  * https://bugzilla.suse.com/show_bug.cgi?id=1218713
  * https://bugzilla.suse.com/show_bug.cgi?id=1218730
  * https://bugzilla.suse.com/show_bug.cgi?id=1218752
  * https://bugzilla.suse.com/show_bug.cgi?id=1218757
  * https://bugzilla.suse.com/show_bug.cgi?id=1218768
  * https://bugzilla.suse.com/show_bug.cgi?id=1218804
  * https://bugzilla.suse.com/show_bug.cgi?id=1218832
  * https://bugzilla.suse.com/show_bug.cgi?id=1218836
  * https://bugzilla.suse.com/show_bug.cgi?id=1218916
  * https://bugzilla.suse.com/show_bug.cgi?id=1218929
  * https://bugzilla.suse.com/show_bug.cgi?id=1218930
  * https://bugzilla.suse.com/show_bug.cgi?id=1218968
  * https://bugzilla.suse.com/show_bug.cgi?id=1219053
  * https://bugzilla.suse.com/show_bug.cgi?id=1219120
  * https://bugzilla.suse.com/show_bug.cgi?id=1219128
  * https://bugzilla.suse.com/show_bug.cgi?id=1219349
  * https://bugzilla.suse.com/show_bug.cgi?id=1219412
  * https://bugzilla.suse.com/show_bug.cgi?id=1219429
  * https://bugzilla.suse.com/show_bug.cgi?id=1219434
  * https://bugzilla.suse.com/show_bug.cgi?id=1219490
  * https://bugzilla.suse.com/show_bug.cgi?id=1219608

openSUSE: 2024:0515-1: important: the Linux Kernel Security Advisory Update

February 15, 2024

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes

Description

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429). * CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). * CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). * CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). * CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). * CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). * CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). * CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). * CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). * CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). * CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). * CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). * CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). * CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916). * CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). * CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). * CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). * CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). * CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608). The following non-security bugs were fixed: * Store the old kernel changelog entries in kernel-docs package (bsc#1218713). * bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). * bcache: Remove unnecessary NULL point check in node allocations (git-fixes). * bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). * bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). * bcache: avoid oversize memory allocation by small stripe_size (git-fixes). * bcache: check return value from btree_node_alloc_replacement() (git-fixes). * bcache: fixup btree_cache_wait list damage (git-fixes). * bcache: fixup init dirty data errors (git-fixes). * bcache: fixup lock c->root error (git-fixes). * bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git- fixes). * bcache: prevent potential division by zero error (git-fixes). * bcache: remove redundant assignment to variable cur_idx (git-fixes). * bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). * bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). * block: Fix kabi header include (bsc#1218929). * block: free the extended dev_t minor later (bsc#1218930). * clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217). * clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). * dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). * dm cache: add cond_resched() to various workqueue loops (git-fixes). * dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git- fixes). * dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). * dm crypt: avoid accessing uninitialized tasklet (git-fixes). * dm flakey: do not corrupt the zero page (git-fixes). * dm flakey: fix a crash with invalid table line (git-fixes). * dm flakey: fix logic when corrupting a bio (git-fixes). * dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). * dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). * dm integrity: reduce vmalloc space footprint on 32-bit architectures (git- fixes). * dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). * dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git- fixes). * dm stats: check for and propagate alloc_percpu failure (git-fixes). * dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git- fixes). * dm thin metadata: check fail_io before using data_sm (git-fixes). * dm thin: add cond_resched() to various workqueue loops (git-fixes). * dm thin: fix deadlock when swapping to thin device (bsc#1177529). * dm verity: do not perform FEC for failed readahead IO (git-fixes). * dm verity: fix error handling for check_at_most_once on FEC (git-fixes). * dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes). * dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). * dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). * dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). * dm-verity: align struct dm_verity_fec_io properly (git-fixes). * dm: add cond_resched() to dm_wq_work() (git-fixes). * dm: do not lock fs when the map is NULL during suspend or resume (git- fixes). * dm: do not lock fs when the map is NULL in process of resume (git-fixes). * dm: remove flush_scheduled_work() during local_exit() (git-fixes). * dm: send just one event on resize, not two (git-fixes). * doc/README.KSYMS: Add to repo. * hv_netvsc: rndis_filter needs to select NLS (git-fixes). * intel_idle: add Emerald Rapids Xeon support (bsc#1216016). * kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). * loop: suppress uevents while reconfiguring the device (git-fixes). * nbd: Fix debugfs_create_dir error checking (git-fixes). * nbd: fix incomplete validation of ioctl arg (git-fixes). * nbd: use the correct block_device in nbd_bdev_reset (git-fixes). * nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). * nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). * null_blk: Always check queue mode setting from configfs (git-fixes). * powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR- IOV device (bsc#1212091 ltc#199106 git-fixes). * rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git- fixes). * rbd: decouple header read-in from updating rbd_dev->header (git-fixes). * rbd: decouple parent info read-in from updating rbd_dev (git-fixes). * rbd: get snapshot context after exclusive lock is ensured to be held (git- fixes). * rbd: harden get_lock_owner_info() a bit (git-fixes). * rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes). * rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes). * rbd: move rbd_dev_refresh() definition (git-fixes). * rbd: prevent busy loop when requesting exclusive lock (git-fixes). * rbd: retrieve and check lock owner twice before blocklisting (git-fixes). * rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes). * sched/isolation: add cpu_is_isolated() API (bsc#1217895). * scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097). * scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097). * trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). * vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). ## Special Instructions and Notes: * Please reboot the system after installing this update.

