Sicherheit: Mehrere Probleme in Linux

Lesezeichen hinzufügen

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1624-1
Rating: important
References: #1047233 #1172455 #1173485 #1176720 #1177411
#1178181 #1179454 #1180197 #1181960 #1182011
#1182672 #1182715 #1182716 #1182717 #1183022
#1183063 #1183069 #1183509 #1183593 #1183646
#1183686 #1183696 #1183775 #1184120 #1184167
#1184168 #1184170 #1184192 #1184193 #1184194
#1184196 #1184198 #1184208 #1184211 #1184388
#1184391 #1184393 #1184397 #1184509 #1184511
#1184512 #1184514 #1184583 #1184650 #1184942
#1185113 #1185244
Cross-References: CVE-2020-0433 CVE-2020-25670 CVE-2020-25671
CVE-2020-25672 CVE-2020-25673 CVE-2020-27170
CVE-2020-27171 CVE-2020-27673 CVE-2020-27815
CVE-2020-35519 CVE-2020-36310 CVE-2020-36311
CVE-2020-36312 CVE-2020-36322 CVE-2021-20219
CVE-2021-27363 CVE-2021-27364 CVE-2021-27365
CVE-2021-28038 CVE-2021-28660 CVE-2021-28688
CVE-2021-28950 CVE-2021-28964 CVE-2021-28971
CVE-2021-28972 CVE-2021-29154 CVE-2021-29155
CVE-2021-29264 CVE-2021-29265 CVE-2021-29647
CVE-2021-29650 CVE-2021-30002 CVE-2021-3428
CVE-2021-3444 CVE-2021-3483
CVSS scores:
CVE-2020-0433 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-0433 (SUSE): 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-25670 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-25671 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-25672 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-25673 (SUSE): 6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
CVE-2020-27170 (NVD) : 4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2020-27170 (SUSE): 4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2020-27171 (NVD) : 6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CVE-2020-27171 (SUSE): 6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CVE-2020-27673 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-27673 (SUSE): 6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-27815 (SUSE): 7.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-35519 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-35519 (SUSE): 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-36310 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36310 (SUSE): 6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36311 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36311 (SUSE): 4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-36312 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36312 (SUSE): 3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2020-36322 (SUSE): 7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVE-2021-20219 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-27363 (NVD) : 4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2021-27363 (SUSE): 7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-27364 (NVD) : 7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-27364 (SUSE): 7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-27365 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-27365 (SUSE): 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28038 (NVD) : 6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28038 (SUSE): 6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28660 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28660 (SUSE): 8
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-28688 (NVD) : 6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28688 (SUSE): 6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28950 (SUSE): 6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28964 (SUSE): 6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28971 (SUSE): 5.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28972 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28972 (SUSE): 6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-29154 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-29154 (SUSE): 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-29155 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-29155 (SUSE): 6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-29264 (SUSE): 6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-29265 (NVD) : 4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-29265 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-29647 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-29650 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-29650 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-30002 (NVD) : 6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-30002 (SUSE): 6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3428 (SUSE): 3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-3444 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3444 (SUSE): 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
SUSE Manager Server 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Proxy 4.0
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise High Performance Computing
15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing
15-SP1-ESPOS
SUSE Linux Enterprise High Availability 15-SP1
SUSE Enterprise Storage 6
SUSE CaaS Platform 4.0
______________________________________________________________________________

An update that solves 35 vulnerabilities and has 12 fixes
is now available.

Description:

The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive
various security and bugfixes.

The following security bugs were fixed:

- CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a
kvm_io_bus_unregister_dev memory leak upon a kmalloc failure
(bnc#1184509).
- CVE-2021-29650: Fixed an issue inside the netfilter subsystem that
allowed attackers to cause a denial of service (panic) because
net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a
full memory barrier upon the assignment of a new table value
(bnc#1184208).
- CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that
performed undesirable out-of-bounds speculation on pointer arithmetic,
leading to side-channel attacks that defeat Spectre mitigations and
obtain sensitive information from kernel memory. Specifically, for
sequences of pointer arithmetic operations, the pointer modification
performed by the first operation is not correctly accounted for when
restricting subsequent operations (bnc#1184942).
- CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a
set_memory_region_test infinite loop for certain nested page faults
(bnc#1184512).
- CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have
caused a denial of service (host OS hang) via a high rate of events to
dom0 (bnc#1177411, bnc#1184583).
- CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute
arbitrary code within the kernel context (bnc#1184391).
- CVE-2020-25673: Fixed NFC endless loops caused by repeated
llcp_sock_connect() (bsc#1178181).
- CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()
(bsc#1178181).
- CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()
(bsc#1178181).
- CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()
(bsc#1178181).
- CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed
attackers to cause a denial of service (soft lockup) by triggering
destruction of a large SEV VM (which requires unregistering many
encrypted regions) (bnc#1184511).
- CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a "stall on
CPU" could have occured because a retry loop continually finds the
same
bad inode (bnc#1184194, bnc#1184211).
- CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation
where fuse_do_getattr() calls make_bad_inode() in inappropriate
situations, could have caused a system crash. NOTE: the original fix for
this vulnerability was incomplete, and its incompleteness is tracked as
CVE-2021-28950 (bnc#1184211).
- CVE-2021-30002: Fixed a memory leak issue when a webcam device exists
(bnc#1184120).
- CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).
- CVE-2021-20219: Fixed a denial of service vulnerability in
drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker
with a normal user privilege could have delayed the loop and cause a
threat to the system availability (bnc#1184397).
- CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could
have caused a denial of service because of a lack of locking on an
extent buffer before a cloning operation (bnc#1184193).
- CVE-2021-3444: Fixed the bpf verifier as it did not properly handle
mod32 destination register truncation when the source register was known
to be 0. A local attacker with the ability to load bpf programs could
use this gain out-of-bounds reads in kernel memory leading to
information disclosure (kernel memory), and possibly out-of-bounds
writes that could potentially lead to code execution (bnc#1184170).
- CVE-2021-28971: Fixed a potential local denial of service in
intel_pmu_drain_pebs_nhm where userspace applications can cause a system
crash because the PEBS status in a PEBS record is mishandled
(bnc#1184196).
- CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers
such that subsequent cleanup code wouldn't use uninitialized or stale
values. This initialization went too far and may under certain
conditions also overwrite pointers which are in need of cleaning up. The
lack of cleanup would result in leaking persistent grants. The leak in
turn would prevent fully cleaning up after a respective guest has died,
leaving around zombie domains (bnc#1183646).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store in
drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of
service (GPF) because the stub-up sequence has race conditions during an
update of the local and shared status (bnc#1184167).
- CVE-2021-29264: Fixed an issue in
drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar
Ethernet driver that allowed attackers to cause a system crash because a
negative fragment size is calculated in situations involving an rx queue
overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).
- CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c
where the RPA PCI Hotplug driver had a user-tolerable buffer overflow
when writing a new device name to the driver from userspace, allowing
userspace to write data to the kernel stack frame directly. This occurs
because add_slot_store and remove_slot_store mishandle drc_name
'\0'
termination (bnc#1184198).
- CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c
that allowed attackers to obtain sensitive information from kernel
memory because of a partially uninitialized data structure (bnc#1184192).
- CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an
off-by-one error (with a resultant integer underflow) affecting
out-of-bounds speculation on pointer arithmetic, leading to side-channel
attacks that defeat Spectre mitigations and obtain sensitive information
from kernel memory (bnc#1183686, bnc#1183775).
- CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed
undesirable out-of-bounds speculation on pointer arithmetic, leading to
side-channel attacks that defeat Spectre mitigations and obtain
sensitive information from kernel memory. This affects pointer types
that do not define a ptr_limit (bnc#1183686 bnc#1183775).
- CVE-2021-28660: Fixed rtw_wx_set_scan in
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing
beyond the end of the ssid array (bnc#1183593).
- CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).
- CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent
(bsc#1173485, bsc#1183509).
- CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a
possible use after free due to improper locking could have happened.
This could have led to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for
exploitation (bnc#1176720).
- CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the
netback driver lacks necessary treatment of errors such as failed memory
allocations (as a result of changes to the handling of grant mapping
errors). A host OS denial of service may occur during misbehavior of a
networking frontend driver. NOTE: this issue exists because of an
incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).
- CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree
(bsc#1179454).
- CVE-2021-27365: Fixed an issue inside the iSCSI data structures that
does not have appropriate length constraints or checks, and can exceed
the PAGE_SIZE value. An unprivileged user can send a Netlink message
that is associated with iSCSI, and has a length up to the maximum length
of a Netlink message (bnc#1182715).
- CVE-2021-27363: Fixed an issue with a kernel pointer leak that could
have been used to determine the address of the iscsi_transport
structure. When an iSCSI transport is registered with the iSCSI
subsystem, the transport's handle is available to unprivileged users
via
the sysfs file system, at
/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the
show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c)
is called, which leaks the handle. This handle is actually the pointer
to an iscsi_transport struct in the kernel module's global variables
(bnc#1182716).
- CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c
where an unprivileged user can craft Netlink messages (bnc#1182717).

