SUSE Security Update: Security update for the Linux RT Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:0544-1
Rating:             critical
References:         #1177599 #1183405 #1185377 #1187428 #1188605 
                    #1193096 #1193506 #1193861 #1193864 #1193867 
                    #1194048 #1194227 #1194880 #1195009 #1195065 
                    #1195184 #1195254 
Cross-References:   CVE-2021-22600 CVE-2021-39648 CVE-2021-39657
                    CVE-2021-45095 CVE-2022-0330 CVE-2022-22942
                   
CVSS scores:
                    CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Micro 5.0
                    SUSE Linux Enterprise Module for Realtime 15-SP2
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has 11 fixes is
   now available.

Description:


   The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that
     validate domain record count on input (bsc#1195254).
   - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in
     net/phonet/pep.c (bnc#1193867).
   - CVE-2022-22942: Fixed stale file descriptors on failed usercopy
     (bsc#1195065).
   - CVE-2021-22600: Fixed double free bug in packet_set_ring() in
     net/packet/af_packet.c that could have been exploited by a local user
     through crafted syscalls to escalate privileges or deny service
     (bnc#1195184).
   - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check
     in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local
     information disclosure with System execution privileges needed
     (bnc#1193864).
   - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a
     race condition in gadget_dev_desc_UDC_show of configfs.c. This could
     lead to local information disclosure with System execution privileges
     needed. User interaction is not needed for exploitation (bnc#1193861).
   - CVE-2022-0330: Fixed flush TLBs before releasing backing store
     (bsc#1194880).


   The following non-security bugs were fixed:

   - bpf: Verifer, adjust_scalar_min_max_vals to always call
     update_reg_bounds() (bsc#1194227).
   - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check
     (bsc#1195009).
   - btrfs: tree-checker: annotate all error branches as unlikely
     (bsc#1195009).
   - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set
     improperly (bsc#1195009).
   - hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
   - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
   - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).
   - net: allow retransmitting a TCP packet if original is still in queue
     (bsc#1188605 bsc#1187428).
   - net: mana: Add RX fencing (bsc#1193506).
   - net: mana: Add XDP support (bsc#1193506).
   - net: sch_generic: aviod concurrent reset and enqueue op for lockless
     qdisc (bsc#1183405).
   - net: sched: add barrier to ensure correct ordering for lockless qdisc
     (bsc#1183405).
   - net: sched: avoid unnecessary seqcount operation for lockless qdisc
     (bsc#1183405).
   - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).
   - net: sched: fix tx action reschedule issue with stopped queue
     (bsc#1183405).
   - net: sched: fix tx action rescheduling issue during deactivation
     (bsc#1183405).
   - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace
     (bsc#1183405).
   - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405).
   - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405).
   - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405).
   - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
   - xfrm: fix MTU regression (bsc#1185377, bsc#1194048).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Realtime 15-SP2:

      zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2022-544=1

   - SUSE Linux Enterprise Micro 5.0:

      zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-544=1



Package List:

   - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64):

      cluster-md-kmp-rt-5.3.18-73.1
      cluster-md-kmp-rt-debuginfo-5.3.18-73.1
      dlm-kmp-rt-5.3.18-73.1
      dlm-kmp-rt-debuginfo-5.3.18-73.1
      gfs2-kmp-rt-5.3.18-73.1
      gfs2-kmp-rt-debuginfo-5.3.18-73.1
      kernel-rt-5.3.18-73.1
      kernel-rt-debuginfo-5.3.18-73.1
      kernel-rt-debugsource-5.3.18-73.1
      kernel-rt-devel-5.3.18-73.1
      kernel-rt-devel-debuginfo-5.3.18-73.1
      kernel-rt_debug-5.3.18-73.1
      kernel-rt_debug-debuginfo-5.3.18-73.1
      kernel-rt_debug-debugsource-5.3.18-73.1
      kernel-rt_debug-devel-5.3.18-73.1
      kernel-rt_debug-devel-debuginfo-5.3.18-73.1
      kernel-syms-rt-5.3.18-73.1
      ocfs2-kmp-rt-5.3.18-73.1
      ocfs2-kmp-rt-debuginfo-5.3.18-73.1

   - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch):

      kernel-devel-rt-5.3.18-73.1
      kernel-source-rt-5.3.18-73.1

   - SUSE Linux Enterprise Micro 5.0 (x86_64):

      kernel-rt-5.3.18-73.1
      kernel-rt-debuginfo-5.3.18-73.1
      kernel-rt-debugsource-5.3.18-73.1


References:

   https://www.suse.com/security/cve/CVE-2021-22600.html
   https://www.suse.com/security/cve/CVE-2021-39648.html
   https://www.suse.com/security/cve/CVE-2021-39657.html
   https://www.suse.com/security/cve/CVE-2021-45095.html
   https://www.suse.com/security/cve/CVE-2022-0330.html
   https://www.suse.com/security/cve/CVE-2022-22942.html
   https://bugzilla.suse.com/1177599
   https://bugzilla.suse.com/1183405
   https://bugzilla.suse.com/1185377
   https://bugzilla.suse.com/1187428
   https://bugzilla.suse.com/1188605
   https://bugzilla.suse.com/1193096
   https://bugzilla.suse.com/1193506
   https://bugzilla.suse.com/1193861
   https://bugzilla.suse.com/1193864
   https://bugzilla.suse.com/1193867
   https://bugzilla.suse.com/1194048
   https://bugzilla.suse.com/1194227
   https://bugzilla.suse.com/1194880
   https://bugzilla.suse.com/1195009
   https://bugzilla.suse.com/1195065
   https://bugzilla.suse.com/1195184
   https://bugzilla.suse.com/1195254

SUSE: 2022:0544-1 critical: the Linux RT Kernel

February 21, 2022
An update that solves 6 vulnerabilities and has 11 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048).

References

#1177599 #1183405 #1185377 #1187428 #1188605

#1193096 #1193506 #1193861 #1193864 #1193867

#1194048 #1194227 #1194880 #1195009 #1195065

#1195184 #1195254

Cross- CVE-2021-22600 CVE-2021-39648 CVE-2021-39657

CVE-2021-45095 CVE-2022-0330 CVE-2022-22942

CVSS scores:

CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Micro 5.0

SUSE Linux Enterprise Module for Realtime 15-SP2

https://www.suse.com/security/cve/CVE-2021-22600.html

https://www.suse.com/security/cve/CVE-2021-39648.html

https://www.suse.com/security/cve/CVE-2021-39657.html

https://www.suse.com/security/cve/CVE-2021-45095.html

https://www.suse.com/security/cve/CVE-2022-0330.html

https://www.suse.com/security/cve/CVE-2022-22942.html

https://bugzilla.suse.com/1177599

https://bugzilla.suse.com/1183405

https://bugzilla.suse.com/1185377

https://bugzilla.suse.com/1187428

https://bugzilla.suse.com/1188605

https://bugzilla.suse.com/1193096

https://bugzilla.suse.com/1193506

https://bugzilla.suse.com/1193861

https://bugzilla.suse.com/1193864

https://bugzilla.suse.com/1193867

https://bugzilla.suse.com/1194048

https://bugzilla.suse.com/1194227

https://bugzilla.suse.com/1194880

https://bugzilla.suse.com/1195009

https://bugzilla.suse.com/1195065

https://bugzilla.suse.com/1195184

https://bugzilla.suse.com/1195254

Severity
Announcement ID: SUSE-SU-2022:0544-1
Rating: critical

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved