Bug 1183063 - Errors accessing LUKS partitions during install
Errors accessing LUKS partitions during install
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Kernel
Leap 15.3
Other Other
: P1 - Urgent : Critical (vote)
: ---
Assigned To: Martin Wilck
E-mail List
https://github.com/openSUSE/suse-modu...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-03-05 02:24 UTC by Neil Rickert
Modified: 2022-07-21 19:37 UTC (History)
13 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Yast logs for the failed install (217.29 KB, application/x-xz)
2021-03-05 02:24 UTC, Neil Rickert
Details
error message after entering the passphrase to let the kernel/initrd unlock the file system (6.53 KB, image/png)
2021-04-04 12:19 UTC, Dirk Weber
Details
error messages displayed by journalctl related to the failed unlocking (22.06 KB, image/png)
2021-04-04 12:25 UTC, Dirk Weber
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Neil Rickert 2021-03-05 02:24:00 UTC
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Build Identifier: 

This was an attempt to install Leap 15.3 Build 91.1. I used a slightly non-standard way of preparing a USB (external drive) for the installer, but I doubt that was the problem.  It is based on the DVD installer.

We went through the first few screen, license, etc.  It then asked for the LUKS password for "/dev/sdb5".  That seemed to go fine.  Next was password for "/dev/sdb7".  I clicked "Cancel" on that,  because I did not need for the install.  Next was password for "/dev/sdc2".  I again cancelled that.  And then came "/dev/sdc3", where I provided the password.  This gave a strange failure message.  I did not record the details.

I aborted at this point, and rebooted the installer.  On the second attempt, I gave password for "/dev/sdb5" and "/dev/sdb7".  Both seemed successful.  I then gave the password for "/dev/sdc2" and got a similar message as before.  I clicked "Continue" and gave the password for "/dev/sdc3" -- again a failure message.

This time, I saved the logs before aborting, and I will attach them.

After aborting, I booted into Leap 15.2, where the encrypted "/dev/sdc3" is mounted without any indication of problems.

Here are the drives listed from Leap 15.2

% ls -l /dev/sd?
brw-rw---- 1 root disk 8,  0 Mar  4 17:27 /dev/sda
brw-rw---- 1 root disk 8, 16 Mar  4 17:27 /dev/sdb
brw-rw---- 1 root disk 8, 32 Mar  4 17:27 /dev/sdc
brw-rw---- 1 root disk 8, 48 Mar  4 17:39 /dev/sdd
brw-rw---- 1 root disk 8, 64 Mar  4 17:43 /dev/sde

Here, sda is a Windows drive, sdb is my main openSUSE drive, sdc is an additional drive with encrypted "/dev/sdc3" mounted as "/shared" and an encrypted "/dev/sdc2" that I am not currently using.  And "/dev/sdd" is the external drive used for the installer.  It does have an encrypted partition at "/dev/sdd3" which was not used for the install attempt.

"/dev/sde" is some sort of ghost.  If I try to access is, I get an error message.  The error message I saw is what I might expect if "cryptsetup" was trying to decrypt a partition on that ghost drive.

I will attach logs.

Reproducible: Always
Comment 1 Neil Rickert 2021-03-05 02:24:53 UTC
Created attachment 846810 [details]
Yast logs for the failed install
Comment 2 Ancor Gonzalez Sosa 2021-03-05 11:56:46 UTC
On one hand, there are several ways in which you can check what sde corresponds to in your 15.2 system. From a simple "dmesg | grep sde" to running the YaST partitioner or executing "hwinfo --disk".

Regarding the errors on the activation of sdc3 during your attempt to install 15.3, the concrete error logged by libstorage-ng is this one:

> Trying to open luks UUID: 2fea3dff-1cfc-4da6-a7af-d49a173b7528 (1 attempts)
> user allowed activation of luks 2fea3dff-1cfc-4da6-a7af-d49a173b7528
> 
> Executing:"/sbin/cryptsetup --batch-mode luksOpen '/dev/sdc3' 'cr-auto-9'
>           --tries 1 --key-file -"
>   Adding Line 1 "device-mapper: reload ioctl on   failed: No such file
>                                 or directory"
>   Returns:1
>   stderr:device-mapper: reload ioctl on   failed: No such file or directory

And I can also see these errors in dmesg:

> device-mapper: table: 254:2: crypt: Error allocating crypto tfm
> device-mapper: ioctl: error adding target to table
> device-mapper: table: 254:2: crypt: Error allocating crypto tfm
> device-mapper: ioctl: error adding target to table

I can see that sdc3 is encrypted with the aes-cbc-essiv:sha256 cypher and a key size of 32 bits. From the errors, I would say that's not supported by the kernel shipped by the Leap 15.3 installer. Setting needinfo on the kernel guys for confirmation.
Comment 3 Neil Rickert 2021-03-05 16:59:11 UTC
Thanks for the analysis.

I created that encrypted partition a long time ago.  Perhaps it is past time that I redid it.  I'm pretty sure that I just used the defaults at that time (probably in 2011).  I'm also surprised that the underlying physical disk hasn't failed by now -- that's even older.

