Bug 1173115 - kernel updates lead to showing mok screen on reboot
kernel updates lead to showing mok screen on reboot
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Kernel
Leap 15.2
x86-64 Other
: P2 - High : Normal (vote)
: ---
Assigned To: Gary Ching-Pang Lin
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-06-18 12:28 UTC by Ludwig Nussel
Modified: 2022-07-21 18:46 UTC (History)
9 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2020-06-18 12:28:03 UTC
15.1 system with cryptlvm, /boot on separate ext4.
First reboot after zypper dup shows the mok screen that asks to enroll key etc. Is that expected? After hitting "continue", grub comes up with a very low resolution. Next boot doesn't show the screen anymore.
Comment 1 Gary Ching-Pang Lin 2020-06-19 02:14:35 UTC
It's probably openSUSE Signkey. The kernel package comes with the Signkey but shim contains the CA key, so the Signkey won't be in MokList by default, and this triggers the enrollment of the Signkey.
Comment 2 Ludwig Nussel 2020-06-19 08:56:22 UTC
so did that change compared to 15.1? IOW is this behavior expected? I mean I know what it is but other users may be surprised...
Comment 3 Gary Ching-Pang Lin 2020-06-19 09:30:18 UTC
It seems something new in 15.2 if you compare the postinstall/preuninstall/postuninstall scripts of kernel-default. The mokutil part was added in 15.2.
Comment 4 Ludwig Nussel 2020-06-19 10:47:07 UTC
Moving to kernel then. If that behavior is intentional we should document it in the release notes.

It feels a bit like a layering violation to mess with the certs in the kernel %post also. Shouldn't update-bootloader take care of the certs instead?
Comment 5 Michal Suchanek 2020-06-19 11:43:25 UTC
If there is significant difference in scripts between 15.1 and 15.2 that's a bug.

The scripts in the kernel-source repo are identical and changed only cosmetically since 15.1 beta.
Comment 6 Ludwig Nussel 2020-06-19 11:52:17 UTC
ok, got it. It's caused by CONFIG_MODULE_SIG=y. With that enabled, the %post snippet wants to import the extra cert. It's not imported directly but rather added to some "to be imported queue" for next reboot. On reboot, a dialog with a 10s timeout is shown before grub. It asks to press a key to enter Mok key management. To actually import the key, one has to perform several steps in that wizard, including entering the root password.
Not pressing a key will just continue boot, not import the key and don't bother anymore (until the next kernel update?).

In other words, the whole stunt seems pointless and just confusing. Since kernel module signatures chain back to the secure boot CA built into shim we don't need that extra cert anyways, right? So can we just skip importing it?
Comment 7 Michal Suchanek 2020-06-19 11:57:42 UTC
It's not necessarily the case. The kernel (and modules) is signed with some key and if not imported it breaks secure boot. As in you won't be able to boot kernel signed with the key.
Comment 8 Ludwig Nussel 2020-06-19 12:29:34 UTC
Well in case of our kernel it's guaranteed as the CA cert is built into shim. The whole setup in obs is made so shim, grub and kernel match and work out of the box. So the case where the sign key chains back to our our CA cert can be optimized.
So far we never imported the sign key itself either after all and relied on the CA only.
Comment 9 Michal Suchanek 2020-06-19 12:37:26 UTC
Does that work for kernels built in random home project?
Comment 10 Ludwig Nussel 2020-06-19 16:22:42 UTC
(In reply to Michal Suchanek from comment #9)
> Does that work for kernels built in random home project?

Those are signed with a key different from the one signed by the openSUSE Secure boot CA. So for those of course one has to import the sign key into Mok.

That doesn't mean that a) the kernel %post script has to do that automatically (well it doesn't anyways, just prepares for it once) and b) the kernel built in official projects have to do the import.
Check for example shim, it behaves differently when built in the official project (ie with openSUSE/SLE keys) vs built in home or devel projects.

So similar checks could be done in the kernel spec file and skip mokutil when built with the openSUSE keys.
Comment 11 Martin Wilck 2020-06-24 08:43:39 UTC
(In reply to Ludwig Nussel from comment #10)
> 
> So similar checks could be done in the kernel spec file and skip mokutil
> when built with the openSUSE keys.

Or mokutil itself should have a list of keys that don't need to be added to the MoK db. We could have a list of fingerprints of built-in keys somewhere under /etc/uefi, and could check the cert to be imported against this list before importing.

And if we don't, we should at least improve the message of the mokutil screen at boot, explaining why it's popping up.
Comment 12 Ludwig Nussel 2020-08-04 11:09:02 UTC
What's the status here? The mok screen also appears after regular maintenance updates. Without any explanation to the user as to why.
Comment 13 Takashi Iwai 2020-08-04 11:13:35 UTC
The reason of appearance at this time is likely the incorrectly signed old kernel (5.3.18-lp152.20.x) is pruned after the update to a newer kernel.  So it should be a once-off side-effect.
Comment 14 Ludwig Nussel 2020-08-04 11:25:06 UTC
AFAICT from "rpm -q --scripts kernel-default" it looks like mokutil is called always and would retry importing the key each and every time as long as the user doesn't actually import it in mok.
Comment 15 Takashi Iwai 2020-08-04 11:34:35 UTC
Ah OK, then it should be easily improved by adding the check of the existing cert file before calling mokutil.
Comment 16 Ludwig Nussel 2020-08-04 12:05:30 UTC
yes, or comment#8. Ie we don't need to import that key at all as it chains back to the build in cert in shim anyways.
Comment 17 Gary Ching-Pang Lin 2020-08-27 07:11:19 UTC
I'm working on the mokutil patches(*) to skip the cert with CA found in MokListRT. It'll be the default behavior to minimize the changes in other packages.

(*) https://github.com/lcp/mokutil/commit/643bb8dacb221979354dab814fc2d41e94a02d67
    https://github.com/lcp/mokutil/commit/ff20a53a111fe3e027da7250175b7ef09ce3b1da
    https://github.com/lcp/mokutil/commit/50098834780ee6d5dd0cfd3073d504030cc25037
Comment 18 Gary Ching-Pang Lin 2020-08-27 09:31:10 UTC
I've backported the patches to my branch:
ibs://home:gary_lin:branches:SUSE:SLE-15-SP2:Update/mokutil

Just tested it with a SLE15-SP2 VM and confirmed that the signkey was skipped at the end of %post.

Will submit the change if no one objects :)
Comment 19 Gary Ching-Pang Lin 2020-08-28 09:46:35 UTC
Added the blocklist check suggested by Martin.
https://github.com/lcp/mokutil/commit/8de04a4dd566376316432bd60c3b0ab2686797a4
Comment 21 Gary Ching-Pang Lin 2020-08-31 08:20:10 UTC
BTW, does anyone know where I can get the PTF cert? Just want to check if it's affected by the new CA check in mokutil or not.
Comment 22 Gary Ching-Pang Lin 2020-09-02 07:33:48 UTC
I found that PTF key is also signed by SLE CA, so the "ignore-ca-check" patch would ignore PTF key and make PTF kmp unloadable :(
Comment 23 Gary Ching-Pang Lin 2020-09-11 06:37:38 UTC
One possible solution would be to make mokutil read keys from kernel keyring, so it can avoid enrolling the key built in kernel. Have to do some research on the kernel keyring.
Comment 24 Joey Lee 2020-09-11 15:46:30 UTC
(In reply to Gary Ching-Pang Lin from comment #23)
> One possible solution would be to make mokutil read keys from kernel
> keyring, so it can avoid enrolling the key built in kernel. Have to do some
> research on the kernel keyring.

The following command can be used to print the kernel embedded key:

# keyctl list %:.builtin_trusted_keys
1 key in keyring:
 73874993: ---lswrv     0     0 asymmetric: SUSE Linux Enterprise Secure Boot Signkey: 4ab0c697c91073276c27deff3c220fb007e1de61

The above fingerprint is from "X509v3 Subject Key Identifier" in x509 certificate:

X509v3 extensions:
    X509v3 Basic Constraints: critical
        CA:FALSE
    X509v3 Subject Key Identifier: 
        4A:B0:C6:97:C9:10:73:27:6C:27:DE:FF:3C:22:0F:B0:07:E1:DE:61

Using openssl with sed command can extract Subject Key Identifier
e.g.
https://stackoverflow.com/questions/53896785/how-to-extract-subject-key-identifier-from-x509-certificate-through-openssl