The following non-security bugs were fixed:

- Revert "rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel
package (bsc#1184514)" This turned out to be a bad idea: the
kernel-$flavor-devel package must be usable without kernel-$flavor, e.g.
at the build of a KMP. And this change brought superfluous installation
of kernel-preempt when a system had kernel-syms (bsc#1185113).
- Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022
XSA-367).
- bfq: Fix kABI for update internal depth state when queue depth changes
(bsc#1172455).
- bfq: update internal depth state when queue depth changes (bsc#1172455).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686
bsc#1183775).
- handle also the opposite type of race condition
- ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960
ltc#190997).
- ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).
- ibmvnic: store valid MAC address (bsc#1182011).
- macros.kernel-source: Use spec_install_pre for certificate installation
(boo#1182672).
- nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).
- post.sh: Return an error when module update fails (bsc#1047233
bsc#1184388).
- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
- rpm/mkspec: Use tilde instead of dot for version string with rc
(bsc#1184650)
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022,
XSA-367).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Manager Server 4.0:

zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1624=1

- SUSE Manager Retail Branch Server 4.0:

zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1624=1

- SUSE Manager Proxy 4.0:

zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1624=1

- SUSE Linux Enterprise Server for SAP 15-SP1:

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1624=1

- SUSE Linux Enterprise Server 15-SP1-LTSS:

zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1624=1

- SUSE Linux Enterprise Server 15-SP1-BCL:

zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1624=1

- SUSE Linux Enterprise Module for Live Patching 15-SP1:

zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1624=1

- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1624=1

- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1624=1

- SUSE Linux Enterprise High Availability 15-SP1:

zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1624=1

- SUSE Enterprise Storage 6:

zypper in -t patch SUSE-Storage-6-2021-1624=1

- SUSE CaaS Platform 4.0:

To install this update, use the SUSE CaaS Platform 'skuba' tool.
It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.

Package List:

- SUSE Manager Server 4.0 (ppc64le s390x x86_64):

kernel-default-4.12.14-197.89.2
kernel-default-base-4.12.14-197.89.2
kernel-default-base-debuginfo-4.12.14-197.89.2
kernel-default-debuginfo-4.12.14-197.89.2
kernel-default-debugsource-4.12.14-197.89.2
kernel-default-devel-4.12.14-197.89.2
kernel-default-devel-debuginfo-4.12.14-197.89.2
kernel-obs-build-4.12.14-197.89.2
kernel-obs-build-debugsource-4.12.14-197.89.2
kernel-syms-4.12.14-197.89.2
reiserfs-kmp-default-4.12.14-197.89.2
reiserfs-kmp-default-debuginfo-4.12.14-197.89.2

- SUSE Manager Server 4.0 (noarch):

kernel-devel-4.12.14-197.89.2
kernel-docs-4.12.14-197.89.3
kernel-macros-4.12.14-197.89.2
kernel-source-4.12.14-197.89.2

- SUSE Manager Server 4.0 (s390x):

kernel-default-man-4.12.14-197.89.2
kernel-zfcpdump-debuginfo-4.12.14-197.89.2
kernel-zfcpdump-debugsource-4.12.14-197.89.2

- SUSE Manager Retail Branch Server 4.0 (x86_64):

kernel-default-4.12.14-197.89.2
kernel-default-base-4.12.14-197.89.2
kernel-default-base-debuginfo-4.12.14-197.89.2
kernel-default-debuginfo-4.12.14-197.89.2
kernel-default-debugsource-4.12.14-197.89.2
kernel-default-devel-4.12.14-197.89.2
kernel-default-devel-debuginfo-4.12.14-197.89.2
kernel-obs-build-4.12.14-197.89.2
kernel-obs-build-debugsource-4.12.14-197.89.2
kernel-syms-4.12.14-197.89.2
reiserfs-kmp-default-4.12.14-197.89.2
reiserfs-kmp-default-debuginfo-4.12.14-197.89.2