I'll add, though, that it seems strange to drop an older encryption method between 15.2 and 15.3.  I would expect the decision to drop it to be postponed until 16.0.
Comment 4 Takashi Iwai 2021-03-05 17:32:05 UTC
Could you check install Leap 15.3 kernel on top of the Leap 15.2 system, and see whether it works?  (Don't forget to install both kernel-default and kernel-default-extra packages.)

If the installed Leap 15.3 kernel works, it's a missing module in the installation image.  OTOH, if Leap 15.3 kernel really doesn't work, we need to investigate what caused it.
Comment 5 Neil Rickert 2021-03-05 19:53:15 UTC
Thanks, Takashi

I don't want to put 15.3 on top of 15.2, since that is my main working system.  I was planning to install to replace 15.1.  I'll still do that later today or tomorrow.

I have already reformatted and reencrypted "/dev/sdc3".  I am currently restoring it from backup.  But I have not touched "/dev/sdc2", so I can test with that.
Comment 6 Neil Rickert 2021-03-05 23:21:15 UTC
I have installed Leap 15.3

The encrypted partition still cannot be opened:

cryptsetup luksOpen /dev/sdc2 cr_lvm
Enter passphrase for /dev/sdc2: 
device-mapper: reload ioctl on   failed: No such file or directory

I'll note that packages kernel-default-extra and kernel-default-optional are installed.

I can now open "/dev/sdc3" because I rebuilt that.  And I can open "/dev/sdc2" from within Leap 15.2.  Maybe I should try from Tumbleweed.
Comment 7 Ancor Gonzalez Sosa 2021-03-08 08:48:39 UTC
(In reply to Neil Rickert from comment #6)
> I have installed Leap 15.3
> 
> The encrypted partition still cannot be opened

So, as anticipated, this is not really a installer/YaST issue. Reassigning to kernel folks as next attempt to detect what has changed between 15.2 and 15.3 regarding support for those LUKS.
Comment 8 Takashi Iwai 2021-03-08 16:21:15 UTC
Coly, do you know any incompatibility in SLE15-SP3 that may bring this kind of error?
Comment 9 Coly Li 2021-03-09 04:01:23 UTC
(In reply to Takashi Iwai from comment #8)
> Coly, do you know any incompatibility in SLE15-SP3 that may bring this kind
> of error?

The fast answer can not be provided, but I can take a look into this. If it is not hurry I can take this bug and handle it after other higher priority ones done.

Coly Li
Comment 10 Dirk Weber 2021-04-04 12:15:51 UTC
Today I did an online upgrade of a system with encrypted filesystem from 15.2 to 15.3 Beta (117.13) with zypper dup.
After the upgrade the system does not boot with the 15.3 kernel (5.3.18-52-default). Additionally installing the "-extra" and "-optional" kernel packages did not help.
With the remaining 15.2 kernel (5.3.18-lp152.66-default) it boots. The initrd was re-created under Leap 15.3 also for the 15.2 kernel.

The failure message displayed after entering the decryption password at the prompt with the 15.3 kernel:
[FAILED] Failed to start Cryptography Setup for cr_sda2
[DEPEND] Dependency failed for Local Encrypted Volumes
see screenshot initrd_crypt_prompt.png

journalctl shows
device-mapper: reload ioctl on  failed: No such file or directory 
device-mapper: 
table: 254:0 crypt: Error allocating crypto tfm

see screenshot journalctl.png
Comment 11 Dirk Weber 2021-04-04 12:19:18 UTC
Created attachment 847977 [details]
error message after entering the passphrase to let the kernel/initrd unlock the file system
Comment 12 Dirk Weber 2021-04-04 12:25:47 UTC
Created attachment 847978 [details]
error messages displayed by journalctl related to the failed unlocking

After being dropped to the rescue shell of the initrd and entering journalctl.
This picture is stitched together from several pictures due to the width exceeding the boot screen. But notice the blank in the line
"reload ioctl on  failed: No such file or directory"

It seems there is something missing between "on" and "failed".
Comment 13 Neil Rickert 2021-04-04 19:37:10 UTC
Hi, Dirk.

Yes, this does look like exactly the same problem.

Since you did an online upgrade, you should still have the kernel from Leap 15.2 installed.  Try choosing that from the boot menu, and your system should boot that way.  Similarly, if you install a newer kernel from the stable kernels repo, that should also boot.

It seems that some styles of LUKS encryption are supported by openSUSE kernels but not by SUSE kernels.  And now Leap 15.3 is using the SUSE kernels, instead on rebuilding them with openSUSE build time settings.
Comment 14 Dirk Weber 2021-04-04 20:24:57 UTC
Hi Neil,

yes, by selecting the kernel which is left from the 15.2 install the updated system can be booted.

This is what I tried to express.