The above "Subject Key Identifier" can be used to compare with the result of "keyctl list", then mokutil can avoid the kernel embedded key.
Comment 25 Gary Ching-Pang Lin 2020-09-15 02:42:34 UTC
keyutils provides some handy functions. I can search the .builtin_trusted_keys keyring with find_key_by_type_and_desc() and match the built-in key with keyctl_search() and keyctl_read_alloc(). Shouldn't be too hard to integrate the kernel keyring into mokutil.
Comment 26 Gary Ching-Pang Lin 2020-09-15 08:48:29 UTC
(In reply to Gary Ching-Pang Lin from comment #25)
> keyutils provides some handy functions. I can search the
> .builtin_trusted_keys keyring with find_key_by_type_and_desc() and match the
> built-in key with keyctl_search() and keyctl_read_alloc(). Shouldn't be too
> hard to integrate the kernel keyring into mokutil.

It turned out that the trusted keyring is not searchable and dumpable, so both keyctl_search() and keyctl_read_alloc() don't not work. It's only possible to iterate the descriptions of keys and match "X509v3 Subject Key Identifier".
Comment 27 Gary Ching-Pang Lin 2020-09-16 09:50:43 UTC
While integrating the check for kernel keyring, I think the CA check is still useful for kernel packages. Especially when rotating the Signkey, the keyring check doesn't avoid the new Signkey from being enrolled.

I would like to make CA check in mokutil optional and only enforce the CA check when installing a kernel package. Since the built-in signkey is usually also the key to sign kernel itself, if the CA of the signkey is already in MOK or shim, it's safe to skip the enrollment of the signkey.

For KMP, we only apply the kernel keyring check, not the CA check, so that PTF KMP can still enroll its key in the normal SLE kernel.

I think this would avoid the most cases of unnecessary key enrollment.
Comment 29 Gary Ching-Pang Lin 2020-09-23 08:31:43 UTC
The fixes for mokutil and kernel post script are pushed. mokutil will ignore the enrollment of openSUSE Signkey once it detects openSUSE CA in MokListRT.
Comment 32 OBSbugzilla Bot 2020-10-01 12:32:42 UTC
This is an autogenerated message for OBS integration:
This bug (1173115) was mentioned in
https://build.opensuse.org/request/show/838970 15.2 / kernel-source
Comment 34 Swamp Workflow Management 2020-10-02 01:18:02 UTC
openSUSE-SU-2020:1586-1: An update that solves 9 vulnerabilities and has 103 fixes is now available.

Category: security (important)
Bug References: 1055186,1058115,1065600,1065729,1094244,1136666,1152148,1152472,1152489,1153274,1154353,1155518,1155798,1156395,1167527,1170232,1170774,1171000,1171068,1171073,1171558,1171688,1171742,1172419,1172757,1172873,1173017,1173060,1173115,1173267,1173746,1174029,1174110,1174111,1174358,1174484,1174486,1174899,1175263,1175667,1175749,1175787,1175882,1175952,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176137,1176235,1176236,1176237,1176242,1176278,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176423,1176449,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176543,1176544,1176545,1176546,1176548,1176558,1176559,1176587,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176869,1176877,1176925,1176962,1176980,1176990,1177021,1177030
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14385,CVE-2020-14390,CVE-2020-2521,CVE-2020-25284,CVE-2020-26088
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.44.1, kernel-default-5.3.18-lp152.44.1, kernel-default-base-5.3.18-lp152.44.1.lp152.8.8.1, kernel-docs-5.3.18-lp152.44.1, kernel-kvmsmall-5.3.18-lp152.44.1, kernel-obs-build-5.3.18-lp152.44.1, kernel-obs-qa-5.3.18-lp152.44.1, kernel-preempt-5.3.18-lp152.44.1, kernel-source-5.3.18-lp152.44.1, kernel-syms-5.3.18-lp152.44.1
Comment 39 OBSbugzilla Bot 2020-10-08 15:31:33 UTC
This is an autogenerated message for OBS integration:
This bug (1173115) was mentioned in
https://build.opensuse.org/request/show/840296 15.1 / kernel-source
Comment 40 Swamp Workflow Management 2020-10-08 16:18:04 UTC
SUSE-SU-2020:2879-1: An update that solves 9 vulnerabilities and has 105 fixes is now available.

Category: security (important)
Bug References: 1055186,1058115,1065600,1065729,1094244,1136666,1152148,1152472,1152489,1153274,1154353,1155518,1155798,1156395,1167527,1170232,1170774,1171000,1171068,1171073,1171558,1171688,1171742,1172419,1172757,1172873,1173017,1173060,1173115,1173267,1173746,1174029,1174110,1174111,1174358,1174484,1174486,1174899,1175263,1175667,1175718,1175749,1175787,1175882,1175952,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176137,1176235,1176236,1176237,1176242,1176278,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176423,1176449,1176482,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176544,1176545,1176546,1176548,1176558,1176559,1176587,1176588,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176869,1176877,1176925,1176962,1176980,1176990,1177021,1177030
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14385,CVE-2020-14390,CVE-2020-2521,CVE-2020-25284,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.24.1, kernel-livepatch-SLE15-SP2_Update_4-1-5.3.6

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2020-10-08 16:31:39 UTC
SUSE-SU-2020:2879-1: An update that solves 9 vulnerabilities and has 105 fixes is now available.

Category: security (important)
Bug References: 1055186,1058115,1065600,1065729,1094244,1136666,1152148,1152472,1152489,1153274,1154353,1155518,1155798,1156395,1167527,1170232,1170774,1171000,1171068,1171073,1171558,1171688,1171742,1172419,1172757,1172873,1173017,1173060,1173115,1173267,1173746,1174029,1174110,1174111,1174358,1174484,1174486,1174899,1175263,1175667,1175718,1175749,1175787,1175882,1175952,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176137,1176235,1176236,1176237,1176242,1176278,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176423,1176449,1176482,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176544,1176545,1176546,1176548,1176558,1176559,1176587,1176588,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176869,1176877,1176925,1176962,1176980,1176990,1177021,1177030
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14385,CVE-2020-14390,CVE-2020-2521,CVE-2020-25284,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.24.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.24.1, kernel-livepatch-SLE15-SP2_Update_4-1-5.3.6
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.24.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.24.1, kernel-obs-build-5.3.18-24.24.1, kernel-preempt-5.3.18-24.24.1, kernel-source-5.3.18-24.24.1, kernel-syms-5.3.18-24.24.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.24.1, kernel-default-base-5.3.18-24.24.1.9.7.6, kernel-preempt-5.3.18-24.24.1, kernel-source-5.3.18-24.24.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Swamp Workflow Management 2020-10-11 19:16:17 UTC
openSUSE-SU-2020:1655-1: An update that solves 12 vulnerabilities and has 59 fixes is now available.

Category: security (important)
Bug References: 1055186,1065600,1065729,1094244,1112178,1113956,1154366,1167527,1168468,1169972,1171675,1171688,1171742,1173115,1174899,1175228,1175749,1175882,1176011,1176022,1176038,1176069,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176950,1176962,1176966,1176990,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296,962356
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14386,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-26088
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.71.2, kernel-default-4.12.14-lp151.28.71.2, kernel-docs-4.12.14-lp151.28.71.1, kernel-kvmsmall-4.12.14-lp151.28.71.2, kernel-obs-build-4.12.14-lp151.28.71.2, kernel-obs-qa-4.12.14-lp151.28.71.2, kernel-source-4.12.14-lp151.28.71.1, kernel-syms-4.12.14-lp151.28.71.1, kernel-vanilla-4.12.14-lp151.28.71.2
Comment 44 Swamp Workflow Management 2020-10-13 19:17:53 UTC
SUSE-SU-2020:2904-1: An update that solves 11 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1055186,1065600,1065729,1094244,1112178,1113956,1154366,1163524,1167527,1168468,1169972,1171675,1171688,1171742,1173115,1174354,1174899,1175228,1175528,1175716,1175749,1175882,1176011,1176022,1176038,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176950,1176962,1176966,1176990,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.41.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.41.1, kernel-obs-build-4.12.14-122.41.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.41.1, kernel-source-4.12.14-122.41.1, kernel-syms-4.12.14-122.41.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Swamp Workflow Management 2020-10-13 19:27:08 UTC
SUSE-SU-2020:2905-1: An update that solves 11 vulnerabilities and has 61 fixes is now available.

Category: security (important)
Bug References: 1055186,1065600,1065729,1094244,1112178,1113956,1154366,1167527,1168468,1169972,1171675,1171688,1171742,1173115,1174899,1175228,1175749,1175882,1176011,1176022,1176038,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176395,1176410,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176950,1176962,1176966,1176990,1177027,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.61.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.61.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.61.1, kernel-obs-build-4.12.14-197.61.1, kernel-source-4.12.14-197.61.1, kernel-syms-4.12.14-197.61.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.61.1, kernel-source-4.12.14-197.61.1, kernel-zfcpdump-4.12.14-197.61.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.61.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Swamp Workflow Management 2020-10-13 19:35:22 UTC
SUSE-SU-2020:2905-1: An update that solves 11 vulnerabilities and has 61 fixes is now available.

Category: security (important)
Bug References: 1055186,1065600,1065729,1094244,1112178,1113956,1154366,1167527,1168468,1169972,1171675,1171688,1171742,1173115,1174899,1175228,1175749,1175882,1176011,1176022,1176038,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176395,1176410,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176950,1176962,1176966,1176990,1177027,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.61.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.61.1, kernel-livepatch-SLE15-SP1_Update_16-1-3.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.61.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.61.1, kernel-obs-build-4.12.14-197.61.1, kernel-source-4.12.14-197.61.1, kernel-syms-4.12.14-197.61.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.61.1, kernel-source-4.12.14-197.61.1, kernel-zfcpdump-4.12.14-197.61.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.61.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 47 Swamp Workflow Management 2020-10-13 19:45:52 UTC
SUSE-SU-2020:2904-1: An update that solves 11 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1055186,1065600,1065729,1094244,1112178,1113956,1154366,1163524,1167527,1168468,1169972,1171675,1171688,1171742,1173115,1174354,1174899,1175228,1175528,1175716,1175749,1175882,1176011,1176022,1176038,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176950,1176962,1176966,1176990,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.41.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.41.1, kernel-obs-build-4.12.14-122.41.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.41.1, kernel-source-4.12.14-122.41.1, kernel-syms-4.12.14-122.41.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.41.1, kgraft-patch-SLE12-SP5_Update_10-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 48 Swamp Workflow Management 2020-10-13 19:54:53 UTC
SUSE-SU-2020:2907-1: An update that solves 11 vulnerabilities and has 61 fixes is now available.

Category: security (important)
Bug References: 1055186,1065600,1065729,1094244,1112178,1113956,1154366,1163524,1167527,1169972,1171688,1171742,1173115,1174354,1174899,1175228,1175528,1175749,1175882,1176011,1176022,1176038,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176395,1176410,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176950,1176962,1176966,1176990,1177027,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177291,1177293,1177294,1177295,1177296
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.31.1, kernel-source-azure-4.12.14-16.31.1, kernel-syms-azure-4.12.14-16.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 49 Swamp Workflow Management 2020-10-13 20:07:35 UTC
SUSE-SU-2020:2908-1: An update that solves 9 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 1055186,1058115,1065600,1065729,1094244,1152472,1152489,1153274,1154353,1155518,1156395,1167527,1170774,1171068,1171688,1171742,1172757,1173017,1173115,1173746,1174358,1174899,1175749,1175882,1176019,1176038,1176137,1176235,1176236,1176237,1176242,1176278,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176423,1176449,1176482,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176544,1176545,1176546,1176548,1176558,1176559,1176587,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176869,1176877,1176925,1176962,1176980,1176990,1177021,1177030
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14385,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.21.1, kernel-source-azure-5.3.18-18.21.1, kernel-syms-azure-5.3.18-18.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 50 Swamp Workflow Management 2020-10-13 20:19:03 UTC
SUSE-SU-2020:2906-1: An update that solves 11 vulnerabilities and has 55 fixes is now available.

Category: security (important)
Bug References: 1055186,1065600,1065729,1094244,1112178,1113956,1154366,1167527,1169972,1171688,1171742,1173115,1174899,1175228,1175749,1175882,1176011,1176022,1176038,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176950,1176962,1176966,1176990,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177291,1177293,1177294,1177295,1177296
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.47.1, kernel-source-azure-4.12.14-8.47.1, kernel-syms-azure-4.12.14-8.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 52 Swamp Workflow Management 2020-10-14 13:14:51 UTC
SUSE-RU-2020:2917-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1173115
CVE References: 
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    mokutil-0.4.0-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 53 Swamp Workflow Management 2020-10-18 10:21:43 UTC
openSUSE-RU-2020:1690-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1173115
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    mokutil-0.4.0-lp152.3.3.1
Comment 54 Gary Ching-Pang Lin 2020-10-21 08:37:28 UTC
The fixes for mokutil and kernel are already merged and released and I didn't see MokManager with the latest update. Consider this bug is fixed.
Comment 55 Swamp Workflow Management 2020-10-22 13:19:43 UTC
SUSE-SU-2020:2999-1: An update that solves 15 vulnerabilities and has 84 fixes is now available.

