SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:0068-1
Rating:             important
References:         #1114648 #1124431 #1167162 #1169514 #1172073 
                    #1179599 #1183678 #1183897 #1184804 #1185727 
                    #1185762 #1187167 #1189126 #1189158 #1189305 
                    #1189841 #1190317 #1190358 #1190428 #1191229 
                    #1191384 #1191731 #1191876 #1192032 #1192145 
                    #1192267 #1192740 #1192845 #1192847 #1192866 
                    #1192877 #1192946 #1192974 #1193231 #1193306 
                    #1193318 #1193440 #1193442 #1193575 #1193731 
                    #1194087 #1194094 
Cross-References:   CVE-2018-25020 CVE-2019-15126 CVE-2020-27820
                    CVE-2021-0920 CVE-2021-0935 CVE-2021-28711
                    CVE-2021-28712 CVE-2021-28713 CVE-2021-28714
                    CVE-2021-28715 CVE-2021-33098 CVE-2021-4002
                    CVE-2021-43975 CVE-2021-43976 CVE-2021-45485
                    CVE-2021-45486
CVSS scores:
                    CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
                    CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________

   An update that solves 16 vulnerabilities and has 26 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP5 kernel was updated.

   The following security bugs were fixed:

   - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi
     chips, used in RPi family of devices aka "Kr00k". (bsc#1167162)
   - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet
     ixgbe driver due to improper input validation. (bsc#1192877)
   - CVE-2021-0935: Fixed out of bounds write due to a use after free which
     could lead to local escalation of privilege with System execution
     privileges needed in ip6_xmit. (bsc#1192032)
   - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel
     mishandled situations with a long jump over an instruction sequence
     where inner instructions require substantial expansions into multiple
     BPF instructions, leading to an overflow. (bsc#1193575)
   - CVE-2021-0920: Fixed a local privilege escalation due to an use after
     free bug in unix_gc. (bsc#1193731)
   - CVE-2021-45485: Fixed an information leak because of certain use of a
     hash table which use IPv6 source addresses. (bsc#1194094)
   - CVE-2021-45486: Fixed an information leak because the hash table is very
     small in net/ipv4/route.c. (bsc#1194087)
   - CVE-2021-28715: Fixed an issue where a guest could force Linux netback
     driver to hog large amounts of kernel memory by do not queueing
     unlimited number of packages. (bsc#1193442)
   - CVE-2021-28714: Fixed an issue where a guest could force Linux netback
     driver to hog large amounts of kernel memory by fixing rx queue stall
     detection. (bsc#1193442)
   - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests
     via high frequency events by hardening hvc_xen against event channel
     storms. (bsc#1193440)
   - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests
     via high frequency events by hardening netfront against event channel
     storms. (bsc#1193440)
   - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests
     via high frequency events by hardening blkfront against event channel
     storms. (bsc#1193440)
   - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could
     allow an attacker (who can introduce a crafted device) to trigger an
     out-of-bounds write via a crafted length value. (bsc#1192845)
   - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can
     connect a crafted USB device) to cause a denial of service. (bsc#1192847)
   - CVE-2021-4002: Added a missing TLB flush that could lead to leak or
     corruption of data in hugetlbfs. (bsc#1192946)
   - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in
     nouveau's postclose() handler could happen if removing device.
     (bsc#1179599)

   The following non-security bugs were fixed:

   - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
   - cifs: Add new mount parameter "acdirmax" to allow caching directory
     metadata (bsc#1190317).
   - cifs: Add new parameter "acregmax" for distinct file and directory
     metadata timeout (bsc#1190317).
   - cifs: convert list_for_each to entry variant (jsc#SLE-20656).
   - cifs: convert revalidate of directories to using directory metadata
     cache timeout (bsc#1190317).
   - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED
     (bsc#1190317).
   - cifs: fiemap: do not return EINVAL if get nothing (bsc#1190317).
   - cifs: Fix a potencially linear read overflow (git-fixes).
   - cifs: fix a sign extension bug (git-fixes).
   - cifs: fix incorrect check for null pointer in header_assemble
     (bsc#1190317).
   - cifs: fix memory leak of smb3_fs_context_dup::server_hostname
     (bsc#1190317).
   - cifs: fix missed refcounting of ipc tcon (git-fixes).
   - cifs: fix potential use-after-free bugs (jsc#SLE-20656).
   - cifs: fix print of hdr_flags in dfscache_proc_show() (jsc#SLE-20656).
   - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1190317).
   - cifs: for compound requests, use open handle if possible (bsc#1190317).
   - cifs: introduce new helper for cifs_reconnect() (jsc#SLE-20656).
   - cifs: move to generic async completion (bsc#1190317).
   - cifs: nosharesock should be set on new server (git-fixes).
   - cifs: nosharesock should not share socket with future sessions
     (bsc#1190317).
   - cifs: On cifs_reconnect, resolve the hostname again (bsc#1190317).
   - cifs: properly invalidate cached root handle when closing it
     (bsc#1190317).
   - cifs: release lock earlier in dequeue_mid error case (bsc#1190317).
   - cifs: set a minimum of 120s for next dns resolution (bsc#1190317).
   - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1190317).
   - cifs: split out dfs code from cifs_reconnect() (jsc#SLE-20656).
   - cifs: support nested dfs links over reconnect (jsc#SLE-20656).
   - cifs: support share failover when remounting (jsc#SLE-20656).
   - cifs: To match file servers, make sure the server hostname matches
     (bsc#1190317).
   - config: INPUT_EVBUG=n (bsc#1192974). Debug driver unsuitable for
     production, only enabled on ppc64.
   - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm
     feature which is available only on recent ARMv8.1 CPUs. This should
     prevent scheduling the kernel on an older slower builder.
   - cred: allow get_cred() and put_cred() to be given NULL (git-fixes).
   - EDAC/amd64: Handle three rank interleaving mode (bsc#1114648).
   - elfcore: correct reference to CONFIG_UML (git-fixes).
   - elfcore: fix building with clang (bsc#1169514).
   - fuse: release pipe buf after last use (bsc#1193318).
   - genirq: Move initial affinity setup to irq_startup() (bsc#1193231).
   - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1193231).
   - genirq: Remove mask argument from setup_affinity() (bsc#1193231).
   - genirq: Rename setup_affinity() to irq_setup_affinity() (bsc#1193231).
   - genirq: Split out irq_startup() code (bsc#1193231).
   - lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
   - md: fix a lock order reversal in md_alloc (git-fixes).
   - net: hso: fix control-request directions (git-fixes).
   - net: hso: fix muxed tty registration (git-fixes).
   - net: lan78xx: fix division by zero in send path (git-fixes).
   - net: mana: Allow setting the number of queues while the NIC is down
     (jsc#SLE-18779, bsc#1185727).
   - net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779,
     bsc#1185727).
   - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port()
     (jsc#SLE-18779, bsc#1185727).
   - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185727).
   - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185727).
   - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779,
     bsc#1185727).
   - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes).
   - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no
     IRQ is available (git-fixes).
   - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes).
   - nfsd: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
   - nvme-fc: avoid race between time out and tear down (bsc#1185762).
   - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
   - nvme-fc: update hardware queues before using them (bsc#1185762).
   - nvme-fc: wait for queues to freeze before calling update_hr_hw_queues
     (bsc#1183678).
   - nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
   - objtool: Support Clang non-section symbols in ORC generation
     (bsc#1169514).
   - platform/x86: hp_accel: Fix an error handling path in
     'lis3lv02d_probe()' (git-fixes).
   - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
   - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
     (git-fixes).
   - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
     (git-fixes).
   - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
     (git-fixes).
   - scsi: core: Put LLD module refcnt after SCSI device is released
