
   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:0068-1
Rating:             important
References:         #1114648 #1124431 #1167162 #1169514 #1172073 
                    #1179599 #1183678 #1183897 #1184804 #1185727 
                    #1185762 #1187167 #1189126 #1189158 #1189305 
                    #1189841 #1190317 #1190358 #1190428 #1191229 
                    #1191384 #1191731 #1191876 #1192032 #1192145 
                    #1192267 #1192740 #1192845 #1192847 #1192866 
                    #1192877 #1192946 #1192974 #1193231 #1193306 
                    #1193318 #1193440 #1193442 #1193575 #1193731 
                    #1194087 #1194094 
Cross-References:   CVE-2018-25020 CVE-2019-15126 CVE-2020-27820
                    CVE-2021-0920 CVE-2021-0935 CVE-2021-28711
                    CVE-2021-28712 CVE-2021-28713 CVE-2021-28714
                    CVE-2021-28715 CVE-2021-33098 CVE-2021-4002
                    CVE-2021-43975 CVE-2021-43976 CVE-2021-45485
                    CVE-2021-45486
CVSS scores:
                    CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
                    CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________

   An update that solves 16 vulnerabilities and has 26 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP5 kernel was updated.

   The following security bugs were fixed:

   - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi
     chips, used in RPi family of devices aka "Kr00k". (bsc#1167162)
   - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet
     ixgbe driver due to improper input validation. (bsc#1192877)
   - CVE-2021-0935: Fixed out of bounds write due to a use after free which
     could lead to local escalation of privilege with System execution
     privileges needed in ip6_xmit. (bsc#1192032)
   - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel
     mishandled situations with a long jump over an instruction sequence
     where inner instructions require substantial expansions into multiple
     BPF instructions, leading to an overflow. (bsc#1193575)
   - CVE-2021-0920: Fixed a local privilege escalation due to an use after
     free bug in unix_gc. (bsc#1193731)
   - CVE-2021-45485: Fixed an information leak because of certain use of a
     hash table which use IPv6 source addresses. (bsc#1194094)
   - CVE-2021-45486: Fixed an information leak because the hash table is very
     small in net/ipv4/route.c. (bsc#1194087)
   - CVE-2021-28715: Fixed an issue where a guest could force Linux netback
     driver to hog large amounts of kernel memory by do not queueing
     unlimited number of packages. (bsc#1193442)
   - CVE-2021-28714: Fixed an issue where a guest could force Linux netback
     driver to hog large amounts of kernel memory by fixing rx queue stall
     detection. (bsc#1193442)
   - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests
     via high frequency events by hardening hvc_xen against event channel
     storms. (bsc#1193440)
   - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests
     via high frequency events by hardening netfront against event channel
     storms. (bsc#1193440)
   - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests
     via high frequency events by hardening blkfront against event channel
     storms. (bsc#1193440)
   - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could
     allow an attacker (who can introduce a crafted device) to trigger an
     out-of-bounds write via a crafted length value. (bsc#1192845)
   - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can
     connect a crafted USB device) to cause a denial of service. (bsc#1192847)
   - CVE-2021-4002: Added a missing TLB flush that could lead to leak or
     corruption of data in hugetlbfs. (bsc#1192946)
   - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in
     nouveau's postclose() handler could happen if removing device.
     (bsc#1179599)

   The following non-security bugs were fixed:

   - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
   - cifs: Add new mount parameter "acdirmax" to allow caching directory
     metadata (bsc#1190317).
   - cifs: Add new parameter "acregmax" for distinct file and directory
     metadata timeout (bsc#1190317).
   - cifs: convert list_for_each to entry variant (jsc#SLE-20656).
   - cifs: convert revalidate of directories to using directory metadata
     cache timeout (bsc#1190317).
   - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED
     (bsc#1190317).
   - cifs: fiemap: do not return EINVAL if get nothing (bsc#1190317).
   - cifs: Fix a potencially linear read overflow (git-fixes).
   - cifs: fix a sign extension bug (git-fixes).
   - cifs: fix incorrect check for null pointer in header_assemble
     (bsc#1190317).
   - cifs: fix memory leak of smb3_fs_context_dup::server_hostname
     (bsc#1190317).
   - cifs: fix missed refcounting of ipc tcon (git-fixes).
   - cifs: fix potential use-after-free bugs (jsc#SLE-20656).
   - cifs: fix print of hdr_flags in dfscache_proc_show() (jsc#SLE-20656).
   - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1190317).
   - cifs: for compound requests, use open handle if possible (bsc#1190317).
   - cifs: introduce new helper for cifs_reconnect() (jsc#SLE-20656).
   - cifs: move to generic async completion (bsc#1190317).
   - cifs: nosharesock should be set on new server (git-fixes).
   - cifs: nosharesock should not share socket with future sessions
     (bsc#1190317).
   - cifs: On cifs_reconnect, resolve the hostname again (bsc#1190317).
   - cifs: properly invalidate cached root handle when closing it
     (bsc#1190317).
   - cifs: release lock earlier in dequeue_mid error case (bsc#1190317).
   - cifs: set a minimum of 120s for next dns resolution (bsc#1190317).
   - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1190317).
   - cifs: split out dfs code from cifs_reconnect() (jsc#SLE-20656).
   - cifs: support nested dfs links over reconnect (jsc#SLE-20656).
   - cifs: support share failover when remounting (jsc#SLE-20656).
   - cifs: To match file servers, make sure the server hostname matches
     (bsc#1190317).
   - config: INPUT_EVBUG=n (bsc#1192974). Debug driver unsuitable for
     production, only enabled on ppc64.
   - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm
     feature which is available only on recent ARMv8.1 CPUs. This should
     prevent scheduling the kernel on an older slower builder.
   - cred: allow get_cred() and put_cred() to be given NULL (git-fixes).
   - EDAC/amd64: Handle three rank interleaving mode (bsc#1114648).
   - elfcore: correct reference to CONFIG_UML (git-fixes).
   - elfcore: fix building with clang (bsc#1169514).
   - fuse: release pipe buf after last use (bsc#1193318).
   - genirq: Move initial affinity setup to irq_startup() (bsc#1193231).
   - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1193231).
   - genirq: Remove mask argument from setup_affinity() (bsc#1193231).
   - genirq: Rename setup_affinity() to irq_setup_affinity() (bsc#1193231).
   - genirq: Split out irq_startup() code (bsc#1193231).
   - lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
   - md: fix a lock order reversal in md_alloc (git-fixes).
   - net: hso: fix control-request directions (git-fixes).
   - net: hso: fix muxed tty registration (git-fixes).
   - net: lan78xx: fix division by zero in send path (git-fixes).
   - net: mana: Allow setting the number of queues while the NIC is down
     (jsc#SLE-18779, bsc#1185727).
   - net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779,
     bsc#1185727).
   - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port()
     (jsc#SLE-18779, bsc#1185727).
   - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185727).
   - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185727).
   - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779,
     bsc#1185727).
   - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes).
   - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no
     IRQ is available (git-fixes).
   - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes).
   - nfsd: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
   - nvme-fc: avoid race between time out and tear down (bsc#1185762).
   - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
   - nvme-fc: update hardware queues before using them (bsc#1185762).
   - nvme-fc: wait for queues to freeze before calling update_hr_hw_queues
     (bsc#1183678).
   - nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
   - objtool: Support Clang non-section symbols in ORC generation
     (bsc#1169514).
   - platform/x86: hp_accel: Fix an error handling path in
     'lis3lv02d_probe()' (git-fixes).
   - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
   - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
     (git-fixes).
   - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
     (git-fixes).
   - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
     (git-fixes).
   - scsi: core: Put LLD module refcnt after SCSI device is released