- SUSE Manager Retail Branch Server 4.0 (noarch):

kernel-devel-4.12.14-197.89.2
kernel-docs-4.12.14-197.89.3
kernel-macros-4.12.14-197.89.2
kernel-source-4.12.14-197.89.2

- SUSE Manager Proxy 4.0 (noarch):

kernel-devel-4.12.14-197.89.2
kernel-docs-4.12.14-197.89.3
kernel-macros-4.12.14-197.89.2
kernel-source-4.12.14-197.89.2

- SUSE Manager Proxy 4.0 (x86_64):

kernel-default-4.12.14-197.89.2
kernel-default-base-4.12.14-197.89.2
kernel-default-base-debuginfo-4.12.14-197.89.2
kernel-default-debuginfo-4.12.14-197.89.2
kernel-default-debugsource-4.12.14-197.89.2
kernel-default-devel-4.12.14-197.89.2
kernel-default-devel-debuginfo-4.12.14-197.89.2
kernel-obs-build-4.12.14-197.89.2
kernel-obs-build-debugsource-4.12.14-197.89.2
kernel-syms-4.12.14-197.89.2
reiserfs-kmp-default-4.12.14-197.89.2
reiserfs-kmp-default-debuginfo-4.12.14-197.89.2

- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

kernel-default-4.12.14-197.89.2
kernel-default-base-4.12.14-197.89.2
kernel-default-base-debuginfo-4.12.14-197.89.2
kernel-default-debuginfo-4.12.14-197.89.2
kernel-default-debugsource-4.12.14-197.89.2
kernel-default-devel-4.12.14-197.89.2
kernel-default-devel-debuginfo-4.12.14-197.89.2
kernel-obs-build-4.12.14-197.89.2
kernel-obs-build-debugsource-4.12.14-197.89.2
kernel-syms-4.12.14-197.89.2
reiserfs-kmp-default-4.12.14-197.89.2
reiserfs-kmp-default-debuginfo-4.12.14-197.89.2

- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):

kernel-devel-4.12.14-197.89.2
kernel-docs-4.12.14-197.89.3
kernel-macros-4.12.14-197.89.2
kernel-source-4.12.14-197.89.2

- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

kernel-default-4.12.14-197.89.2
kernel-default-base-4.12.14-197.89.2
kernel-default-base-debuginfo-4.12.14-197.89.2
kernel-default-debuginfo-4.12.14-197.89.2
kernel-default-debugsource-4.12.14-197.89.2
kernel-default-devel-4.12.14-197.89.2
kernel-default-devel-debuginfo-4.12.14-197.89.2
kernel-obs-build-4.12.14-197.89.2
kernel-obs-build-debugsource-4.12.14-197.89.2
kernel-syms-4.12.14-197.89.2
reiserfs-kmp-default-4.12.14-197.89.2
reiserfs-kmp-default-debuginfo-4.12.14-197.89.2

- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):

kernel-devel-4.12.14-197.89.2
kernel-docs-4.12.14-197.89.3
kernel-macros-4.12.14-197.89.2
kernel-source-4.12.14-197.89.2

- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):

kernel-default-man-4.12.14-197.89.2
kernel-zfcpdump-debuginfo-4.12.14-197.89.2
kernel-zfcpdump-debugsource-4.12.14-197.89.2

- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):

kernel-devel-4.12.14-197.89.2
kernel-docs-4.12.14-197.89.3
kernel-macros-4.12.14-197.89.2
kernel-source-4.12.14-197.89.2

- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

kernel-default-4.12.14-197.89.2
kernel-default-base-4.12.14-197.89.2
kernel-default-base-debuginfo-4.12.14-197.89.2
kernel-default-debuginfo-4.12.14-197.89.2
kernel-default-debugsource-4.12.14-197.89.2
kernel-default-devel-4.12.14-197.89.2
kernel-default-devel-debuginfo-4.12.14-197.89.2
kernel-obs-build-4.12.14-197.89.2
kernel-obs-build-debugsource-4.12.14-197.89.2
kernel-syms-4.12.14-197.89.2
reiserfs-kmp-default-4.12.14-197.89.2
reiserfs-kmp-default-debuginfo-4.12.14-197.89.2

- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):

kernel-default-debuginfo-4.12.14-197.89.2
kernel-default-debugsource-4.12.14-197.89.2
kernel-default-livepatch-4.12.14-197.89.2
kernel-default-livepatch-devel-4.12.14-197.89.2
kernel-livepatch-4_12_14-197_89-default-1-3.3.2

- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):

kernel-default-4.12.14-197.89.2
kernel-default-base-4.12.14-197.89.2
kernel-default-base-debuginfo-4.12.14-197.89.2
kernel-default-debuginfo-4.12.14-197.89.2
kernel-default-debugsource-4.12.14-197.89.2
kernel-default-devel-4.12.14-197.89.2
kernel-default-devel-debuginfo-4.12.14-197.89.2
kernel-obs-build-4.12.14-197.89.2
kernel-obs-build-debugsource-4.12.14-197.89.2
kernel-syms-4.12.14-197.89.2

- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

kernel-devel-4.12.14-197.89.2
kernel-docs-4.12.14-197.89.3
kernel-macros-4.12.14-197.89.2
kernel-source-4.12.14-197.89.2

- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):

kernel-default-4.12.14-197.89.2
kernel-default-base-4.12.14-197.89.2
kernel-default-base-debuginfo-4.12.14-197.89.2
kernel-default-debuginfo-4.12.14-197.89.2
kernel-default-debugsource-4.12.14-197.89.2
kernel-default-devel-4.12.14-197.89.2
kernel-default-devel-debuginfo-4.12.14-197.89.2
kernel-obs-build-4.12.14-197.89.2
kernel-obs-build-debugsource-4.12.14-197.89.2
kernel-syms-4.12.14-197.89.2

- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

kernel-devel-4.12.14-197.89.2
kernel-docs-4.12.14-197.89.3
kernel-macros-4.12.14-197.89.2
kernel-source-4.12.14-197.89.2

- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x
x86_64):

cluster-md-kmp-default-4.12.14-197.89.2
cluster-md-kmp-default-debuginfo-4.12.14-197.89.2
dlm-kmp-default-4.12.14-197.89.2
dlm-kmp-default-debuginfo-4.12.14-197.89.2
gfs2-kmp-default-4.12.14-197.89.2
gfs2-kmp-default-debuginfo-4.12.14-197.89.2
kernel-default-debuginfo-4.12.14-197.89.2
kernel-default-debugsource-4.12.14-197.89.2
ocfs2-kmp-default-4.12.14-197.89.2
ocfs2-kmp-default-debuginfo-4.12.14-197.89.2

- SUSE Enterprise Storage 6 (aarch64 x86_64):

kernel-default-4.12.14-197.89.2
kernel-default-base-4.12.14-197.89.2
kernel-default-base-debuginfo-4.12.14-197.89.2
kernel-default-debuginfo-4.12.14-197.89.2
kernel-default-debugsource-4.12.14-197.89.2
kernel-default-devel-4.12.14-197.89.2
kernel-default-devel-debuginfo-4.12.14-197.89.2
kernel-obs-build-4.12.14-197.89.2
kernel-obs-build-debugsource-4.12.14-197.89.2
kernel-syms-4.12.14-197.89.2
reiserfs-kmp-default-4.12.14-197.89.2
reiserfs-kmp-default-debuginfo-4.12.14-197.89.2

- SUSE Enterprise Storage 6 (noarch):

kernel-devel-4.12.14-197.89.2
kernel-docs-4.12.14-197.89.3
kernel-macros-4.12.14-197.89.2
kernel-source-4.12.14-197.89.2

- SUSE CaaS Platform 4.0 (noarch):

kernel-devel-4.12.14-197.89.2
kernel-docs-4.12.14-197.89.3
kernel-macros-4.12.14-197.89.2
kernel-source-4.12.14-197.89.2

- SUSE CaaS Platform 4.0 (x86_64):

kernel-default-4.12.14-197.89.2
kernel-default-base-4.12.14-197.89.2
kernel-default-base-debuginfo-4.12.14-197.89.2
kernel-default-debuginfo-4.12.14-197.89.2
kernel-default-debugsource-4.12.14-197.89.2
kernel-default-devel-4.12.14-197.89.2
kernel-default-devel-debuginfo-4.12.14-197.89.2
kernel-obs-build-4.12.14-197.89.2
kernel-obs-build-debugsource-4.12.14-197.89.2
kernel-syms-4.12.14-197.89.2
reiserfs-kmp-default-4.12.14-197.89.2
reiserfs-kmp-default-debuginfo-4.12.14-197.89.2