Patch

## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-515=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-515=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-515=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-515=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-515=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-515=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-515=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-515=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-515=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-515=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-515=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-515=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-515=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-515=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-515=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-515=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-515=1

Package List

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64) * kernel-64kb-devel-5.14.21-150400.24.108.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-64kb-debugsource-5.14.21-150400.24.108.1 * kernel-64kb-debuginfo-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1 * kernel-obs-build-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * kernel-default-devel-5.14.21-150400.24.108.1 * kernel-obs-build-debugsource-5.14.21-150400.24.108.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-syms-5.14.21-150400.24.108.1 * kernel-default-debuginfo-5.14.21-150400.24.108.1 * reiserfs-kmp-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * kernel-source-5.14.21-150400.24.108.1 * kernel-macros-5.14.21-150400.24.108.1 * kernel-devel-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (nosrc x86_64) * kernel-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * kernel-default-extra-5.14.21-150400.24.108.1 * kernel-obs-build-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * kernel-default-devel-5.14.21-150400.24.108.1 * kernel-obs-build-debugsource-5.14.21-150400.24.108.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-syms-5.14.21-150400.24.108.1 * kernel-default-debuginfo-5.14.21-150400.24.108.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.108.1 * kernel-macros-5.14.21-150400.24.108.1 * kernel-devel-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64) * kernel-64kb-devel-5.14.21-150400.24.108.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-64kb-debugsource-5.14.21-150400.24.108.1 * kernel-64kb-debuginfo-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * kernel-default-devel-5.14.21-150400.24.108.1 * kernel-default-debuginfo-5.14.21-150400.24.108.1 * kernel-obs-build-debugsource-5.14.21-150400.24.108.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-syms-5.14.21-150400.24.108.1 * kernel-obs-build-5.14.21-150400.24.108.1 * reiserfs-kmp-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.108.1 * kernel-macros-5.14.21-150400.24.108.1 * kernel-devel-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.108.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64) * kernel-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1 * kernel-obs-build-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * kernel-default-devel-5.14.21-150400.24.108.1 * kernel-obs-build-debugsource-5.14.21-150400.24.108.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-syms-5.14.21-150400.24.108.1 * kernel-default-debuginfo-5.14.21-150400.24.108.1 * reiserfs-kmp-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * kernel-source-5.14.21-150400.24.108.1 * kernel-macros-5.14.21-150400.24.108.1 * kernel-devel-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.108.1 * SUSE Manager Proxy 4.3 (nosrc x86_64) * kernel-default-5.14.21-150400.24.108.1 * SUSE Manager Proxy 4.3 (x86_64) * kernel-default-debugsource-5.14.21-150400.24.108.1 * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * kernel-default-devel-5.14.21-150400.24.108.