     (git-fixes).
   - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
   - scsi: lpfc: Add additional debugfs support for CMF (bsc1192145).
   - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc1192145).
   - scsi: lpfc: Cap CMF read bytes to MBPI (bsc1192145).
   - scsi: lpfc: Change return code on I/Os received during link bounce
     (bsc1192145).
   - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV
     (bsc1192145).
   - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc1192145).
   - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited
     LOGO (bsc#1189126).
   - scsi: lpfc: Fix NPIV port deletion crash (bsc1192145).
   - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
     (bsc1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc1192145).
   - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes).
   - scsi: qla2xxx: edif: Fix app start delay (git-fixes).
   - scsi: qla2xxx: edif: Fix app start fail (git-fixes).
   - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes).
   - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo()
     (git-fixes).
   - scsi: qla2xxx: edif: Flush stale events and msgs on session down
     (git-fixes).
   - scsi: qla2xxx: edif: Increase ELS payload (git-fixes).
   - scsi: qla2xxx: Fix gnl list corruption (git-fixes).
   - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id()
     (git-fixes).
   - scsi: qla2xxx: Format log strings only if needed (git-fixes).
   - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
   - smb3: add additional null check in SMB2_ioctl (bsc#1190317).
   - smb3: add additional null check in SMB2_open (bsc#1190317).
   - smb3: add additional null check in SMB2_tcon (bsc#1190317).
   - smb3: correct server pointer dereferencing check to be more consistent
     (bsc#1190317).
   - smb3: correct smb3 ACL security descriptor (bsc#1190317).
   - smb3: do not error on fsync when readonly (bsc#1190317).
   - smb3: remove trivial dfs compile warning (jsc#SLE-20656).
   - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876
     bsc#1192866).
   - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876
     bsc#1192866).
   - tracing: Check pid filtering when creating events (git-fixes).
   - tracing: Fix pid filtering when triggers are attached (git-fixes).
   - tty: hvc: replace BUG_ON() with negative return value (git-fixes).
   - usb: Add compatibility quirk flags for iODD 2531/2541 (git-fixes).
   - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes).
   - usb: serial: option: add Fibocom FM101-GL variants (git-fixes).
   - usb: serial: option: add prod. id for Quectel EG91 (git-fixes).
   - usb: serial: option: add Quectel EC200S-CN module support (git-fixes).
   - usb: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
   - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes).
   - usb: serial: qcserial: add EM9191 QDL support (git-fixes).
   - x86/msi: Force affinity setup before startup (bsc#1193231).
   - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1114648).
   - x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1114648).
   - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1114648).
   - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514).
   - xen: sync include/xen/interface/io/ring.h with Xen's newest version
     (git-fixes).
   - xen/blkfront: do not take local copy of a request from the ring page
     (git-fixes).
   - xen/blkfront: do not trust the backend response data blindly (git-fixes).
   - xen/blkfront: read response from backend only once (git-fixes).
   - xen/netfront: disentangle tx_skb_freelist (git-fixes).
   - xen/netfront: do not read data from request on the ring page (git-fixes).
   - xen/netfront: do not trust the backend response data blindly (git-fixes).
   - xen/netfront: read response from backend only once (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2022-68=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-68=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-68=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-68=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2022-68=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.106.1
      kernel-default-debugsource-4.12.14-122.106.1
      kernel-default-extra-4.12.14-122.106.1
      kernel-default-extra-debuginfo-4.12.14-122.106.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.106.1
      kernel-obs-build-debugsource-4.12.14-122.106.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.106.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.106.1
      kernel-default-base-4.12.14-122.106.1
      kernel-default-base-debuginfo-4.12.14-122.106.1
      kernel-default-debuginfo-4.12.14-122.106.1
      kernel-default-debugsource-4.12.14-122.106.1
      kernel-default-devel-4.12.14-122.106.1
      kernel-syms-4.12.14-122.106.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.106.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.106.1
      kernel-macros-4.12.14-122.106.1
      kernel-source-4.12.14-122.106.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.106.1

