SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:0363-1
Rating:             critical
References:         #1154353 #1154488 #1160634 #1176447 #1177599 
                    #1183405 #1185377 #1187428 #1187723 #1188605 
                    #1191881 #1193096 #1193506 #1193767 #1193802 
                    #1193861 #1193864 #1193867 #1194048 #1194227 
                    #1194291 #1194880 #1195009 #1195062 #1195065 
                    #1195073 #1195183 #1195184 #1195254 #1195267 
                    #1195293 #1195371 
Cross-References:   CVE-2020-28097 CVE-2021-22600 CVE-2021-39648
                    CVE-2021-39657 CVE-2021-39685 CVE-2021-4159
                    CVE-2021-44733 CVE-2021-45095 CVE-2022-0286
                    CVE-2022-0330 CVE-2022-0435 CVE-2022-22942
                   
CVSS scores:
                    CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-39685 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-4159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
                    CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-0286 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-0286 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise High Performance Computing 15-SP3
                    SUSE Linux Enterprise Module for Public Cloud 15-SP3
                    SUSE Linux Enterprise Server 15-SP3
                    SUSE Linux Enterprise Server for SAP Applications 15-SP3
                    SUSE Manager Proxy 4.2
                    SUSE Manager Server 4.2
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 20 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that
     validate domain record count on input (bsc#1195254).
   - CVE-2022-0330: Fixed flush TLBs before releasing backing store
     (bsc#1194880).
   - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa()
     that may have lead to local denial of service (bnc#1195371).
   - CVE-2022-22942: Fixed stale file descriptors on failed usercopy
     (bsc#1195065).
   - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in
     net/phonet/pep.c (bnc#1193867).
   - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c
     in the TEE subsystem, that could have occured because of a race
     condition in tee_shm_get_from_id during an attempt to free a shared
     memory object (bnc#1193767).
   - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check
     in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local
     information disclosure with System execution privileges needed
     (bnc#1193864).
   - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a
     race condition in gadget_dev_desc_UDC_show of configfs.c. This could
     lead to local information disclosure with System execution privileges
     needed. User interaction is not needed for exploitation (bnc#1193861).
   - CVE-2021-22600: Fixed double free bug in packet_set_ring() in
     net/packet/af_packet.c that could have been exploited by a local user
     through crafted syscalls to escalate privileges or deny service
     (bnc#1195184).
   - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that
     mishandled software scrollback (bnc#1187723).
   - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in
     coerce_reg_to_size (bsc#1194227).


   The following security references were added to already fixed issues:

   - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large
     endpoint 0 requests (bsc#1193802).


   The following non-security bugs were fixed:

   - ACPI: battery: Add the ThinkPad "Not Charging" quirk (git-fixes).
   - ACPICA: Executer: Fix the REFCLASS_REFOF case in
     acpi_ex_opcode_1A_0T_1R() (git-fixes).
   - ACPICA: Fix wrong interpretation of PCC address (git-fixes).
   - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
     (git-fixes).
   - ACPICA: Utilities: Avoid deleting the same object twice in a row
     (git-fixes).
   - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes).
   - ALSA: seq: Set upper limit of processed events (git-fixes).
   - ASoC: mediatek: mt8173: fix device_node leak (git-fixes).
   - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes).
   - Documentation: fix firewire.rst ABI file path error (git-fixes).
   - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes).
   - HID: quirks: Allow inverting the absolute X/Y values (git-fixes).
   - HID: uhid: Fix worker destroying device without any protection
     (git-fixes).
   - HID: wacom: Reset expected and received contact counts at the same time
     (git-fixes).
   - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
     (git-fixes).
   - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).
   - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).
   - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
     (git-fixes).
   - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).
   - asix: fix wrong return value in asix_check_host_enable() (git-fixes).
   - ata: pata_platform: Fix a NULL pointer dereference in
     __pata_platform_probe() (git-fixes).
   - ath10k: Fix tx hanging (git-fixes).
   - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes).
   - batman-adv: allow netlink usage in unprivileged containers (git-fixes).
   - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check
     (bsc#1195009).
   - btrfs: tree-checker: annotate all error branches as unlikely
     (bsc#1195009).
   - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set
     improperly (bsc#1195009).
   - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).
   - clk: si5341: Fix clock HW provider cleanup (git-fixes).
   - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes).
   - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).
   - drm/bridge: megachips: Ensure both bridges are probed before
     registration (git-fixes).
   - drm/etnaviv: limit submit sizes (git-fixes).
   - drm/etnaviv: relax submit size limits (git-fixes).
   - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
     (git-fixes).
   - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes).
   - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes).
   - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
     (git-fixes).
   - drm/msm: Fix wrong size calculation (git-fixes).
   - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).
   - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
     (git-fixes).
   - drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes).
   - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
     (git-fixes).
   - ext4: set csum seed in tmp inode while migrating to extents
     (bsc#1195267).
   - floppy: Add max size check for user space request (git-fixes).
   - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes).
   - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
     (git-fixes).
   - hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
   - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes).
   - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes).
   - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).
   - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).
   - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes).
   - i2c: designware-pci: Fix to change data types of hcnt and lcnt
     parameters (git-fixes).
   - i2c: i801: Do not silently correct invalid transfer size (git-fixes).
   - i2c: mpc: Correct I2C reset procedure (git-fixes).
   - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713).
   - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).
   - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713).
   - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713).
   - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713).
   - ibmvnic: remove unused defines (bsc#1195293 ltc#196198).
   - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634).
   - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes).
   - iwlwifi: mvm: Fix calculation of frame length (git-fixes).
   - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes).
   - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes).
   - iwlwifi: remove module loading failure message (git-fixes).
   - lib82596: Fix IRQ check in sni_82596_probe (git-fixes).
   - lightnvm: Remove lightnvm implemenation (bsc#1191881).
   - mac80211: allow non-standard VHT MCS-10/11 (git-fixes).
   - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
   - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
     (git-fixes).
   - media: igorplugusb: receiver overflow should be reported (git-fixes).
   - media: m920x: do not use stack on USB reads (git-fixes).
   - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in
     hexium_attach() (git-fixes).
   - media: saa7146: hexium_orion: Fix a NULL pointer dereference in
     hexium_attach() (git-fixes).
   - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds
     (git-fixes).
   - mlxsw: Only advertise link modes supported by both driver and device
     (bsc#1154488).
   - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes).
   - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes).
   - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
     (git-fixes).
   - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
     (git-fixes).
   - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
   - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).
   - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering
     (jsc#SLE-8464).
   - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).
   - net/mlx5e: Protect encap route dev from concurrent release
     (jsc#SLE-8464).
   - net: allow retransmitting a TCP packet if original is still in queue
     (bsc#1188605 bsc#1187428).
   - net: bonding: fix bond_xmit_broadcast return value error bug
     (bsc#1176447).
   - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447).
   - net: bridge: vlan: fix single net device option dumping (bsc#1176447).
   - net: mana: Add RX fencing (bsc#1193506).
   - net: mana: Add XDP support (bsc#1193506).
   - net: sch_generic: aviod concurrent reset and enqueue op for lockless
     qdisc (bsc#1183405).
   - net: sched: add barrier to ensure correct ordering for lockless qdisc
     (bsc#1183405).
   - net: sched: avoid unnecessary seqcount operation for lockless qdisc
     (bsc#1183405).
   - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).
   - net: sched: fix tx action reschedule issue with stopped queue
     (bsc#1183405).
   - net: sched: fix tx action rescheduling issue during deactivation
     (bsc#1183405).
   - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace
     (bsc#1183405).
   - net: sfp: fix high power modules without diagnostic monitoring
     (bsc#1154353).
   - netdevsim: set .owner to THIS_MODULE (bsc#1154353).
   - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed
     bind() (git-fixes).
   - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
   - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
     (git-fixes).
   - phylib: fix potential use-after-free (git-fixes).
   - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes).
   - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).
   - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs
     entry (bsc#1195183 ltc#193865).
   - regulator: qcom_smd: Align probe function with rpmh-regulator
     (git-fixes).
   - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes).
   - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes
     (sched/fair)).
   - sched/numa: Fix is_core_idle() (git fixes (sched/numa)).
   - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes).
   - serial: 8250: of: Fix mapped region size when using reg-offset property
     (git-fixes).
   - serial: Fix incorrect rs485 polarity on uart open (git-fixes).
   - serial: amba-pl011: do not request memory region twice (git-fixes).
   - serial: core: Keep mctrl register state and cached copy in sync
     (git-fixes).
   - serial: pl010: Drop CR register reset on set_termios (git-fixes).
   - serial: stm32: fix software flow control transfer (git-fixes).
   - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)
   - tty: n_gsm: fix SW flow control encoding/handling (git-fixes).
   - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).
   - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
   - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes).
   - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
     (git-fixes).
   - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
     (git-fixes).
   - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes).
   - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).
   - usb: uhci: add aspeed ast2600 uhci support (git-fixes).
   - vfio/iommu_type1: replace kfree with kvfree (git-fixes).
   - video: hyperv_fb: Fix validation of screen resolution (git-fixes).
   - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353).
   - workqueue: Fix unbind_workers() VS wq_worker_running() race
     (bsc#1195062).
   - x86/gpu: Reserve stolen memory for first integrated Intel GPU
     (git-fixes).
   - xfrm: fix MTU regression (bsc#1185377, bsc#1194048).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-363=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):