References:

https://www.suse.com/security/cve/CVE-2020-0433.html
https://www.suse.com/security/cve/CVE-2020-25670.html
https://www.suse.com/security/cve/CVE-2020-25671.html
https://www.suse.com/security/cve/CVE-2020-25672.html
https://www.suse.com/security/cve/CVE-2020-25673.html
https://www.suse.com/security/cve/CVE-2020-27170.html
https://www.suse.com/security/cve/CVE-2020-27171.html
https://www.suse.com/security/cve/CVE-2020-27673.html
https://www.suse.com/security/cve/CVE-2020-27815.html
https://www.suse.com/security/cve/CVE-2020-35519.html
https://www.suse.com/security/cve/CVE-2020-36310.html
https://www.suse.com/security/cve/CVE-2020-36311.html
https://www.suse.com/security/cve/CVE-2020-36312.html
https://www.suse.com/security/cve/CVE-2020-36322.html
https://www.suse.com/security/cve/CVE-2021-20219.html
https://www.suse.com/security/cve/CVE-2021-27363.html
https://www.suse.com/security/cve/CVE-2021-27364.html
https://www.suse.com/security/cve/CVE-2021-27365.html
https://www.suse.com/security/cve/CVE-2021-28038.html
https://www.suse.com/security/cve/CVE-2021-28660.html
https://www.suse.com/security/cve/CVE-2021-28688.html
https://www.suse.com/security/cve/CVE-2021-28950.html
https://www.suse.com/security/cve/CVE-2021-28964.html
https://www.suse.com/security/cve/CVE-2021-28971.html
https://www.suse.com/security/cve/CVE-2021-28972.html
https://www.suse.com/security/cve/CVE-2021-29154.html
https://www.suse.com/security/cve/CVE-2021-29155.html
https://www.suse.com/security/cve/CVE-2021-29264.html
https://www.suse.com/security/cve/CVE-2021-29265.html
https://www.suse.com/security/cve/CVE-2021-29647.html
https://www.suse.com/security/cve/CVE-2021-29650.html
https://www.suse.com/security/cve/CVE-2021-30002.html
https://www.suse.com/security/cve/CVE-2021-3428.html
https://www.suse.com/security/cve/CVE-2021-3444.html
https://www.suse.com/security/cve/CVE-2021-3483.html
https://bugzilla.suse.com/1047233
https://bugzilla.suse.com/1172455
https://bugzilla.suse.com/1173485
https://bugzilla.suse.com/1176720
https://bugzilla.suse.com/1177411
https://bugzilla.suse.com/1178181
https://bugzilla.suse.com/1179454
https://bugzilla.suse.com/1180197
https://bugzilla.suse.com/1181960
https://bugzilla.suse.com/1182011
https://bugzilla.suse.com/1182672
https://bugzilla.suse.com/1182715
https://bugzilla.suse.com/1182716
https://bugzilla.suse.com/1182717
https://bugzilla.suse.com/1183022
https://bugzilla.suse.com/1183063
https://bugzilla.suse.com/1183069
https://bugzilla.suse.com/1183509
https://bugzilla.suse.com/1183593
https://bugzilla.suse.com/1183646
https://bugzilla.suse.com/1183686
https://bugzilla.suse.com/1183696
https://bugzilla.suse.com/1183775
https://bugzilla.suse.com/1184120
https://bugzilla.suse.com/1184167
https://bugzilla.suse.com/1184168
https://bugzilla.suse.com/1184170
https://bugzilla.suse.com/1184192
https://bugzilla.suse.com/1184193
https://bugzilla.suse.com/1184194
https://bugzilla.suse.com/1184196
https://bugzilla.suse.com/1184198
https://bugzilla.suse.com/1184208
https://bugzilla.suse.com/1184211
https://bugzilla.suse.com/1184388
https://bugzilla.suse.com/1184391
https://bugzilla.suse.com/1184393
https://bugzilla.suse.com/1184397
https://bugzilla.suse.com/1184509
https://bugzilla.suse.com/1184511
https://bugzilla.suse.com/1184512
https://bugzilla.suse.com/1184514
https://bugzilla.suse.com/1184583
https://bugzilla.suse.com/1184650
https://bugzilla.suse.com/1184942
https://bugzilla.suse.com/1185113
https://bugzilla.suse.com/1185244