SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2104-1
Rating:             important
References:         #1028340 #1065729 #1071995 #1158266 #1177282 
                    #1191647 #1195651 #1195926 #1196114 #1196367 
                    #1196426 #1196433 #1196514 #1196570 #1196942 
                    #1197157 #1197343 #1197472 #1197656 #1197660 
                    #1197895 #1198330 #1198400 #1198484 #1198516 
                    #1198577 #1198660 #1198687 #1198778 #1198825 
                    #1199012 #1199063 #1199314 #1199505 #1199507 
                    #1199605 #1199650 #1199918 #1200015 #1200143 
                    #1200144 #1200249 SLE-18234 
Cross-References:   CVE-2019-19377 CVE-2020-26541 CVE-2021-20321
                    CVE-2021-33061 CVE-2022-0168 CVE-2022-1011
                    CVE-2022-1158 CVE-2022-1184 CVE-2022-1353
                    CVE-2022-1516 CVE-2022-1652 CVE-2022-1729
                    CVE-2022-1734 CVE-2022-1966 CVE-2022-1974
                    CVE-2022-1975 CVE-2022-21123 CVE-2022-21125
                    CVE-2022-21127 CVE-2022-21166 CVE-2022-21180
                    CVE-2022-28893 CVE-2022-30594
CVSS scores:
                    CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-0168 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
                    CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
                    CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
                    CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-28893 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-28893 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Enterprise Storage 7
                    SUSE Linux Enterprise High Availability 15-SP2
                    SUSE Linux Enterprise High Performance Computing 15-SP2
                    SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
                    SUSE Linux Enterprise Module for Live Patching 15-SP2
                    SUSE Linux Enterprise Server 15-SP2
                    SUSE Linux Enterprise Server 15-SP2-BCL
                    SUSE Linux Enterprise Server 15-SP2-LTSS
                    SUSE Linux Enterprise Server for SAP 15-SP2
                    SUSE Linux Enterprise Server for SAP Applications 15-SP2
                    SUSE Manager Proxy 4.1
                    SUSE Manager Retail Branch Server 4.1
                    SUSE Manager Server 4.1
______________________________________________________________________________

   An update that solves 23 vulnerabilities, contains one
   feature and has 19 fixes is now available.

Description:


   The SUSE Linux Enterprise 15 SP2 kernel was updated.

   The following security bugs were fixed:

   - CVE-2022-0168: Fixed a NULL pointer dereference in
     smb2_ioctl_query_info. (bsc#1197472)
   - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem.
     This flaw allowed a local attacker with user access to cause a privilege
     escalation issue. (bnc#1200015)
   - CVE-2022-28893: Ensuring that sockets are in the intended state inside
     the SUNRPC subsystem (bnc#1198330).
   - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the
     user address (bsc#1197660).
   - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux
     kernel by simulating nfc device from user-space. (bsc#1200143)
   - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
     simulating an nfc device from user-space. (bsc#1200144)
   - CVE-2020-26541: Enforce the secure boot forbidden signature database
     (aka dbx) protection mechanism. (bnc#1177282)
   - CVE-2019-19377: Fixed an user-after-free that could be triggered when an
     attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
   - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
     (bsc#1199507).
   - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
     mounting and operating on a corrupted image. (bsc#1198577)
   - CVE-2022-1652: Fixed a statically allocated error counter inside the
     floppy kernel module (bsc#1199063).
   - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
     cleanup routine and firmware download routine. (bnc#1199605)
   - CVE-2022-30594: Fixed restriction bypass on setting the
     PT_SUSPEND_SECCOMP flag (bnc#1199505).
   - CVE-2021-33061: Fixed insufficient control flow management for the
     Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed
     an authenticated user to potentially enable denial of service via local
     access (bnc#1196426).
   - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect
     (bsc#1199012).
   - CVE-2021-20321: Fixed a race condition accessing file object in the
     OverlayFS subsystem in the way users do rename in specific way with
     OverlayFS. A local user could have used this flaw to crash the system
     (bnc#1191647).
   - CVE-2022-1353: Fixed access controll to kernel memory in the
     pfkey_register function in net/key/af_key.c. (bnc#1198516)
   - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a
     local attacker to retireve (partial) /etc/shadow hashes or any other
     data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)

   The following non-security bugs were fixed:

   - btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
   - cifs: fix bad fids sent over wire (bsc#1197157).
   - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).
   - direct-io: defer alignment check until after the EOF check (bsc#1197656).
   - direct-io: do not force writeback for reads beyond EOF (bsc#1197656).
   - net: ena: A typo fix in the file ena_com.h (bsc#1198778).
   - net: ena: Add capabilities field with support for ENI stats capability
     (bsc#1198778).
   - net: ena: Add debug prints for invalid req_id resets (bsc#1198778).
   - net: ena: add device distinct log prefix to files (bsc#1198778).
   - net: ena: add jiffies of last napi call to stats (bsc#1198778).
   - net: ena: aggregate doorbell common operations into a function
     (bsc#1198778).
   - net: ena: aggregate stats increase into a function (bsc#1198778).
   - net: ena: Change ENI stats support check to use capabilities field
     (bsc#1198778).
   - net: ena: Change return value of ena_calc_io_queue_size() to void
     (bsc#1198778).
   - net: ena: Change the name of bad_csum variable (bsc#1198778).
   - net: ena: Extract recurring driver reset code into a function
     (bsc#1198778).
   - net: ena: fix coding style nits (bsc#1198778).
   - net: ena: fix DMA mapping function issues in XDP (bsc#1198778).
   - net: ena: Fix error handling when calculating max IO queues number
     (bsc#1198778).
   - net: ena: fix inaccurate print type (bsc#1198778).
   - net: ena: Fix undefined state when tx request id is out of bounds
     (bsc#1198778).
   - net: ena: Fix wrong rx request id by resetting device (bsc#1198778).
   - net: ena: Improve error logging in driver (bsc#1198778).
   - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT
     (bsc#1198778).
   - net: ena: introduce XDP redirect implementation (bsc#1198778).
   - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778).
   - net: ena: Move reset completion print to the reset function
     (bsc#1198778).
   - net: ena: optimize data access in fast-path code (bsc#1198778).
   - net: ena: re-organize code to improve readability (bsc#1198778).
   - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778).
   - net: ena: remove extra words from comments (bsc#1198778).
   - net: ena: Remove module param and change message severity (bsc#1198778).
   - net: ena: Remove rcu_read_lock() around XDP program invocation
     (bsc#1198778).
   - net: ena: Remove redundant return code check (bsc#1198778).
   - net: ena: Remove unused code (bsc#1198778).
   - net: ena: store values in their appropriate variables types
     (bsc#1198778).
   - net: ena: Update XDP verdict upon failure (bsc#1198778).
   - net: ena: use build_skb() in RX path (bsc#1198778).
   - net: ena: use constant value for net_device allocation (bsc#1198778).
   - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778).
   - net: ena: use xdp_frame in XDP TX flow (bsc#1198778).
   - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778).
   - net: mana: Add counter for packet dropped by XDP (bsc#1195651).
   - net: mana: Add counter for XDP_TX (bsc#1195651).
   - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
   - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
     (bsc#1195651).
   - net: mana: Reuse XDP dropped page (bsc#1195651).
   - net: mana: Use struct_size() helper in mana_gd_create_dma_region()
     (bsc#1195651).
   - NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
   - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
     (bsc#1199314).
   - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1199918).
   - ping: remove pr_err from ping_lookup (bsc#1199918).
   - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433
     ltc#196449).
   - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449).
   - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729
     bsc#1198660 ltc#197803).
   - sched/rt: Disable RT_RUNTIME_SHARE by default (bnc#1197895).
   - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340
     bsc#1198825).
   - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
   - video: hyperv_fb: Fix validation of screen resolution (git-fixes).
   - x86/pm: Save the MSR validity status at context setup (bsc#1198400).
   - x86/speculation: Restore speculation related MSRs during S3 resume
     (bsc#1198400).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2104=1

   - SUSE Manager Retail Branch Server 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2104=1

   - SUSE Manager Proxy 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2104=1

   - SUSE Linux Enterprise Server for SAP 15-SP2:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2104=1

   - SUSE Linux Enterprise Server 15-SP2-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2104=1

   - SUSE Linux Enterprise Server 15-SP2-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2104=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2104=1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2104=1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2104=1

   - SUSE Linux Enterprise High Availability 15-SP2:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2104=1

   - SUSE Enterprise Storage 7:

      zypper in -t patch SUSE-Storage-7-2022-2104=1



Package List:

   - SUSE Manager Server 4.1 (ppc64le s390x x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1
      reiserfs-kmp-default-5.3.18-150200.24.115.1
      reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Manager Server 4.1 (x86_64):

      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1

   - SUSE Manager Server 4.1 (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Manager Retail Branch Server 4.1 (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Manager Retail Branch Server 4.1 (x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1
      reiserfs-kmp-default-5.3.18-150200.24.115.1
      reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Manager Proxy 4.1 (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Manager Proxy 4.1 (x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1
      reiserfs-kmp-default-5.3.18-150200.24.115.1
      reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1
      reiserfs-kmp-default-5.3.18-150200.24.115.1
      reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):

      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1
      reiserfs-kmp-default-5.3.18-150200.24.115.1
      reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64):

      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server 15-SP2-BCL (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-livepatch-5.3.18-150200.24.115.1
      kernel-default-livepatch-devel-5.3.18-150200.24.115.1
      kernel-livepatch-5_3_18-150200_24_115-default-1-150200.5.3.1
      kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-1-150200.5.3.1
      kernel-livepatch-SLE15-SP2_Update_27-debugsource-1-150200.5.3.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-150200.24.115.1
      cluster-md-kmp-default-debuginfo-5.3.18-150200.24.115.1
      dlm-kmp-default-5.3.18-150200.24.115.1
      dlm-kmp-default-debuginfo-5.3.18-150200.24.115.1
      gfs2-kmp-default-5.3.18-150200.24.115.1
      gfs2-kmp-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      ocfs2-kmp-default-5.3.18-150200.24.115.1
      ocfs2-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Enterprise Storage 7 (aarch64 x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1
      reiserfs-kmp-default-5.3.18-150200.24.115.1
      reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Enterprise Storage 7 (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1


References:

   https://www.suse.com/security/cve/CVE-2019-19377.html
   https://www.suse.com/security/cve/CVE-2020-26541.html
   https://www.suse.com/security/cve/CVE-2021-20321.html
   https://www.suse.com/security/cve/CVE-2021-33061.html
   https://www.suse.com/security/cve/CVE-2022-0168.html
   https://www.suse.com/security/cve/CVE-2022-1011.html
   https://www.suse.com/security/cve/CVE-2022-1158.html
   https://www.suse.com/security/cve/CVE-2022-1184.html
   https://www.suse.com/security/cve/CVE-2022-1353.html
   https://www.suse.com/security/cve/CVE-2022-1516.html
   https://www.suse.com/security/cve/CVE-2022-1652.html
   https://www.suse.com/security/cve/CVE-2022-1729.html
   https://www.suse.com/security/cve/CVE-2022-1734.html
   https://www.suse.com/security/cve/CVE-2022-1966.html
   https://www.suse.com/security/cve/CVE-2022-1974.html
   https://www.suse.com/security/cve/CVE-2022-1975.html
   https://www.suse.com/security/cve/CVE-2022-21123.html
   https://www.suse.com/security/cve/CVE-2022-21125.html
   https://www.suse.com/security/cve/CVE-2022-21127.html
   https://www.suse.com/security/cve/CVE-2022-21166.html
   https://www.suse.com/security/cve/CVE-2022-21180.html
   https://www.suse.com/security/cve/CVE-2022-28893.html
   https://www.suse.com/security/cve/CVE-2022-30594.html
   https://bugzilla.suse.com/1028340
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1158266
   https://bugzilla.suse.com/1177282
   https://bugzilla.suse.com/1191647
   https://bugzilla.suse.com/1195651
   https://bugzilla.suse.com/1195926
   https://bugzilla.suse.com/1196114
   https://bugzilla.suse.com/1196367
   https://bugzilla.suse.com/1196426
   https://bugzilla.suse.com/1196433
   https://bugzilla.suse.com/1196514
   https://bugzilla.suse.com/1196570
   https://bugzilla.suse.com/1196942
   https://bugzilla.suse.com/1197157
   https://bugzilla.suse.com/1197343
   https://bugzilla.suse.com/1197472
   https://bugzilla.suse.com/1197656
   https://bugzilla.suse.com/1197660
   https://bugzilla.suse.com/1197895
   https://bugzilla.suse.com/1198330
   https://bugzilla.suse.com/1198400
   https://bugzilla.suse.com/1198484
   https://bugzilla.suse.com/1198516
   https://bugzilla.suse.com/1198577
   https://bugzilla.suse.com/1198660
   https://bugzilla.suse.com/1198687
   https://bugzilla.suse.com/1198778
   https://bugzilla.suse.com/1198825
   https://bugzilla.suse.com/1199012
   https://bugzilla.suse.com/1199063
   https://bugzilla.suse.com/1199314
   https://bugzilla.suse.com/1199505
   https://bugzilla.suse.com/1199507
   https://bugzilla.suse.com/1199605
   https://bugzilla.suse.com/1199650
   https://bugzilla.suse.com/1199918
   https://bugzilla.suse.com/1200015
   https://bugzilla.suse.com/1200143
   https://bugzilla.suse.com/1200144
   https://bugzilla.suse.com/1200249