     (git-fixes).
   - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
   - scsi: lpfc: Add additional debugfs support for CMF (bsc1192145).
   - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc1192145).
   - scsi: lpfc: Cap CMF read bytes to MBPI (bsc1192145).
   - scsi: lpfc: Change return code on I/Os received during link bounce
     (bsc1192145).
   - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV
     (bsc1192145).
   - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc1192145).
   - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited
     LOGO (bsc#1189126).
   - scsi: lpfc: Fix NPIV port deletion crash (bsc1192145).
   - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
     (bsc1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc1192145).
   - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes).
   - scsi: qla2xxx: edif: Fix app start delay (git-fixes).
   - scsi: qla2xxx: edif: Fix app start fail (git-fixes).
   - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes).
   - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo()
     (git-fixes).
   - scsi: qla2xxx: edif: Flush stale events and msgs on session down
     (git-fixes).
   - scsi: qla2xxx: edif: Increase ELS payload (git-fixes).
   - scsi: qla2xxx: Fix gnl list corruption (git-fixes).
   - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id()
     (git-fixes).
   - scsi: qla2xxx: Format log strings only if needed (git-fixes).
   - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
   - smb3: add additional null check in SMB2_ioctl (bsc#1190317).
   - smb3: add additional null check in SMB2_open (bsc#1190317).
   - smb3: add additional null check in SMB2_tcon (bsc#1190317).
   - smb3: correct server pointer dereferencing check to be more consistent
     (bsc#1190317).
   - smb3: correct smb3 ACL security descriptor (bsc#1190317).
   - smb3: do not error on fsync when readonly (bsc#1190317).
   - smb3: remove trivial dfs compile warning (jsc#SLE-20656).
   - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876
     bsc#1192866).
   - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876
     bsc#1192866).
   - tracing: Check pid filtering when creating events (git-fixes).
   - tracing: Fix pid filtering when triggers are attached (git-fixes).
   - tty: hvc: replace BUG_ON() with negative return value (git-fixes).
   - usb: Add compatibility quirk flags for iODD 2531/2541 (git-fixes).
   - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes).
   - usb: serial: option: add Fibocom FM101-GL variants (git-fixes).
   - usb: serial: option: add prod. id for Quectel EG91 (git-fixes).
   - usb: serial: option: add Quectel EC200S-CN module support (git-fixes).
   - usb: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
   - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes).
   - usb: serial: qcserial: add EM9191 QDL support (git-fixes).
   - x86/msi: Force affinity setup before startup (bsc#1193231).
   - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1114648).
   - x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1114648).
   - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1114648).
   - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514).
   - xen: sync include/xen/interface/io/ring.h with Xen's newest version
     (git-fixes).
   - xen/blkfront: do not take local copy of a request from the ring page
     (git-fixes).
   - xen/blkfront: do not trust the backend response data blindly (git-fixes).
   - xen/blkfront: read response from backend only once (git-fixes).
   - xen/netfront: disentangle tx_skb_freelist (git-fixes).
   - xen/netfront: do not read data from request on the ring page (git-fixes).
   - xen/netfront: do not trust the backend response data blindly (git-fixes).
   - xen/netfront: read response from backend only once (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2022-68=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-68=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-68=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-68=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2022-68=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.106.1
      kernel-default-debugsource-4.12.14-122.106.1
      kernel-default-extra-4.12.14-122.106.1
      kernel-default-extra-debuginfo-4.12.14-122.106.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.106.1
      kernel-obs-build-debugsource-4.12.14-122.106.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.106.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.106.1
      kernel-default-base-4.12.14-122.106.1
      kernel-default-base-debuginfo-4.12.14-122.106.1
      kernel-default-debuginfo-4.12.14-122.106.1
      kernel-default-debugsource-4.12.14-122.106.1
      kernel-default-devel-4.12.14-122.106.1
      kernel-syms-4.12.14-122.106.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.106.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.106.1
      kernel-macros-4.12.14-122.106.1
      kernel-source-4.12.14-122.106.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.106.1

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.106.1
      kernel-default-debugsource-4.12.14-122.106.1
      kernel-default-kgraft-4.12.14-122.106.1
      kernel-default-kgraft-devel-4.12.14-122.106.1
      kgraft-patch-4_12_14-122_106-default-1-8.3.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.106.1
      cluster-md-kmp-default-debuginfo-4.12.14-122.106.1
      dlm-kmp-default-4.12.14-122.106.1
      dlm-kmp-default-debuginfo-4.12.14-122.106.1
      gfs2-kmp-default-4.12.14-122.106.1
      gfs2-kmp-default-debuginfo-4.12.14-122.106.1
      kernel-default-debuginfo-4.12.14-122.106.1
      kernel-default-debugsource-4.12.14-122.106.1
      ocfs2-kmp-default-4.12.14-122.106.1
      ocfs2-kmp-default-debuginfo-4.12.14-122.106.1


References:

   https://www.suse.com/security/cve/CVE-2018-25020.html
   https://www.suse.com/security/cve/CVE-2019-15126.html
   https://www.suse.com/security/cve/CVE-2020-27820.html
   https://www.suse.com/security/cve/CVE-2021-0920.html
   https://www.suse.com/security/cve/CVE-2021-0935.html
   https://www.suse.com/security/cve/CVE-2021-28711.html
   https://www.suse.com/security/cve/CVE-2021-28712.html
   https://www.suse.com/security/cve/CVE-2021-28713.html
   https://www.suse.com/security/cve/CVE-2021-28714.html
   https://www.suse.com/security/cve/CVE-2021-28715.html
   https://www.suse.com/security/cve/CVE-2021-33098.html
   https://www.suse.com/security/cve/CVE-2021-4002.html
   https://www.suse.com/security/cve/CVE-2021-43975.html
   https://www.suse.com/security/cve/CVE-2021-43976.html
   https://www.suse.com/security/cve/CVE-2021-45485.html
   https://www.suse.com/security/cve/CVE-2021-45486.html
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1124431
   https://bugzilla.suse.com/1167162
   https://bugzilla.suse.com/1169514
   https://bugzilla.suse.com/1172073
   https://bugzilla.suse.com/1179599
   https://bugzilla.suse.com/1183678
   https://bugzilla.suse.com/1183897
   https://bugzilla.suse.com/1184804
   https://bugzilla.suse.com/1185727
   https://bugzilla.suse.com/1185762
   https://bugzilla.suse.com/1187167
   https://bugzilla.suse.com/1189126
   https://bugzilla.suse.com/1189158
   https://bugzilla.suse.com/1189305
   https://bugzilla.suse.com/1189841
   https://bugzilla.suse.com/1190317
   https://bugzilla.suse.com/1190358
   https://bugzilla.suse.com/1190428
   https://bugzilla.suse.com/1191229
   https://bugzilla.suse.com/1191384
   https://bugzilla.suse.com/1191731
   https://bugzilla.suse.com/1191876
   https://bugzilla.suse.com/1192032
   https://bugzilla.suse.com/1192145
   https://bugzilla.suse.com/1192267
   https://bugzilla.suse.com/1192740
   https://bugzilla.suse.com/1192845
   https://bugzilla.suse.com/1192847
   https://bugzilla.suse.com/1192866
   https://bugzilla.suse.com/1192877
   https://bugzilla.suse.com/1192946
   https://bugzilla.suse.com/1192974
   https://bugzilla.suse.com/1193231
   https://bugzilla.suse.com/1193306
   https://bugzilla.suse.com/1193318
   https://bugzilla.suse.com/1193440
   https://bugzilla.suse.com/1193442
   https://bugzilla.suse.com/1193575
   https://bugzilla.suse.com/1193731
   https://bugzilla.suse.com/1194087
   https://bugzilla.suse.com/1194094