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.106.1
      kernel-default-debugsource-4.12.14-122.106.1
      kernel-default-kgraft-4.12.14-122.106.1
      kernel-default-kgraft-devel-4.12.14-122.106.1
      kgraft-patch-4_12_14-122_106-default-1-8.3.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.106.1
      cluster-md-kmp-default-debuginfo-4.12.14-122.106.1
      dlm-kmp-default-4.12.14-122.106.1
      dlm-kmp-default-debuginfo-4.12.14-122.106.1
      gfs2-kmp-default-4.12.14-122.106.1
      gfs2-kmp-default-debuginfo-4.12.14-122.106.1
      kernel-default-debuginfo-4.12.14-122.106.1
      kernel-default-debugsource-4.12.14-122.106.1
      ocfs2-kmp-default-4.12.14-122.106.1
      ocfs2-kmp-default-debuginfo-4.12.14-122.106.1


References:

   https://www.suse.com/security/cve/CVE-2018-25020.html
   https://www.suse.com/security/cve/CVE-2019-15126.html
   https://www.suse.com/security/cve/CVE-2020-27820.html
   https://www.suse.com/security/cve/CVE-2021-0920.html
   https://www.suse.com/security/cve/CVE-2021-0935.html
   https://www.suse.com/security/cve/CVE-2021-28711.html
   https://www.suse.com/security/cve/CVE-2021-28712.html
   https://www.suse.com/security/cve/CVE-2021-28713.html
   https://www.suse.com/security/cve/CVE-2021-28714.html
   https://www.suse.com/security/cve/CVE-2021-28715.html
   https://www.suse.com/security/cve/CVE-2021-33098.html
   https://www.suse.com/security/cve/CVE-2021-4002.html
   https://www.suse.com/security/cve/CVE-2021-43975.html
   https://www.suse.com/security/cve/CVE-2021-43976.html
   https://www.suse.com/security/cve/CVE-2021-45485.html
   https://www.suse.com/security/cve/CVE-2021-45486.html
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1124431
   https://bugzilla.suse.com/1167162
   https://bugzilla.suse.com/1169514
   https://bugzilla.suse.com/1172073
   https://bugzilla.suse.com/1179599
   https://bugzilla.suse.com/1183678
   https://bugzilla.suse.com/1183897
   https://bugzilla.suse.com/1184804
   https://bugzilla.suse.com/1185727
   https://bugzilla.suse.com/1185762
   https://bugzilla.suse.com/1187167
   https://bugzilla.suse.com/1189126
   https://bugzilla.suse.com/1189158
   https://bugzilla.suse.com/1189305
   https://bugzilla.suse.com/1189841
   https://bugzilla.suse.com/1190317
   https://bugzilla.suse.com/1190358
   https://bugzilla.suse.com/1190428
   https://bugzilla.suse.com/1191229
   https://bugzilla.suse.com/1191384
   https://bugzilla.suse.com/1191731
   https://bugzilla.suse.com/1191876
   https://bugzilla.suse.com/1192032
   https://bugzilla.suse.com/1192145
   https://bugzilla.suse.com/1192267
   https://bugzilla.suse.com/1192740
   https://bugzilla.suse.com/1192845
   https://bugzilla.suse.com/1192847
   https://bugzilla.suse.com/1192866
   https://bugzilla.suse.com/1192877
   https://bugzilla.suse.com/1192946
   https://bugzilla.suse.com/1192974
   https://bugzilla.suse.com/1193231
   https://bugzilla.suse.com/1193306
   https://bugzilla.suse.com/1193318
   https://bugzilla.suse.com/1193440
   https://bugzilla.suse.com/1193442
   https://bugzilla.suse.com/1193575
   https://bugzilla.suse.com/1193731
   https://bugzilla.suse.com/1194087
   https://bugzilla.suse.com/1194094