Category: security (important)
Bug References: 1055186,1058115,1065600,1065729,1094244,1112178,1113956,1136666,1152148,1154366,1163524,1165629,1166965,1167527,1168468,1169790,1169972,1170232,1171558,1171675,1171688,1171742,1172073,1172538,1172873,1173060,1173115,1174003,1174354,1174899,1175228,1175515,1175520,1175528,1175667,1175691,1175716,1175749,1175873,1175882,1176011,1176022,1176038,1176069,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176395,1176410,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176946,1176950,1176962,1176966,1176990,1177027,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296,1177340,1177511,802154
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14386,CVE-2020-14390,CVE-2020-1749,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.19.1, kernel-rt_debug-4.12.14-10.19.1, kernel-source-rt-4.12.14-10.19.1, kernel-syms-rt-4.12.14-10.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 56 Swamp Workflow Management 2020-10-23 13:18:13 UTC
SUSE-SU-2020:3014-1: An update that solves 14 vulnerabilities and has 78 fixes is now available.

Category: security (important)
Bug References: 1055186,1058115,1065600,1065729,1094244,1112178,1113956,1136666,1140683,1152148,1154366,1163524,1165629,1166965,1167527,1169972,1170232,1171558,1171688,1171742,1172073,1172538,1172873,1173060,1173115,1174748,1174899,1175228,1175520,1175667,1175691,1175749,1175882,1176011,1176022,1176038,1176069,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176395,1176400,1176410,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176946,1176950,1176962,1176966,1176990,1177027,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296,1177340,1177511
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14386,CVE-2020-14390,CVE-2020-1749,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-26088
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.36.1, kernel-rt_debug-4.12.14-14.36.1, kernel-source-rt-4.12.14-14.36.1, kernel-syms-rt-4.12.14-14.36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 59 Swamp Workflow Management 2020-11-26 17:20:07 UTC
SUSE-SU-2020:3532-1: An update that solves 26 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065600,1131277,1160947,1161360,1163524,1166965,1170232,1170415,1171417,1172073,1172366,1173115,1173233,1175306,1175721,1175749,1175882,1176011,1176235,1176278,1176381,1176423,1176482,1176485,1176698,1176721,1176722,1176723,1176725,1176732,1176877,1176907,1176922,1176990,1177027,1177086,1177121,1177165,1177206,1177226,1177410,1177411,1177470,1177511,1177513,1177724,1177725,1177766,1178003,1178123,1178330,1178393,1178622,1178765,1178782,1178838
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0430,CVE-2020-0431,CVE-2020-0432,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-14381,CVE-2020-14390,CVE-2020-16120,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27673,CVE-2020-27675,CVE-2020-8694
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.63.1, kernel-livepatch-SLE15_Update_21-1-1.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 60 Swamp Workflow Management 2020-11-26 17:32:05 UTC
SUSE-SU-2020:3532-1: An update that solves 26 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065600,1131277,1160947,1161360,1163524,1166965,1170232,1170415,1171417,1172073,1172366,1173115,1173233,1175306,1175721,1175749,1175882,1176011,1176235,1176278,1176381,1176423,1176482,1176485,1176698,1176721,1176722,1176723,1176725,1176732,1176877,1176907,1176922,1176990,1177027,1177086,1177121,1177165,1177206,1177226,1177410,1177411,1177470,1177511,1177513,1177724,1177725,1177766,1178003,1178123,1178330,1178393,1178622,1178765,1178782,1178838
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0430,CVE-2020-0431,CVE-2020-0432,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-14381,CVE-2020-14390,CVE-2020-16120,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27673,CVE-2020-27675,CVE-2020-8694
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.63.1, kernel-docs-4.12.14-150.63.1, kernel-obs-build-4.12.14-150.63.1, kernel-source-4.12.14-150.63.1, kernel-syms-4.12.14-150.63.1, kernel-vanilla-4.12.14-150.63.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.63.1, kernel-docs-4.12.14-150.63.1, kernel-obs-build-4.12.14-150.63.1, kernel-source-4.12.14-150.63.1, kernel-syms-4.12.14-150.63.1, kernel-vanilla-4.12.14-150.63.1, kernel-zfcpdump-4.12.14-150.63.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.63.1, kernel-livepatch-SLE15_Update_21-1-1.5.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.63.1, kernel-docs-4.12.14-150.63.1, kernel-obs-build-4.12.14-150.63.1, kernel-source-4.12.14-150.63.1, kernel-syms-4.12.14-150.63.1, kernel-vanilla-4.12.14-150.63.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.63.1, kernel-docs-4.12.14-150.63.1, kernel-obs-build-4.12.14-150.63.1, kernel-source-4.12.14-150.63.1, kernel-syms-4.12.14-150.63.1, kernel-vanilla-4.12.14-150.63.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.63.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 61 Swamp Workflow Management 2020-11-26 20:26:43 UTC
SUSE-SU-2020:3544-1: An update that solves 26 vulnerabilities and has 34 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065600,1131277,1160947,1163524,1166965,1168468,1170139,1170232,1170415,1171417,1171675,1172073,1172366,1173115,1173233,1175228,1175306,1175721,1175882,1176011,1176235,1176278,1176381,1176423,1176482,1176485,1176698,1176721,1176722,1176723,1176725,1176732,1176869,1176907,1176922,1176935,1176950,1176990,1177027,1177086,1177121,1177206,1177340,1177410,1177411,1177470,1177511,1177724,1177725,1177766,1177816,1178123,1178330,1178393,1178669,1178765,1178782,1178838
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0430,CVE-2020-0431,CVE-2020-0432,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-14381,CVE-2020-14390,CVE-2020-16120,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27673,CVE-2020-27675,CVE-2020-8694
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 62 Swamp Workflow Management 2020-11-26 20:49:26 UTC
SUSE-SU-2020:3544-1: An update that solves 26 vulnerabilities and has 34 fixes is now available.

Category: security (important)
Bug References: 1051510,1058115,1065600,1131277,1160947,1163524,1166965,1168468,1170139,1170232,1170415,1171417,1171675,1172073,1172366,1173115,1173233,1175228,1175306,1175721,1175882,1176011,1176235,1176278,1176381,1176423,1176482,1176485,1176698,1176721,1176722,1176723,1176725,1176732,1176869,1176907,1176922,1176935,1176950,1176990,1177027,1177086,1177121,1177206,1177340,1177410,1177411,1177470,1177511,1177724,1177725,1177766,1177816,1178123,1178330,1178393,1178669,1178765,1178782,1178838
CVE References: CVE-2020-0404,CVE-2020-0427,CVE-2020-0430,CVE-2020-0431,CVE-2020-0432,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-14381,CVE-2020-14390,CVE-2020-16120,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27673,CVE-2020-27675,CVE-2020-8694
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.65.1, kernel-source-4.12.14-95.65.1, kernel-syms-4.12.14-95.65.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.65.1, kgraft-patch-SLE12-SP4_Update_17-1-6.5.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 64 Swamp Workflow Management 2021-02-05 20:56:09 UTC
openSUSE-SU-2021:0242-1: An update that solves 79 vulnerabilities and has 676 fixes is now available.

Category: security (moderate)
Bug References: 1034995,1040855,1043347,1044120,1044767,1055014,1055117,1055186,1058115,1061843,1065600,1065729,1066382,1071995,1077428,1085030,1094244,1094840,1109695,1115431,1120163,1129923,1133021,1134760,1136666,1138374,1139944,1148868,1149032,1152148,1152457,1152472,1152489,1153274,1154353,1154488,1154492,1154824,1155518,1155798,1156315,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158775,1158983,1159058,1159781,1159867,1159886,1160388,1160634,1160947,1161099,1161495,1162002,1162063,1162209,1162400,1162702,1163592,1163727,1164648,1164777,1164780,1165211,1165455,1165629,1165692,1165933,1165975,1166146,1166166,1166340,1166965,1166985,1167030,1167104,1167527,1167651,1167657,1167773,1167851,1168230,1168461,1168468,1168779,1168838,1168952,1168959,1169021,1169094,1169194,1169263,1169514,1169681,1169763,1169771,1169790,1169795,1170011,1170139,1170232,1170284,1170415,1170442,1170617,1170621,1170774,1170879,1170891,1170895,1171000,1171068,1171073,1171078,1171117,1171150,1171156,1171189,1171191,1171218,1171219,1171220,1171236,1171242,1171246,1171285,1171293,1171374,1171390,1171391,1171392,1171417,1171426,1171507,1171513,1171514,1171529,1171530,1171558,1171634,1171644,1171662,1171675,1171688,1171699,1171709,1171730,1171732,1171736,1171739,1171742,1171743,1171759,1171773,1171774,1171775,1171776,1171777,1171778,1171779,1171780,1171781,1171782,1171783,1171784,1171785,1171786,1171787,1171788,1171789,1171790,1171791,1171792,1171793,1171794,1171795,1171796,1171797,1171798,1171799,1171810,1171827,1171828,1171832,1171833,1171834,1171835,1171839,1171840,1171841,1171842,1171843,1171844,1171849,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172108,1172145,1172169,1172170,1172197,1172201,1172208,1172223,1172247,1172317,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172418,1172419,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172733,1172739,1172751,1172757,1172759,1172775,1172781,1172782,1172783,1172814,1172823,1172841,1172871,1172873,1172938,1172939,1172940,1172956,1172963,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173017,1173068,1173074,1173085,1173115,1173139,1173206,1173267,1173271,1173280,1173284,1173428,1173438,1173461,1173468,1173485,1173514,1173552,1173573,1173625,1173746,1173776