The initrd of the 15.2 kernel has also been newly created during the upgrade to 15.3.
That booting the 15.2 kernel successfully with the initrd created for it by the initrd creation scripts of 15.3 indicates that it is not an issue of the initrd creation mechanism of 15.3 but really more related to the kernel itself.
Comment 15 Neil Rickert 2021-04-05 00:27:39 UTC
Yes, I agree.  It seems to be a kernel issue.
Comment 16 Dirk Weber 2021-04-18 14:28:13 UTC
Just for information:
after zypper dupping from Build117.13 ( 2021-03-31T01:36:10 ) to Build134.3 ( 2021-04-17T12:36:41 ) bringing kernel 
kernel-default-5.3.18-55.1.x86_64
the problem persists, the system can only be booted by selecting the remaining Leap 15.2 kernel in the grub menu.

Shall I open a separate bug for this?

I consider this a quite serious and even blocking problem for upgrades to 15.3.
Comment 17 Neil Rickert 2021-04-18 18:19:08 UTC
>Shall I open a separate bug for this?

There's no point in doing that.  It would only be closed as a duplicate of this bug.

I do agree with you that this is a serious bug.  Another crypto bug is reported as bug 1184419 and I consider that also a serious problem.

I have changed the severity to "critical" and added Lubos Kocman (release manager) to the CC: list for the bug.

I'm just a user.  As best I can tell, the way that openSUSE builds kernels (the defaults used) is different from the way that SUSE builds kernels.  And we are seeing that difference in these two bugs (and also in bug 1183056 although I consider that one to be less serious).  Presumably, one way to fix the problem would be to revert to the openSUSE defaults for kernels (and for "shim" to match the kernels).  Yes, in my opinion, these two crypto bugs should block release of 15.3 until they are fixed.
Comment 19 heming zhao 2021-04-19 15:12:21 UTC
I can reproduce c#0 issue in my env.
the install ISO is openSUSE-Leap-15.3-DVD-x86_64-Build91.1-Media.iso
and I can't reproduce this issue with openSUSE-Leap-15.3-DVD-x86_64-Build134.3-Media.iso.

So could you please try the latest leap 15.3 ISO.

--------------------------

my reproduction steps:

1. in kvm-qemu VM, the os is leap 15.2.
   use two 1G size qcow2 files as virt-disk. (sdc sdd)

the disk layout:
lp152-tst:~ # lsblk
NAME        MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
vda         253:0    0   40G  0 disk
├─vda1      253:1    0    8M  0 part
├─vda2      253:2    0   38G  0 part  /
└─vda3      253:3    0    2G  0 part  [SWAP]
vdb         253:16   0   30G  0 disk
vdc         253:32   0    1G  0 disk
vdd         253:48   0    1G  0 disk

2. format vdc vdd

cryptsetup -c aes-xts-plain64 --key-size 512 --hash sha512 luksFormat /dev/vdc
cryptsetup -c aes-cbc-essiv:sha256 --hash sha1 luksFormat /dev/vdd

3. shutdown VM.

4. insert leap15.3 install ISO into VM, set up boot from cdrom, then power on.
Comment 20 heming zhao 2021-04-19 15:54:50 UTC
this bug is related bsc#1184134. (you may not have permission to see this bug).
but this bug had be fixed by latest 15.3 ISO/repo, please try it.
Comment 21 Dirk Weber 2021-04-19 16:46:33 UTC
(In reply to heming zhao from comment #19)
> I can reproduce c#0 issue in my env.
> the install ISO is openSUSE-Leap-15.3-DVD-x86_64-Build91.1-Media.iso
> and I can't reproduce this issue with
> openSUSE-Leap-15.3-DVD-x86_64-Build134.3-Media.iso.
> 
> So could you please try the latest leap 15.3 ISO.
> 
As described in comment 16 I did an upgrade of a system with LUKS encryption to the currently newest snapshot Build134.3.

With the kernel-default-5.3.18-55.1.x86_64 it is not possible to boot the upgraded system.

Only by selecting the 15.2 kernel, which is still left in the system, in grub it can be booted.

The LUKS settings of the system were the (yast) defaults when it was originally installed.

I think that it is now possible to create a LUKS device with specific options in Leap 15.2 and it is accessible in Leap 15.3 Beta is not the same as supporting the upgrade of existing systems.
Comment 22 heming zhao 2021-04-19 17:41:08 UTC
(In reply to Dirk Weber from comment #21)
> (In reply to heming zhao from comment #19)
> > I can reproduce c#0 issue in my env.
> > the install ISO is openSUSE-Leap-15.3-DVD-x86_64-Build91.1-Media.iso
> > and I can't reproduce this issue with
> > openSUSE-Leap-15.3-DVD-x86_64-Build134.3-Media.iso.
> > 
> > So could you please try the latest leap 15.3 ISO.
> > 
> As described in comment 16 I did an upgrade of a system with LUKS encryption
> to the currently newest snapshot Build134.3.
> 
> With the kernel-default-5.3.18-55.1.x86_64 it is not possible to boot the
> upgraded system.
> 
> Only by selecting the 15.2 kernel, which is still left in the system, in
> grub it can be booted.
> 
> The LUKS settings of the system were the (yast) defaults when it was
> originally installed.
> 
> I think that it is now possible to create a LUKS device with specific
> options in Leap 15.2 and it is accessible in Leap 15.3 Beta is not the same
> as supporting the upgrade of existing systems.