SUSE: 2022:0068-1 important: the Linux Kernel

January 13, 2022

An update that solves 16 vulnerabilities and has 26 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka "Kr00k". (bsc#1167162) - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-0935: Fixed out of bounds write due to a use after free which could lead to local escalation of privilege with System execution privileges needed in ip6_xmit. (bsc#1192032) - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc. (bsc#1193731) - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bsc#1194087) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bsc#1192847) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599) The following non-security bugs were fixed: - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - cifs: Add new mount parameter "acdirmax" to allow caching directory metadata (bsc#1190317). - cifs: Add new parameter "acregmax" for distinct file and directory metadata timeout (bsc#1190317). - cifs: convert list_for_each to entry variant (jsc#SLE-20656). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1190317). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1190317). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1190317). - cifs: Fix a potencially linear read overflow (git-fixes). - cifs: fix a sign extension bug (git-fixes). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1190317). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1190317). - cifs: fix missed refcounting of ipc tcon (git-fixes). - cifs: fix potential use-after-free bugs (jsc#SLE-20656). - cifs: fix print of hdr_flags in dfscache_proc_show() (jsc#SLE-20656). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1190317). - cifs: for compound requests, use open handle if possible (bsc#1190317). - cifs: introduce new helper for cifs_reconnect() (jsc#SLE-20656). - cifs: move to generic async completion (bsc#1190317). - cifs: nosharesock should be set on new server (git-fixes). - cifs: nosharesock should not share socket with future sessions (bsc#1190317). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1190317). - cifs: properly invalidate cached root handle when closing it (bsc#1190317). - cifs: release lock earlier in dequeue_mid error case (bsc#1190317). - cifs: set a minimum of 120s for next dns resolution (bsc#1190317). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1190317). - cifs: split out dfs code from cifs_reconnect() (jsc#SLE-20656). - cifs: support nested dfs links over reconnect (jsc#SLE-20656). - cifs: support share failover when remounting (jsc#SLE-20656). - cifs: To match file servers, make sure the server hostname matches (bsc#1190317). - config: INPUT_EVBUG=n (bsc#1192974). Debug driver unsuitable for production, only enabled on ppc64. - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - cred: allow get_cred() and put_cred() to be given NULL (git-fixes). - EDAC/amd64: Handle three rank interleaving mode (bsc#1114648). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - fuse: release pipe buf after last use (bsc#1193318). - genirq: Move initial affinity setup to irq_startup() (bsc#1193231). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1193231). - genirq: Remove mask argument from setup_affinity() (bsc#1193231). - genirq: Rename setup_affinity() to irq_setup_affinity() (bsc#1193231). - genirq: Split out irq_startup() code (bsc#1193231). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - md: fix a lock order reversal in md_alloc (git-fixes). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185727). - net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779, bsc#1185727). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185727). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185727). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185727). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185727). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - nfsd: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-fc: wait for queues to freeze before calling update_hr_hw_queues (bsc#1183678). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Add additional debugfs support for CMF (bsc1192145). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc1192145). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc1192145). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc1192145). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc1192145). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc1192145). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: lpfc: Fix NPIV port deletion crash (bsc1192145). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc1192145). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc1192145). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - smb3: add additional null check in SMB2_ioctl (bsc#1190317). - smb3: add additional null check in SMB2_open (bsc#1190317). - smb3: add additional null check in SMB2_tcon (bsc#1190317). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1190317). - smb3: correct smb3 ACL security descriptor (bsc#1190317). - smb3: do not error on fsync when readonly (bsc#1190317). - smb3: remove trivial dfs compile warning (jsc#SLE-20656). - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876 bsc#1192866). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - usb: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add prod. id for Quectel EG91 (git-fixes). - usb: serial: option: add Quectel EC200S-CN module support (git-fixes). - usb: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: serial: qcserial: add EM9191 QDL support (git-fixes). - x86/msi: Force affinity setup before startup (bsc#1193231). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1114648). - x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1114648). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1114648). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes).