,1173798,1173813,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1173954,1174002,1174003,1174018,1174026,1174029,1174072,1174098,1174110,1174111,1174116,1174126,1174127,1174128,1174129,1174146,1174185,1174205,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174358,1174362,1174387,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174484,1174486,1174513,1174527,1174625,1174627,1174645,1174689,1174699,1174737,1174748,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174899,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175079,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175306,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175480,1175493,1175546,1175550,1175599,1175621,1175654,1175667,1175691,1175718,1175721,1175749,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175787,1175807,1175834,1175873,1175882,1175898,1175918,1175952,1175995,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176069,1176109,1176137,1176180,1176200,1176235,1176236,1176237,1176242,1176354,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176396,1176400,1176423,1176449,1176481,1176485,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176543,1176544,1176545,1176546,1176548,1176558,1176559,1176564,1176586,1176587,1176588,1176659,1176698,1176699,1176700,1176713,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176855,1176869,1176877,1176907,1176925,1176942,1176956,1176962,1176979,1176980,1176983,1176990,1177021,1177030,1177066,1177070,1177086,1177090,1177109,1177121,1177193,1177194,1177206,1177258,1177271,1177281,1177283,1177284,1177285,1177286,1177297,1177326,1177353,1177384,1177397,1177410,1177411,1177470,1177500,1177511,1177617,1177666,1177679,1177681,1177683,1177687,1177694,1177697,1177698,1177703,1177719,1177724,1177725,1177726,1177733,1177739,1177749,1177750,1177754,1177755,1177765,1177766,1177799,1177801,1177814,1177817,1177820,1177854,1177855,1177856,1177861,1178002,1178049,1178079,1178123,1178166,1178173,1178175,1178176,1178177,1178182,1178183,1178184,1178185,1178186,1178190,1178191,1178203,1178227,1178246,1178255,1178270,1178286,1178307,1178330,1178393,1178395,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178590,1178612,1178634,1178635,1178653,1178659,1178660,1178661,1178669,1178686,1178740,1178755,1178756,1178762,1178780,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179204,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179434,1179435,1179442,1179519,1179550,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179887,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180349,1180506,1180541,1180559,1180566,173030,744692,789311,954532,995541
CVE References: CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0110,CVE-2020-0305,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-0543,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-11668,CVE-2020-12351,CVE-2020-12352,CVE-2020-12652,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14314,CVE-2020-14331,CVE-2020-14351,CVE-2020-14356,CVE-2020-14385,CVE-2020-14386,CVE-2020-14390,CVE-2020-14416,CVE-2020-15393,CVE-2020-15436,CVE-2020-15437,CVE-2020-15780,CVE-2020-16120,CVE-2020-16166,CVE-2020-1749,CVE-2020-24490,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29370,CVE-2020-29371,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2020-8694
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-rt-5.3.18-lp152.3.5.1, kernel-rt_debug-5.3.18-lp152.3.5.1, kernel-source-rt-5.3.18-lp152.3.5.1, kernel-syms-rt-5.3.18-lp152.3.5.1