Sorry, I didn't notice on c#16 version info. 
It's very intesting between you and me test result.

Would you have time to execute below cmds?

(in leap 15.3)
```
cryptsetup luksDump  /dev/sda2  <== 15.3 issued dev
lsmod | grep crypt
lsmod | grep essiv
zcat /proc/config.gz | grep CONFIG_CRYPTO_ESSIV
modprobe essiv
cryptsetup luksOpen /dev/sda2 abcd
```
Comment 23 Dirk Weber 2021-04-19 18:26:41 UTC
(In reply to heming zhao from comment #22)
> (In reply to Dirk Weber from comment #21)
> > (In reply to heming zhao from comment #19)
> > > I can reproduce c#0 issue in my env.
> 
> Would you have time to execute below cmds?
> 
> (in leap 15.3)
> ```
> cryptsetup luksDump  /dev/sda2  <== 15.3 issued dev
> lsmod | grep crypt
> lsmod | grep essiv
> zcat /proc/config.gz | grep CONFIG_CRYPTO_ESSIV
> modprobe essiv
> cryptsetup luksOpen /dev/sda2 abcd
> ```

In 15.3 booted with the 15.2 kernel (because with the 15.3 kernel I can not get this far)

uname -r
5.3.18-lp152.66-default

cat /etc/os-release 
NAME="openSUSE Leap"
VERSION="15.3 Beta"
ID="opensuse-leap"
ID_LIKE="suse opensuse"
VERSION_ID="15.3"
PRETTY_NAME="openSUSE Leap 15.3 Beta"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:leap:15.3"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"


cryptsetup luksDump  /dev/sda2
LUKS header information for /dev/sda2

Version:        1
Cipher name:    aes
Cipher mode:    cbc-essiv:sha256
Hash spec:      sha1
Payload offset: 4096
MK bits:        256
MK digest:      xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
MK salt:        xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
                xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
MK iterations:  40375
UUID:           632d6471-2381-48b0-89bd-21d6e3f2e378

Key Slot 0: ENABLED
        Iterations:             161784
        Salt:                   xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
                                xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: ENABLED
        Iterations:             156951
        Salt:                   xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
                                xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
        Key material offset:    264
        AF stripes:             4000

        
lsmod | grep crypt
dm_crypt               40960  1
crypto_simd            16384  1 aesni_intel
cryptd                 24576  3 crypto_simd,ghash_clmulni_intel
dm_mod                155648  12 dm_crypt,dm_multipath,dm_log,dm_mirror


lsmod | grep crypt
dm_crypt               40960  1
crypto_simd            16384  1 aesni_intel
cryptd                 24576  3 crypto_simd,ghash_clmulni_intel
dm_mod                155648  12 dm_crypt,dm_multipath,dm_log,dm_mirror


Note: this is the 15.2 kernel - there is no module essiv:
lsmod | grep essiv
<nothing>

also not in the kernel config of the running kernel:
zcat /proc/config.gz | grep CONFIG_CRYPTO_ESSIV
<nothing>

the only installed kernel which contains "ESSIV" is the newest 5.3.18-55 from 15.3
zgrep  CONFIG_CRYPTO_ESSIV config-5.3.18-*
config-5.3.18-55-default:CONFIG_CRYPTO_ESSIV=m

overview of all kernel-configs in /boot
ls -1 config-5.3.18-*
config-5.3.18-52-default
config-5.3.18-55-default
config-5.3.18-lp152.63-default
config-5.3.18-lp152.66-default

just to show that this is the 15.3 version:
rpm -qf /usr/sbin/cryptsetup
cryptsetup-2.3.4-1.29.x86_64


I skipped the 
modprobe essiv
as this 15.2 kernel does not have an essiv module

and I skipped this too becaus the LUKS is already open:
cryptsetup luksOpen /dev/sda2 abcd

Or should I try these at the emergency console after the timeout for the passphrase?
Comment 24 Dirk Weber 2021-04-19 18:38:36 UTC
booting 5.3.18-55-default, waiting for the timout to unlock the LUKS container at the emergency console:

lsmod shows that essiv is not loaded.

modprobe essiv fails
modprobe: FATAL: Module essiv not found in directory /lib/modules/5.3.18-55-default

Maybe it is just not included in the initrd because it did not exist in the 15.2 kernel?

I try to force including essiv in the initrd...
Comment 25 Dirk Weber 2021-04-19 19:09:01 UTC
in initrd of the 15.3 kernel 5.3.18-55 created by the "zypper dup" upgrade from the running system the module essiv is not included:
# lsinitrd initrd-5.3.18-55-default  |grep essiv
<nothing>

force the inclusion:

cat /etc/dracut.conf.d/50-essiv.conf 
force_drivers+="essiv"

create a new initrd:
# mkinitrd -k vmlinuz-5.3.18-55-default -i initrd-5.3.18-55-default

now essiv is there:
# lsinitrd initrd-5.3.18-55-default  |grep essiv
-rw-r--r--   1 root     root         5860 Apr 16 02:15 lib/modules/5.3.18-55-default/kernel/crypto/essiv.ko.xz

reboot with the default 15.3 kernel and the new initrd works and unlocks the LUKS container successfully:

The system is running with the 15.3 kernel:
uname -r
5.3.18-55-default


So Heming, you were right, the kernel 5.3.18-55 solves the problem, now it is only needed that the essiv module is included in the initrd automatically when it was not loaded in the 15.2 kernel.
Comment 26 Neil Rickert 2021-04-19 20:57:37 UTC
Responding to c#19

Yes, after updating, I am now able to unlock the encrypted partition (which had previously failed).

Note that my install is not to that partition, so I am opening it after successful booting.

Later this week, I will try starting an install on this system, just to check whether the installer can access the partition.
Comment 28 Takashi Iwai 2021-04-20 06:57:28 UTC
Oh this is a tricky one.  The lack of essiv module got fixed recently, but it's not included when initrd is created with dracut because the old system before upgrade didn't have / need the module yet.  Hmm.

Adding dracut people to Cc.  Maybe they have a good idea?
Comment 29 Michal Suchanek 2021-04-20 14:32:37 UTC
(In reply to Dirk Weber from comment #25)

> 
> cat /etc/dracut.conf.d/50-essiv.conf 
> force_drivers+="essiv"

Does the module get included if you instead do

echo "# SUSE INITRD: dm-crypt REQUIRES essiv" >> /etc/modprobe.d/00-system.conf
Comment 30 Dirk Weber 2021-04-20 16:56:05 UTC
(In reply to Michal Suchanek from comment #29)
> (In reply to Dirk Weber from comment #25)
> 
> > 
> > cat /etc/dracut.conf.d/50-essiv.conf 
> > force_drivers+="essiv"
> 
> Does the module get included if you instead do
> 
> echo "# SUSE INITRD: dm-crypt REQUIRES essiv" >>
> /etc/modprobe.d/00-system.conf

1) booted the Leap 15.2 kernel again so no essiv module exists.
uname -r
5.3.18-lp152.66-default
lsmod |grep essiv

removed /etc/dracut.conf.d/50-essiv.conf 

2) echo "# SUSE INITRD: dm-crypt REQUIRES essiv" >> /etc/modprobe.d/00-system.conf
tail /etc/modprobe.d/00-system.conf

# ata_piix can't handle ICH6 in AHCI mode
install ata_piix /sbin/modprobe ahci 2>&1 |:; /sbin/modprobe --ignore-install ata_piix

# QEMU/KVM can handle ACPI Hotplugging
alias dmi:bvnQEMU:bvrQEMU:* acpiphp

# end of x86_64 part for modprobe.conf

# SUSE INITRD: dm-crypt REQUIRES essiv

3) created the new initrd:
cd /boot
mkinitrd -k vmlinuz-5.3.18-55-default -i initrd-5.3.18-55-default

lsinitrd initrd-5.3.18-55-default  |grep essiv
<nothing>


Result: in this way the essiv module is not included in the initrd, and boot with it fails.
Comment 31 Takashi Iwai 2021-04-20 17:10:05 UTC
Then could you try to add the following line to /etc/modprobe.d/*.conf, instead?
  softdep dm-crypt pre: essiv
Comment 32 Dirk Weber 2021-04-20 17:38:51 UTC
(In reply to Takashi Iwai from comment #31)
> Then could you try to add the following line to /etc/modprobe.d/*.conf,
> instead?
>   softdep dm-crypt pre: essiv

1) boot with Leap 15.2 kernel without essiv

add softdep dm-crypt pre: essiv to /etc/modprobe.d/00-system.conf
remove "# SUSE INITRD: dm-crypt REQUIRES essiv"


tail /etc/modprobe.d/00-system.conf

# ata_piix can't handle ICH6 in AHCI mode
install ata_piix /sbin/modprobe ahci 2>&1 |:; /sbin/modprobe --ignore-install ata_piix

# QEMU/KVM can handle ACPI Hotplugging
alias dmi:bvnQEMU:bvrQEMU:* acpiphp

# end of x86_64 part for modprobe.conf

softdep dm-crypt pre: essiv


2) create new initrd:
mkinitrd -k vmlinuz-5.3.18-55-default -i initrd-5.3.18-55-default

it contains the essiv module
lsinitrd initrd-5.3.18-55-default  |grep essiv
-rw-r--r--   1 root     root         5860 Apr 16 02:15 lib/modules/5.3.18-55-default/kernel/crypto/essiv.ko.xz


3) reboot...
open LUKS successful,


uname -r
5.3.18-55-default


lsmod |grep essiv
essiv                  16384  1
authenc                16384  1 essiv


Yes, this works.
Comment 33 Michal Suchanek 2021-04-20 18:31:16 UTC
Thanks for testing.

Should be added in suse-module-tools then.
Comment 34 Martin Wilck 2021-04-22 17:31:16 UTC
OBS sr#887862 for factory
IBS sr#240047 for SUSE:SLE-15-SP3:GA
Comment 35 OBSbugzilla Bot 2021-04-22 18:00:03 UTC
This is an autogenerated message for OBS integration:
This bug (1183063) was mentioned in
https://build.opensuse.org/request/show/887862 Factory / suse-module-tools
Comment 37 Michal Suchanek 2021-04-28 11:10:17 UTC
Should be fixed now.
Comment 53 OBSbugzilla Bot 2021-05-10 22:10:47 UTC
This is an autogenerated message for OBS integration:
This bug (1183063) was mentioned in
https://build.opensuse.org/request/show/892132 15.2 / kernel-source
Comment 54 Swamp Workflow Management 2021-05-12 13:21:43 UTC
SUSE-SU-2021:1571-1: An update that solves two vulnerabilities and has 57 fixes is now available.

Category: security (important)
Bug References: 1043990,1055117,1065729,1152457,1152489,1155518,1156395,1167260,1167574,1168838,1174416,1174426,1175995,1178089,1179243,1179851,1180846,1181161,1182613,1183063,1183203,1183289,1184208,1184209,1184436,1184485,1184514,1184585,1184650,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184811,1184893,1184934,1184942,1184957,1184969,1184984,1185041,1185113,1185233,1185244,1185269,1185365,1185454,1185472,1185491,1185549,1185586,1185587
CVE References: CVE-2021-29155,CVE-2021-29650
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-36.2, kernel-rt_debug-5.3.18-36.2, kernel-source-rt-5.3.18-36.2, kernel-syms-rt-5.3.18-36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 55 Swamp Workflow Management 2021-05-12 13:34:26 UTC
SUSE-SU-2021:1572-1: An update that solves 6 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1043990,1046303,1047233,1055117,1056787,1065729,1087405,1097583,1097584,1097585,1097586,1097587,1097588,1101816,1103990,1104353,1109837,1111981,1114648,1118657,1118661,1151794,1152457,1175306,1178089,1180624,1180846,1181062,1181161,1182613,1182672,1183063,1183203,1183289,1184170,1184194,1184208,1184209,1184211,1184350,1184388,1184509,1184512,1184514,1184647,1184650,1184724,1184731,1184736,1184737,1184738,1184742,1184760,1184942,1184952,1184957,1184984,1185041,1185113,1185195,1185197,1185244,1185269,1185335,1185365,1185472,1185491,1185549
CVE References: CVE-2020-36310,CVE-2020-36312,CVE-2020-36322,CVE-2021-28950,CVE-2021-29155,CVE-2021-29650
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.56.1, kernel-source-azure-4.12.14-16.56.1, kernel-syms-azure-4.12.14-16.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 56 Swamp Workflow Management 2021-05-12 13:39:38 UTC
SUSE-SU-2021:1573-1: An update that solves 35 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1047233,1173485,1176720,1177411,1178181,1179454,1181032,1182672,1182715,1182716,1182717,1183022,1183063,1183069,1183509,1183593,1183646,1183686,1183696,1183775,1184120,1184167,1184168,1184170,1184192,1184193,1184194,1184196,1184198,1184208,1184211,1184388,1184391,1184393,1184397,1184509,1184511,1184512,1184514,1184583,1184650,1184942,1185113,1185244,1185248
CVE References: CVE-2020-0433,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20219,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.72.1, kernel-docs-4.12.14-150.72.2, kernel-obs-build-4.12.14-150.72.1, kernel-source-4.12.14-150.72.1, kernel-syms-4.12.14-150.72.1, kernel-vanilla-4.12.14-150.72.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.72.1, kernel-docs-4.12.14-150.72.2, kernel-obs-build-4.12.14-150.72.1, kernel-source-4.12.14-150.72.1, kernel-syms-4.12.14-150.72.1, kernel-vanilla-4.12.14-150.72.1, kernel-zfcpdump-4.12.14-150.72.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.72.1, kernel-livepatch-SLE15_Update_24-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.72.1, kernel-docs-4.12.14-150.72.2, kernel-obs-build-4.12.14-150.72.1, kernel-source-4.12.14-150.72.1, kernel-syms-4.12.14-150.72.1, kernel-vanilla-4.12.14-150.72.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.72.1, kernel-docs-4.12.14-150.72.2, kernel-obs-build-4.12.14-150.72.1, kernel-source-4.12.14-150.72.1, kernel-syms-4.12.14-150.72.1, kernel-vanilla-4.12.14-150.72.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.72.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 57 Swamp Workflow Management 2021-05-12 13:48:31 UTC
SUSE-SU-2021:1574-1: An update that solves two vulnerabilities and has 52 fixes is now available.

Category: security (important)
Bug References: 1043990,1055117,1065729,1152457,1152489,1156395,1167260,1168838,1174416,1174426,1178089,1179243,1179851,1180846,1181161,1182613,1183063,1183203,1183289,1184208,1184209,1184436,1184514,1184650,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184811,1184893,1184934,1184942,1184957,1184969,1184984,1185041,1185113,1185233,1185244,1185269,1185365,1185454,1185472,1185491,1185549,1185586,1185587
CVE References: CVE-2021-29155,CVE-2021-29650
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.64.1, kernel-default-base-5.3.18-24.64.1.9.28.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.64.1, kernel-preempt-5.3.18-24.64.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.64.1, kernel-livepatch-SLE15-SP2_Update_13-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.64.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.64.2, kernel-obs-build-5.3.18-24.64.1, kernel-preempt-5.3.18-24.64.1, kernel-source-5.3.18-24.64.1, kernel-syms-5.3.18-24.64.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.64.1, kernel-default-base-5.3.18-24.64.1.9.28.1, kernel-preempt-5.3.18-24.64.1, kernel-source-5.3.18-24.64.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.64.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 58 Swamp Workflow Management 2021-05-12 19:18:28 UTC
openSUSE-SU-2021:0716-1: An update that solves two vulnerabilities and has 55 fixes is now available.

Category: security (important)
Bug References: 1043990,1055117,1065729,1152457,1152489,1156395,1167260,1168838,1174416,1174426,1178089,1179243,1179825,1179851,1180846,1181161,1182613,1182999,1183063,1183203,1183289,1184208,1184209,1184436,1184514,1184650,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184811,1184893,1184934,1184942,1184957,1184969,1184984,1185041,1185113,1185233,1185244,1185269,1185365,1185454,1185472,1185491,1185549,1185586,1185587,1185606
CVE References: CVE-2021-29155,CVE-2021-29650
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.75.1, kernel-default-5.3.18-lp152.75.1, kernel-default-base-5.3.18-lp152.75.1.lp152.8.32.1, kernel-docs-5.3.18-lp152.75.1, kernel-kvmsmall-5.3.18-lp152.75.1, kernel-obs-build-5.3.18-lp152.75.1, kernel-obs-qa-5.3.18-lp152.75.1, kernel-preempt-5.3.18-lp152.75.1, kernel-source-5.3.18-lp152.75.1, kernel-syms-5.3.18-lp152.75.1
Comment 59 Swamp Workflow Management 2021-05-13 16:19:45 UTC
SUSE-SU-2021:1595-1: An update that solves 7 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1043990,1046303,1047233,1055117,1056787,1065729,1087405,1097583,1097584,1097585,1097586,1097587,1097588,1101816,1103990,1104353,1109837,1111981,1114648,1118657,1118661,1151794,1152457,1175306,1178089,1180624,1180846,1181062,1181161,1182613,1182672,1183063,1183203,1183289,1183947,1184170,1184194,1184208,1184209,1184211,1184350,1184388,1184509,1184512,1184514,1184647,1184650,1184724,1184731,1184736,1184737,1184738,1184742,1184760,1184942,1184952,1184957,1184984,1185041,1185113,1185195,1185197,1185244,1185269,1185335,1185365,1185472,1185491,1185549
CVE References: CVE-2020-36310,CVE-2020-36312,CVE-2020-36322,CVE-2021-28950,CVE-2021-29155,CVE-2021-29650,CVE-2021-3444
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.71.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.71.1, kernel-obs-build-4.12.14-122.71.2
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.71.1, kernel-source-4.12.14-122.71.1, kernel-syms-4.12.14-122.71.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.71.1, kgraft-patch-SLE12-SP5_Update_18-1-8.5.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.71.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 60 Swamp Workflow Management 2021-05-13 16:26:19 UTC
SUSE-SU-2021:1596-1: An update that solves 35 vulnerabilities and has 23 fixes is now available.

Category: security (important)
Bug References: 1040855,1044767,1047233,1065729,1094840,1152457,1171078,1173485,1175873,1176700,1176720,1176855,1177411,1177753,1178181,1179454,1181032,1181960,1182194,1182672,1182715,1182716,1182717,1183022,1183063,1183069,1183509,1183593,1183646,1183686,1183696,1183738,1183775,1184120,1184167,1184168,1184170,1184192,1184193,1184194,1184196,1184198,1184208,1184211,1184388,1184391,1184393,1184397,1184509,1184511,1184512,1184514,1184583,1184650,1184942,1185113,1185244,1185248
CVE References: CVE-2020-0433,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20219,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.74.1, kernel-source-4.12.14-95.74.1, kernel-syms-4.12.14-95.74.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.74.1, kernel-source-4.12.14-95.74.1, kernel-syms-4.12.14-95.74.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.74.1, kernel-source-4.12.14-95.74.1, kernel-syms-4.12.14-95.74.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.74.1, kernel-source-4.12.14-95.74.1, kernel-syms-4.12.14-95.74.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.74.1, kgraft-patch-SLE12-SP4_Update_20-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.74.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 61 Swamp Workflow Management 2021-05-14 13:20:03 UTC
SUSE-SU-2021:1605-1: An update that solves 6 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1043990,1046303,1047233,1055117,1056787,1065729,1087405,1097583,1097584,1097585,1097586,1097587,1097588,1101816,1103990,1104353,1109837,1111981,1114648,1118657,1118661,1151794,1152457,1175306,1178089,1180624,1180846,1181062,1181161,1182613,1182672,1183063,1183203,1183289,1184170,1184194,1184208,1184209,1184211,1184350,1184388,1184509,1184512,1184514,1184647,1184650,1184724,1184731,1184736,1184737,1184738,1184742,1184760,1184942,1184952,1184957,1184984,1185041,1185113,1185195,1185197,1185244,1185269,1185335,1185365,1185472,1185491,1185549
CVE References: CVE-2020-36310,CVE-2020-36312,CVE-2020-36322,CVE-2021-28950,CVE-2021-29155,CVE-2021-29650
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.43.1, kernel-rt_debug-4.12.14-10.43.1, kernel-source-rt-4.12.14-10.43.1, kernel-syms-rt-4.12.14-10.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 62 Swamp Workflow Management 2021-05-17 19:17:17 UTC
SUSE-SU-2021:1622-1: An update that solves two vulnerabilities and has 57 fixes is now available.