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-default-debuginfo-5.14.21-150400.24.108.1 * SUSE Manager Proxy 4.3 (noarch) * kernel-macros-5.14.21-150400.24.108.1 * kernel-devel-5.14.21-150400.24.108.1 * SUSE Manager Retail Branch Server 4.3 (nosrc x86_64) * kernel-default-5.14.21-150400.24.108.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * kernel-default-debugsource-5.14.21-150400.24.108.1 * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * kernel-default-devel-5.14.21-150400.24.108.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-default-debuginfo-5.14.21-150400.24.108.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * kernel-macros-5.14.21-150400.24.108.1 * kernel-devel-5.14.21-150400.24.108.1 * SUSE Manager Server 4.3 (nosrc ppc64le s390x x86_64) * kernel-default-5.14.21-150400.24.108.1 * SUSE Manager Server 4.3 (ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-default-devel-5.14.21-150400.24.108.1 * kernel-default-debuginfo-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * SUSE Manager Server 4.3 (noarch) * kernel-macros-5.14.21-150400.24.108.1 * kernel-devel-5.14.21-150400.24.108.1 * SUSE Manager Server 4.3 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.108.1 * SUSE Manager Server 4.3 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.108.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (noarch) * kernel-source-vanilla-5.14.21-150400.24.108.1 * kernel-source-5.14.21-150400.24.108.1 * kernel-docs-html-5.14.21-150400.24.108.1 * kernel-macros-5.14.21-150400.24.108.1 * kernel-devel-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-debuginfo-5.14.21-150400.24.108.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-debug-livepatch-devel-5.14.21-150400.24.108.1 * kernel-debug-devel-5.14.21-150400.24.108.1 * kernel-debug-debugsource-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.108.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.108.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * kernel-kvmsmall-devel-5.14.21-150400.24.108.1 * kernel-default-base-rebuild-5.14.21-150400.24.108.1.150400.24.50.2 * kernel-kvmsmall-debugsource-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-livepatch-5.14.21-150400.24.108.1 * kernel-default-optional-5.14.21-150400.24.108.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1 * kernel-syms-5.14.21-150400.24.108.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.108.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.108.1 * kernel-default-devel-5.14.21-150400.24.108.1 * dlm-kmp-default-5.14.21-150400.24.108.1 * kernel-default-extra-5.14.21-150400.24.108.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.108.1 * kernel-obs-qa-5.14.21-150400.24.108.1 * kernel-obs-build-debugsource-5.14.21-150400.24.108.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-default-debuginfo-5.14.21-150400.24.108.1 * reiserfs-kmp-default-5.14.21-150400.24.108.1 * cluster-md-kmp-default-5.14.21-150400.24.108.1 * ocfs2-kmp-default-5.14.21-150400.24.108.1 * kernel-default-livepatch-devel-5.14.21-150400.24.108.1 * gfs2-kmp-default-5.14.21-150400.24.108.1 * kselftests-kmp-default-5.14.21-150400.24.108.1 * kernel-obs-build-5.14.21-150400.24.108.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_23-debugsource-1-150400.9.5.1 * kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-1-150400.9.5.1 * kernel-livepatch-5_14_21-150400_24_108-default-1-150400.9.5.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.108.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (aarch64) * dtb-altera-5.14.21-150400.24.108.1 * dtb-amlogic-5.14.21-150400.24.108.1 * dtb-nvidia-5.14.21-150400.24.108.1 * dtb-xilinx-5.14.21-150400.24.108.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.108.1 * kselftests-kmp-64kb-5.14.21-150400.24.108.1 * dtb-apm-5.14.21-150400.24.108.1 * reiserfs-kmp-64kb-5.14.21-150400.24.108.1 * dtb-lg-5.14.21-150400.24.108.1 * gfs2-kmp-64kb-5.14.21-150400.24.108.1 * dtb-qcom-5.14.21-150400.24.108.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1 * ocfs2-kmp-64kb-5.14.21-150400.24.108.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.108.1 * kernel-64kb-devel-5.14.21-150400.24.108.1 * dtb-allwinner-5.14.21-150400.24.108.1 * dtb-hisilicon-5.14.21-150400.24.108.1 * dtb-rockchip-5.14.21-150400.24.108.1 * dlm-kmp-64kb-5.14.21-150400.24.108.1 * dtb-freescale-5.14.21-150400.24.108.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.108.1 * dtb-amazon-5.14.21-150400.24.108.1 * cluster-md-kmp-64kb-5.14.21-150400.24.108.1 * dtb-broadcom-5.14.21-150400.24.108.1 * dtb-renesas-5.14.21-150400.24.108.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.108.1 * kernel-64kb-extra-5.14.21-150400.24.108.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.108.1 * dtb-cavium-5.14.21-150400.24.108.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.108.1 * kernel-64kb-optional-5.14.21-150400.24.108.1 * dtb-apple-5.14.21-150400.24.108.1 * dtb-marvell-5.14.21-150400.24.108.1 * dtb-mediatek-5.14.21-150400.24.108.1 * dtb-arm-5.14.21-150400.24.108.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.108.1 * dtb-sprd-5.14.21-150400.24.108.1 * kernel-64kb-debuginfo-5.14.21-150400.24.108.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.108.1 * dtb-exynos-5.14.21-150400.24.108.1 * dtb-amd-5.14.21-150400.24.108.1 * dtb-socionext-5.14.21-150400.24.108.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.108.1 * kernel-64kb-debugsource-5.14.21-150400.24.108.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.108.1 * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.108.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * kernel-default-debuginfo-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.108.1 * openSUSE Leap Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.108.1 * kernel-default-livepatch-devel-5.14.21-150400.24.108.1 * kernel-livepatch-SLE15-SP4_Update_23-debugsource-1-150400.9.5.1 * kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-1-150400.9.5.1 * kernel-default-livepatch-5.14.21-150400.24.108.1 * kernel-livepatch-5_14_21-150400_24_108-default-1-150400.9.5.1 * kernel-default-debuginfo-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * gfs2-kmp-default-5.14.21-150400.24.108.1 * cluster-md-kmp-default-5.14.21-150400.24.108.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.108.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1 * dlm-kmp-default-5.14.21-150400.24.108.1 * kernel-default-debuginfo-5.14.21-150400.24.108.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64) * kernel-64kb-devel-5.14.21-150400.24.108.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-64kb-debugsource-5.14.21-150400.24.108.1 * kernel-64kb-debuginfo-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1 * kernel-obs-build-5.14.21-150400.24.108.1 * kernel-default-debugsource-5.14.21-150400.24.108.1 * kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2 * kernel-default-devel-5.14.21-150400.24.108.1 * kernel-obs-build-debugsource-5.14.21-150400.24.108.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.108.1 * kernel-syms-5.14.21-150400.24.108.1 * kernel-default-debuginfo-5.14.21-150400.24.108.1 * reiserfs-kmp-default-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * kernel-source-5.14.21-150400.24.108.1 * kernel-macros-5.14.21-150400.24.108.1 * kernel-devel-5.14.21-150400.24.108.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.108.1

References

* bsc#1108281 * bsc#1177529 * bsc#1209834 * bsc#1212091 * bsc#1215275 * bsc#1215885 * bsc#1216016 * bsc#1216702 * bsc#1217217 * bsc#1217670 * bsc#1217895 * bsc#1217987 * bsc#1217988 * bsc#1217989 * bsc#1218689 * bsc#1218713 * bsc#1218730 * bsc#1218752 * bsc#1218757 * bsc#1218768 * bsc#1218804 * bsc#1218832 * bsc#1218836 * bsc#1218916 * bsc#1218929 * bsc#1218930 * bsc#1218968 * bsc#1219053 * bsc#1219120 * bsc#1219128 * bsc#1219349 * bsc#1219412 * bsc#1219429 * bsc#1219434 * bsc#1219490 * bsc#1219608 ## References: * https://www.suse.com/security/cve/CVE-2021-33631.html * https://www.suse.com/security/cve/CVE-2023-46838.html * https://www.suse.com/security/cve/CVE-2023-47233.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://www.suse.com/security/cve/CVE-2023-51042.html * https://www.suse.com/security/cve/CVE-2023-51043.html * https://www.suse.com/security/cve/CVE-2023-51780.html * https://www.suse.com/security/cve/CVE-2023-51782.html * https://www.suse.com/security/cve/CVE-2023-6040.html * https://www.suse.com/security/cve/CVE-2023-6356.html * https://www.suse.com/security/cve/CVE-2023-6535.html * https://www.suse.com/security/cve/CVE-2023-6536.html * https://www.suse.com/security/cve/CVE-2023-6915.html * https://www.suse.com/security/cve/CVE-2024-0340.html * https://www.suse.com/security/cve/CVE-2024-0565.html * https://www.suse.com/security/cve/CVE-2024-0641.html * https://www.suse.com/security/cve/CVE-2024-0775.html * https://www.suse.com/security/cve/CVE-2024-1085.html * https://www.suse.com/security/cve/CVE-2024-1086.html * https://www.suse.com/security/cve/CVE-2024-24860.html * https://bugzilla.suse.com/show_bug.cgi?id=1108281 * https://bugzilla.suse.com/show_bug.cgi?id=1177529 * https://bugzilla.suse.com/show_bug.cgi?id=1209834 * https://bugzilla.suse.com/show_bug.cgi?id=1212091 * https://bugzilla.suse.com/show_bug.cgi?id=1215275 * https://bugzilla.suse.com/show_bug.cgi?id=1215885 * https://bugzilla.suse.com/show_bug.cgi?id=1216016 * https://bugzilla.suse.com/show_bug.cgi?id=1216702 * https://bugzilla.suse.com/show_bug.cgi?id=1217217 * https://bugzilla.suse.com/show_bug.cgi?id=1217670 * https://bugzilla.suse.com/show_bug.cgi?id=1217895 * https://bugzilla.suse.com/show_bug.cgi?id=1217987 * https://bugzilla.suse.com/show_bug.cgi?id=1217988 * https://bugzilla.suse.com/show_bug.cgi?id=1217989 * https://bugzilla.suse.com/show_bug.cgi?id=1218689 * https://bugzilla.suse.com/show_bug.cgi?id=1218713 * https://bugzilla.suse.com/show_bug.cgi?id=1218730 * https://bugzilla.suse.com/show_bug.cgi?id=1218752 * https://bugzilla.suse.com/show_bug.cgi?id=1218757 * https://bugzilla.suse.com/show_bug.cgi?id=1218768 * https://bugzilla.suse.com/show_bug.cgi?id=1218804 * https://bugzilla.suse.com/show_bug.cgi?id=1218832 * https://bugzilla.suse.com/show_bug.cgi?id=1218836 * https://bugzilla.suse.com/show_bug.cgi?id=1218916 * https://bugzilla.suse.com/show_bug.cgi?id=1218929 * https://bugzilla.suse.com/show_bug.cgi?id=1218930 * https://bugzilla.suse.com/show_bug.cgi?id=1218968 * https://bugzilla.suse.com/show_bug.cgi?id=1219053 * https://bugzilla.suse.com/show_bug.cgi?id=1219120 * https://bugzilla.suse.com/show_bug.cgi?id=1219128 * https://bugzilla.suse.com/show_bug.cgi?id=1219349 * https://bugzilla.suse.com/show_bug.cgi?id=1219412 * https://bugzilla.suse.com/show_bug.cgi?id=1219429 * https://bugzilla.suse.com/show_bug.cgi?id=1219434 * https://bugzilla.suse.com/show_bug.cgi?id=1219490 * https://bugzilla.suse.com/show_bug.cgi?id=1219608