References

#1114648 #1124431 #1167162 #1169514 #1172073

#1179599 #1183678 #1183897 #1184804 #1185727

#1185762 #1187167 #1189126 #1189158 #1189305

#1189841 #1190317 #1190358 #1190428 #1191229

#1191384 #1191731 #1191876 #1192032 #1192145

#1192267 #1192740 #1192845 #1192847 #1192866

#1192877 #1192946 #1192974 #1193231 #1193306

#1193318 #1193440 #1193442 #1193575 #1193731

#1194087 #1194094

Cross- CVE-2018-25020 CVE-2019-15126 CVE-2020-27820

CVE-2021-0920 CVE-2021-0935 CVE-2021-28711

CVE-2021-28712 CVE-2021-28713 CVE-2021-28714

CVE-2021-28715 CVE-2021-33098 CVE-2021-4002

CVE-2021-43975 CVE-2021-43976 CVE-2021-45485

CVE-2021-45486

CVSS scores:

CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L

CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

SUSE Linux Enterprise Workstation Extension 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Live Patching 12-SP5

SUSE Linux Enterprise High Availability 12-SP5

https://www.suse.com/security/cve/CVE-2018-25020.html

https://www.suse.com/security/cve/CVE-2019-15126.html

https://www.suse.com/security/cve/CVE-2020-27820.html

https://www.suse.com/security/cve/CVE-2021-0920.html

https://www.suse.com/security/cve/CVE-2021-0935.html

https://www.suse.com/security/cve/CVE-2021-28711.html

https://www.suse.com/security/cve/CVE-2021-28712.html

https://www.suse.com/security/cve/CVE-2021-28713.html

https://www.suse.com/security/cve/CVE-2021-28714.html

https://www.suse.com/security/cve/CVE-2021-28715.html

https://www.suse.com/security/cve/CVE-2021-33098.html

https://www.suse.com/security/cve/CVE-2021-4002.html

https://www.suse.com/security/cve/CVE-2021-43975.html

https://www.suse.com/security/cve/CVE-2021-43976.html

https://www.suse.com/security/cve/CVE-2021-45485.html

https://www.suse.com/security/cve/CVE-2021-45486.html

https://bugzilla.suse.com/1114648

https://bugzilla.suse.com/1124431

https://bugzilla.suse.com/1167162

https://bugzilla.suse.com/1169514

https://bugzilla.suse.com/1172073

https://bugzilla.suse.com/1179599

https://bugzilla.suse.com/1183678

https://bugzilla.suse.com/1183897

https://bugzilla.suse.com/1184804

https://bugzilla.suse.com/1185727

https://bugzilla.suse.com/1185762

https://bugzilla.suse.com/1187167

https://bugzilla.suse.com/1189126

https://bugzilla.suse.com/1189158

https://bugzilla.suse.com/1189305

https://bugzilla.suse.com/1189841

https://bugzilla.suse.com/1190317

https://bugzilla.suse.com/1190358

https://bugzilla.suse.com/1190428

https://bugzilla.suse.com/1191229

https://bugzilla.suse.com/1191384

https://bugzilla.suse.com/1191731

https://bugzilla.suse.com/1191876

https://bugzilla.suse.com/1192032

https://bugzilla.suse.com/1192145

https://bugzilla.suse.com/1192267

https://bugzilla.suse.com/1192740

https://bugzilla.suse.com/1192845

https://bugzilla.suse.com/1192847

https://bugzilla.suse.com/1192866

https://bugzilla.suse.com/1192877

https://bugzilla.suse.com/1192946

https://bugzilla.suse.com/1192974

https://bugzilla.suse.com/1193231

https://bugzilla.suse.com/1193306

https://bugzilla.suse.com/1193318

https://bugzilla.suse.com/1193440

https://bugzilla.suse.com/1193442

https://bugzilla.suse.com/1193575

https://bugzilla.suse.com/1193731

https://bugzilla.suse.com/1194087

https://bugzilla.suse.com/1194094

Severity

Announcement ID: SUSE-SU-2022:0068-1

Rating: important

What Are You Looking For?

SUSE: 2022:0068-1 important: the Linux Kernel

Summary

References

Security Highlights from KubeCon + CloudNativeCon 2023

Kubernetes Security on AWS: A Practical Guide

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management

A Complete Guide to Torrenting Safely in 2024

Cloud Security Basics for Small Businesses

Scanning and Defending Networks with Nmap

CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

What Are You Looking For?

SUSE: 2022:0068-1 important: the Linux Kernel

Summary

References

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By