Category: security (important)
Bug References: 1043990,1055117,1065729,1152457,1152489,1155518,1156395,1167260,1167574,1168838,1174416,1174426,1175995,1178089,1179243,1179851,1180846,1181161,1182613,1183063,1183203,1183289,1184208,1184209,1184436,1184485,1184514,1184585,1184650,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184811,1184893,1184934,1184942,1184957,1184969,1184984,1185041,1185113,1185233,1185244,1185269,1185365,1185454,1185472,1185491,1185549,1185586,1185587
CVE References: CVE-2021-29155,CVE-2021-29650
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.47.2, kernel-source-azure-5.3.18-18.47.2, kernel-syms-azure-5.3.18-18.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 64 Swamp Workflow Management 2021-05-18 16:17:30 UTC
SUSE-SU-2021:1624-1: An update that solves 35 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1047233,1172455,1173485,1176720,1177411,1178181,1179454,1180197,1181960,1182011,1182672,1182715,1182716,1182717,1183022,1183063,1183069,1183509,1183593,1183646,1183686,1183696,1183775,1184120,1184167,1184168,1184170,1184192,1184193,1184194,1184196,1184198,1184208,1184211,1184388,1184391,1184393,1184397,1184509,1184511,1184512,1184514,1184583,1184650,1184942,1185113,1185244
CVE References: CVE-2020-0433,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20219,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2, kernel-zfcpdump-4.12.14-197.89.2
SUSE Manager Retail Branch Server 4.0 (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE Manager Proxy 4.0 (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2, kernel-zfcpdump-4.12.14-197.89.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.89.2, kernel-livepatch-SLE15-SP1_Update_24-1-3.3.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.89.2
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-197.89.2, kernel-docs-4.12.14-197.89.3, kernel-obs-build-4.12.14-197.89.2, kernel-source-4.12.14-197.89.2, kernel-syms-4.12.14-197.89.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 65 Swamp Workflow Management 2021-06-09 16:21:24 UTC
SUSE-SU-2021:1915-1: An update that solves two vulnerabilities and has 57 fixes is now available.

Category: security (important)
Bug References: 1043990,1055117,1065729,1152457,1152489,1155518,1156395,1167260,1167574,1168838,1174416,1174426,1175995,1178089,1179243,1179851,1180846,1181161,1182613,1183063,1183203,1183289,1184208,1184209,1184436,1184485,1184514,1184585,1184650,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184811,1184893,1184934,1184942,1184957,1184969,1184984,1185041,1185113,1185233,1185244,1185269,1185365,1185454,1185472,1185491,1185549,1185586,1185587
CVE References: CVE-2021-29155,CVE-2021-29650
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-5.3.18-8.10.1
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-8.10.1, kernel-rt_debug-5.3.18-8.10.1, kernel-source-rt-5.3.18-8.10.1, kernel-syms-rt-5.3.18-8.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 67 Swamp Workflow Management 2021-06-16 19:48:10 UTC
openSUSE-SU-2021:0873-1: An update that solves two vulnerabilities and has 57 fixes is now available.

Category: security (important)
Bug References: 1043990,1055117,1065729,1152457,1152489,1155518,1156395,1167260,1167574,1168838,1174416,1174426,1175995,1178089,1179243,1179851,1180846,1181161,1182613,1183063,1183203,1183289,1184208,1184209,1184436,1184485,1184514,1184585,1184650,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184811,1184893,1184934,1184942,1184957,1184969,1184984,1185041,1185113,1185233,1185244,1185269,1185365,1185454,1185472,1185491,1185549,1185586,1185587
CVE References: CVE-2021-29155,CVE-2021-29650
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-rt-5.3.18-lp152.3.11.1, kernel-rt_debug-5.3.18-lp152.3.11.1, kernel-source-rt-5.3.18-lp152.3.11.1, kernel-syms-rt-5.3.18-lp152.3.11.1