      kernel-devel-azure-5.3.18-150300.38.40.4
      kernel-source-azure-5.3.18-150300.38.40.4

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):

      kernel-azure-5.3.18-150300.38.40.4
      kernel-azure-debuginfo-5.3.18-150300.38.40.4
      kernel-azure-debugsource-5.3.18-150300.38.40.4
      kernel-azure-devel-5.3.18-150300.38.40.4
      kernel-azure-devel-debuginfo-5.3.18-150300.38.40.4
      kernel-syms-azure-5.3.18-150300.38.40.1


References:

   https://www.suse.com/security/cve/CVE-2020-28097.html
   https://www.suse.com/security/cve/CVE-2021-22600.html
   https://www.suse.com/security/cve/CVE-2021-39648.html
   https://www.suse.com/security/cve/CVE-2021-39657.html
   https://www.suse.com/security/cve/CVE-2021-39685.html
   https://www.suse.com/security/cve/CVE-2021-4159.html
   https://www.suse.com/security/cve/CVE-2021-44733.html
   https://www.suse.com/security/cve/CVE-2021-45095.html
   https://www.suse.com/security/cve/CVE-2022-0286.html
   https://www.suse.com/security/cve/CVE-2022-0330.html
   https://www.suse.com/security/cve/CVE-2022-0435.html
   https://www.suse.com/security/cve/CVE-2022-22942.html
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1154488
   https://bugzilla.suse.com/1160634
   https://bugzilla.suse.com/1176447
   https://bugzilla.suse.com/1177599
   https://bugzilla.suse.com/1183405
   https://bugzilla.suse.com/1185377
   https://bugzilla.suse.com/1187428
   https://bugzilla.suse.com/1187723
   https://bugzilla.suse.com/1188605
   https://bugzilla.suse.com/1191881
   https://bugzilla.suse.com/1193096
   https://bugzilla.suse.com/1193506
   https://bugzilla.suse.com/1193767
   https://bugzilla.suse.com/1193802
   https://bugzilla.suse.com/1193861
   https://bugzilla.suse.com/1193864
   https://bugzilla.suse.com/1193867
   https://bugzilla.suse.com/1194048
   https://bugzilla.suse.com/1194227
   https://bugzilla.suse.com/1194291
   https://bugzilla.suse.com/1194880
   https://bugzilla.suse.com/1195009
   https://bugzilla.suse.com/1195062
   https://bugzilla.suse.com/1195065
   https://bugzilla.suse.com/1195073
   https://bugzilla.suse.com/1195183
   https://bugzilla.suse.com/1195184
   https://bugzilla.suse.com/1195254
   https://bugzilla.suse.com/1195267
   https://bugzilla.suse.com/1195293
   https://bugzilla.suse.com/1195371

SUSE: 2022:0363-1 critical: the Linux Kernel

February 10, 2022
An update that solves 12 vulnerabilities and has 20 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). The following security references were added to already fixed issues: - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad "Not Charging" quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048).

References

#1154353 #1154488 #1160634 #1176447 #1177599

#1183405 #1185377 #1187428 #1187723 #1188605

#1191881 #1193096 #1193506 #1193767 #1193802

#1193861 #1193864 #1193867 #1194048 #1194227

#1194291 #1194880 #1195009 #1195062 #1195065

#1195073 #1195183 #1195184 #1195254 #1195267

#1195293 #1195371

Cross- CVE-2020-28097 CVE-2021-22600 CVE-2021-39648

CVE-2021-39657 CVE-2021-39685 CVE-2021-4159

CVE-2021-44733 CVE-2021-45095 CVE-2022-0286

CVE-2022-0330 CVE-2022-0435 CVE-2022-22942

CVSS scores:

CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2021-39685 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-4159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE-2022-0286 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-0286 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise High Performance Computing 15-SP3

SUSE Linux Enterprise Module for Public Cloud 15-SP3

SUSE Linux Enterprise Server 15-SP3

SUSE Linux Enterprise Server for SAP Applications 15-SP3

SUSE Manager Proxy 4.2

SUSE Manager Server 4.2

https://www.suse.com/security/cve/CVE-2020-28097.html

https://www.suse.com/security/cve/CVE-2021-22600.html

https://www.suse.com/security/cve/CVE-2021-39648.html

https://www.suse.com/security/cve/CVE-2021-39657.html

https://www.suse.com/security/cve/CVE-2021-39685.html

https://www.suse.com/security/cve/CVE-2021-4159.html

https://www.suse.com/security/cve/CVE-2021-44733.html

https://www.suse.com/security/cve/CVE-2021-45095.html

https://www.suse.com/security/cve/CVE-2022-0286.html

https://www.suse.com/security/cve/CVE-2022-0330.html

https://www.suse.com/security/cve/CVE-2022-0435.html

https://www.suse.com/security/cve/CVE-2022-22942.html

https://bugzilla.suse.com/1154353

https://bugzilla.suse.com/1154488

https://bugzilla.suse.com/1160634

https://bugzilla.suse.com/1176447

https://bugzilla.suse.com/1177599

https://bugzilla.suse.com/1183405

https://bugzilla.suse.com/1185377

https://bugzilla.suse.com/1187428

https://bugzilla.suse.com/1187723

https://bugzilla.suse.com/1188605

https://bugzilla.suse.com/1191881

https://bugzilla.suse.com/1193096

https://bugzilla.suse.com/1193506

https://bugzilla.suse.com/1193767

https://bugzilla.suse.com/1193802

https://bugzilla.suse.com/1193861

https://bugzilla.suse.com/1193864

https://bugzilla.suse.com/1193867

https://bugzilla.suse.com/1194048

https://bugzilla.suse.com/1194227

https://bugzilla.suse.com/1194291

https://bugzilla.suse.com/1194880

https://bugzilla.suse.com/1195009

https://bugzilla.suse.com/1195062

https://bugzilla.suse.com/1195065

https://bugzilla.suse.com/1195073

https://bugzilla.suse.com/1195183

https://bugzilla.suse.com/1195184

https://bugzilla.suse.com/1195254

https://bugzilla.suse.com/1195267

https://bugzilla.suse.com/1195293

https://bugzilla.suse.com/1195371

Severity
Announcement ID: SUSE-SU-2022:0363-1
Rating: critical

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved