SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:0759-1
Rating:             important
References:         #1189126 #1191580 #1192483 #1194516 #1195254 
                    #1195286 #1195516 #1195543 #1195612 #1195701 
                    #1195897 #1195905 #1195908 #1195947 #1195949 
                    #1195987 #1195995 #1196079 #1196095 #1196132 
                    #1196155 #1196235 #1196584 #1196601 #1196612 
                    #1196776 SLE-23652 
Cross-References:   CVE-2021-44879 CVE-2022-0001 CVE-2022-0002
                    CVE-2022-0487 CVE-2022-0492 CVE-2022-0516
                    CVE-2022-0617 CVE-2022-0644 CVE-2022-0847
                    CVE-2022-24448 CVE-2022-24958 CVE-2022-24959
                    CVE-2022-25258 CVE-2022-25375
CVSS scores:
                    CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-0487 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-0487 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-0516 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-0847 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-24958 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-24958 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-25258 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-25258 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-25375 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:
                    SUSE Enterprise Storage 7
                    SUSE Linux Enterprise High Availability 15-SP2
                    SUSE Linux Enterprise High Performance Computing 15-SP2
                    SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
                    SUSE Linux Enterprise Micro 5.0
                    SUSE Linux Enterprise Module for Live Patching 15-SP2
                    SUSE Linux Enterprise Realtime Extension 15-SP2
                    SUSE Linux Enterprise Server 15-SP2
                    SUSE Linux Enterprise Server 15-SP2-BCL
                    SUSE Linux Enterprise Server 15-SP2-LTSS
                    SUSE Linux Enterprise Server for SAP 15-SP2
                    SUSE Linux Enterprise Server for SAP Applications 15-SP2
                    SUSE Linux Enterprise Storage 7
                    SUSE Manager Proxy 4.1
                    SUSE Manager Retail Branch Server 4.1
                    SUSE Manager Server 4.1
______________________________________________________________________________

   An update that solves 14 vulnerabilities, contains one
   feature and has 12 fixes is now available.

Description:

   The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various
   security and bugfixes.


   Transient execution side-channel attacks attacking the Branch History
   Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch
   History Injection" are now mitigated.

   The following security bugs were fixed:

   - CVE-2022-0001: Fixed Branch History Injection vulnerability
     (bsc#1191580).
   - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability
     (bsc#1191580).
   - CVE-2022-0847: Fixed a vulnerability were a local attackers could
     overwrite data in arbitrary (read-only) files (bsc#1196584).
   - CVE-2022-0617: Fixed a null pointer dereference in UDF file system
     functionality. A local user could crash the system by triggering
     udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
   - CVE-2022-0644: Fixed a denial of service by a local user. A assertion
     failure could be triggered in kernel_read_file_from_fd() (bsc#1196155).
   - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were
     not considered, which lead to a move_data_page NULL pointer dereference
     (bsc#1195987).
   - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in
     drivers/net/hamradio/yam.c (bsc#1195897).
   - CVE-2022-0487: A use-after-free vulnerability was found in
     rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c
     (bsc#1194516).
   - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1
     release_agent feature, which allowed bypassing namespace isolation
     unexpectedly (bsc#1195543).
   - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets
     the O_DIRECTORY flag, and tries to open a regular file,
     nfs_atomic_open() performs a regular lookup. If a regular file is found,
     ENOTDIR should have occured, but the server instead returned
     uninitialized data in the file descriptor (bsc#1195612).
   - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the
     RNDIS_MSG_SET command. Attackers can obtain sensitive information from
     kernel memory (bsc#1196235).
   - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390
     allows kernel memory read/write (bsc#1195516).
   - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of
     interface OS descriptor requests, which could have lead to memory
     corruption (bsc#1196096).
   - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf
     release (bsc#1195905).

   The following non-security bugs were fixed:

   - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
   - gve: Add RX context (jsc#SLE-23652).
   - gve: Add a jumbo-frame device option (jsc#SLE-23652).
   - gve: Add consumed counts to ethtool stats (jsc#SLE-23652).
   - gve: Add optional metadata descriptor type GVE_TXD_MTD (jsc#SLE-23652).
   - gve: Correct order of processing device options (jsc#SLE-23652).
   - gve: Fix GFP flags when allocing pages (jsc#SLE-23652).
   - gve: Implement packet continuation for RX (jsc#SLE-23652).
   - gve: Implement suspend/resume/shutdown (jsc#SLE-23652).
   - gve: Move the irq db indexes out of the ntfy block struct
     (jsc#SLE-23652).
   - gve: Recording rx queue before sending to napi (jsc#SLE-23652).
   - gve: Update gve_free_queue_page_list signature (jsc#SLE-23652).
   - gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652).
   - gve: fix for null pointer dereference (jsc#SLE-23652).
   - gve: fix the wrong AdminQ buffer queue index check (jsc#SLE-23652).
   - gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652).
   - gve: remove memory barrier around seqno (jsc#SLE-23652).
   - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584).
   - net: tipc: validate domain record count on input (bsc#1195254).
   - nfsd: allow delegation state ids to be revoked and then freed
     (bsc#1192483).
   - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
   - nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
   - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
   - nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
   - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for
     persistent memory" (bsc#1195995 ltc#196394).
   - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
   - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-759=1

   - SUSE Manager Retail Branch Server 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-759=1

   - SUSE Manager Proxy 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-759=1

   - SUSE Linux Enterprise Server for SAP 15-SP2:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-759=1

   - SUSE Linux Enterprise Server 15-SP2-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-759=1

   - SUSE Linux Enterprise Server 15-SP2-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-759=1

   - SUSE Linux Enterprise Realtime Extension 15-SP2:

      zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-759=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-759=1

   - SUSE Linux Enterprise Micro 5.0:

      zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-759=1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-759=1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-759=1

   - SUSE Linux Enterprise High Availability 15-SP2:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-759=1

   - SUSE Enterprise Storage 7:

      zypper in -t patch SUSE-Storage-7-2022-759=1



Package List:

   - SUSE Manager Server 4.1 (ppc64le s390x x86_64):

      kernel-default-5.3.18-24.107.1
      kernel-default-base-5.3.18-24.107.1.9.50.2
      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1
      kernel-default-devel-5.3.18-24.107.1
      kernel-default-devel-debuginfo-5.3.18-24.107.1
      kernel-obs-build-5.3.18-24.107.1
      kernel-obs-build-debugsource-5.3.18-24.107.1
      kernel-syms-5.3.18-24.107.1
      reiserfs-kmp-default-5.3.18-24.107.1
      reiserfs-kmp-default-debuginfo-5.3.18-24.107.1

   - SUSE Manager Server 4.1 (noarch):

      kernel-devel-5.3.18-24.107.1
      kernel-docs-5.3.18-24.107.1
      kernel-macros-5.3.18-24.107.1
      kernel-source-5.3.18-24.107.1

   - SUSE Manager Server 4.1 (x86_64):

      kernel-preempt-5.3.18-24.107.1
      kernel-preempt-debuginfo-5.3.18-24.107.1
      kernel-preempt-debugsource-5.3.18-24.107.1
      kernel-preempt-devel-5.3.18-24.107.1
      kernel-preempt-devel-debuginfo-5.3.18-24.107.1

   - SUSE Manager Retail Branch Server 4.1 (x86_64):

      kernel-default-5.3.18-24.107.1
      kernel-default-base-5.3.18-24.107.1.9.50.2
      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1
      kernel-default-devel-5.3.18-24.107.1
      kernel-default-devel-debuginfo-5.3.18-24.107.1
      kernel-obs-build-5.3.18-24.107.1
      kernel-obs-build-debugsource-5.3.18-24.107.1
      kernel-preempt-5.3.18-24.107.1
      kernel-preempt-debuginfo-5.3.18-24.107.1
      kernel-preempt-debugsource-5.3.18-24.107.1
      kernel-preempt-devel-5.3.18-24.107.1
      kernel-preempt-devel-debuginfo-5.3.18-24.107.1
      kernel-syms-5.3.18-24.107.1
      reiserfs-kmp-default-5.3.18-24.107.1
      reiserfs-kmp-default-debuginfo-5.3.18-24.107.1

   - SUSE Manager Retail Branch Server 4.1 (noarch):

      kernel-devel-5.3.18-24.107.1
      kernel-docs-5.3.18-24.107.1
      kernel-macros-5.3.18-24.107.1
      kernel-source-5.3.18-24.107.1

   - SUSE Manager Proxy 4.1 (noarch):

      kernel-devel-5.3.18-24.107.1
      kernel-docs-5.3.18-24.107.1
      kernel-macros-5.3.18-24.107.1
      kernel-source-5.3.18-24.107.1

   - SUSE Manager Proxy 4.1 (x86_64):

      kernel-default-5.3.18-24.107.1
      kernel-default-base-5.3.18-24.107.1.9.50.2
      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1
      kernel-default-devel-5.3.18-24.107.1
      kernel-default-devel-debuginfo-5.3.18-24.107.1
      kernel-obs-build-5.3.18-24.107.1
      kernel-obs-build-debugsource-5.3.18-24.107.1
      kernel-preempt-5.3.18-24.107.1
      kernel-preempt-debuginfo-5.3.18-24.107.1
      kernel-preempt-debugsource-5.3.18-24.107.1
      kernel-preempt-devel-5.3.18-24.107.1
      kernel-preempt-devel-debuginfo-5.3.18-24.107.1
      kernel-syms-5.3.18-24.107.1
      reiserfs-kmp-default-5.3.18-24.107.1
      reiserfs-kmp-default-debuginfo-5.3.18-24.107.1

   - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):

      kernel-default-5.3.18-24.107.1
      kernel-default-base-5.3.18-24.107.1.9.50.2
      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1
      kernel-default-devel-5.3.18-24.107.1
      kernel-default-devel-debuginfo-5.3.18-24.107.1
      kernel-obs-build-5.3.18-24.107.1
      kernel-obs-build-debugsource-5.3.18-24.107.1
      kernel-syms-5.3.18-24.107.1
      reiserfs-kmp-default-5.3.18-24.107.1
      reiserfs-kmp-default-debuginfo-5.3.18-24.107.1

   - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):

      kernel-preempt-5.3.18-24.107.1
      kernel-preempt-debuginfo-5.3.18-24.107.1
      kernel-preempt-debugsource-5.3.18-24.107.1
      kernel-preempt-devel-5.3.18-24.107.1
      kernel-preempt-devel-debuginfo-5.3.18-24.107.1

   - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):

      kernel-devel-5.3.18-24.107.1
      kernel-docs-5.3.18-24.107.1
      kernel-macros-5.3.18-24.107.1
      kernel-source-5.3.18-24.107.1

   - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):

      kernel-default-5.3.18-24.107.1
      kernel-default-base-5.3.18-24.107.1.9.50.2
      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1
      kernel-default-devel-5.3.18-24.107.1
      kernel-default-devel-debuginfo-5.3.18-24.107.1
      kernel-obs-build-5.3.18-24.107.1
      kernel-obs-build-debugsource-5.3.18-24.107.1
      kernel-syms-5.3.18-24.107.1
      reiserfs-kmp-default-5.3.18-24.107.1
      reiserfs-kmp-default-debuginfo-5.3.18-24.107.1

   - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64):

      kernel-preempt-5.3.18-24.107.1
      kernel-preempt-debuginfo-5.3.18-24.107.1
      kernel-preempt-debugsource-5.3.18-24.107.1
      kernel-preempt-devel-5.3.18-24.107.1
      kernel-preempt-devel-debuginfo-5.3.18-24.107.1

   - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):

      kernel-devel-5.3.18-24.107.1
      kernel-docs-5.3.18-24.107.1
      kernel-macros-5.3.18-24.107.1
      kernel-source-5.3.18-24.107.1

   - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):

      kernel-default-5.3.18-24.107.1
      kernel-default-base-5.3.18-24.107.1.9.50.2
      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1
      kernel-default-devel-5.3.18-24.107.1
      kernel-default-devel-debuginfo-5.3.18-24.107.1
      kernel-obs-build-5.3.18-24.107.1
      kernel-obs-build-debugsource-5.3.18-24.107.1
      kernel-preempt-5.3.18-24.107.1
      kernel-preempt-debuginfo-5.3.18-24.107.1
      kernel-preempt-debugsource-5.3.18-24.107.1
      kernel-preempt-devel-5.3.18-24.107.1
      kernel-preempt-devel-debuginfo-5.3.18-24.107.1
      kernel-syms-5.3.18-24.107.1

   - SUSE Linux Enterprise Server 15-SP2-BCL (noarch):

      kernel-devel-5.3.18-24.107.1
      kernel-docs-5.3.18-24.107.1
      kernel-macros-5.3.18-24.107.1
      kernel-source-5.3.18-24.107.1

   - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch):

      kernel-devel-5.3.18-24.107.1
      kernel-docs-5.3.18-24.107.1
      kernel-macros-5.3.18-24.107.1
      kernel-source-5.3.18-24.107.1

   - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64):

      kernel-default-5.3.18-24.107.1
      kernel-default-base-5.3.18-24.107.1.9.50.2
      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1
      kernel-default-devel-5.3.18-24.107.1
      kernel-default-devel-debuginfo-5.3.18-24.107.1
      kernel-obs-build-5.3.18-24.107.1
      kernel-obs-build-debugsource-5.3.18-24.107.1
      kernel-preempt-5.3.18-24.107.1
      kernel-preempt-debuginfo-5.3.18-24.107.1
      kernel-preempt-debugsource-5.3.18-24.107.1
      kernel-preempt-devel-5.3.18-24.107.1
      kernel-preempt-devel-debuginfo-5.3.18-24.107.1
      kernel-syms-5.3.18-24.107.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1
      kernel-default-livepatch-5.3.18-24.107.1
      kernel-default-livepatch-devel-5.3.18-24.107.1
      kernel-livepatch-5_3_18-24_107-default-1-5.5.1
      kernel-livepatch-5_3_18-24_107-default-debuginfo-1-5.5.1
      kernel-livepatch-SLE15-SP2_Update_25-debugsource-1-5.5.1

   - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64):

      kernel-default-5.3.18-24.107.1
      kernel-default-base-5.3.18-24.107.1.9.50.2
      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):

      kernel-default-5.3.18-24.107.1
      kernel-default-base-5.3.18-24.107.1.9.50.2
      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1
      kernel-default-devel-5.3.18-24.107.1
      kernel-default-devel-debuginfo-5.3.18-24.107.1
      kernel-obs-build-5.3.18-24.107.1
      kernel-obs-build-debugsource-5.3.18-24.107.1
      kernel-preempt-5.3.18-24.107.1
      kernel-preempt-debuginfo-5.3.18-24.107.1
      kernel-preempt-debugsource-5.3.18-24.107.1
      kernel-preempt-devel-5.3.18-24.107.1
      kernel-preempt-devel-debuginfo-5.3.18-24.107.1
      kernel-syms-5.3.18-24.107.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):

      kernel-devel-5.3.18-24.107.1
      kernel-docs-5.3.18-24.107.1
      kernel-macros-5.3.18-24.107.1
      kernel-source-5.3.18-24.107.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):

      kernel-default-5.3.18-24.107.1
      kernel-default-base-5.3.18-24.107.1.9.50.2
      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1
      kernel-default-devel-5.3.18-24.107.1
      kernel-default-devel-debuginfo-5.3.18-24.107.1
      kernel-obs-build-5.3.18-24.107.1
      kernel-obs-build-debugsource-5.3.18-24.107.1
      kernel-preempt-5.3.18-24.107.1
      kernel-preempt-debuginfo-5.3.18-24.107.1
      kernel-preempt-debugsource-5.3.18-24.107.1
      kernel-preempt-devel-5.3.18-24.107.1
      kernel-preempt-devel-debuginfo-5.3.18-24.107.1
      kernel-syms-5.3.18-24.107.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):

      kernel-devel-5.3.18-24.107.1
      kernel-docs-5.3.18-24.107.1
      kernel-macros-5.3.18-24.107.1
      kernel-source-5.3.18-24.107.1

   - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-24.107.1
      cluster-md-kmp-default-debuginfo-5.3.18-24.107.1
      dlm-kmp-default-5.3.18-24.107.1
      dlm-kmp-default-debuginfo-5.3.18-24.107.1
      gfs2-kmp-default-5.3.18-24.107.1
      gfs2-kmp-default-debuginfo-5.3.18-24.107.1
      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1
      ocfs2-kmp-default-5.3.18-24.107.1
      ocfs2-kmp-default-debuginfo-5.3.18-24.107.1

   - SUSE Enterprise Storage 7 (aarch64 x86_64):

      kernel-default-5.3.18-24.107.1
      kernel-default-base-5.3.18-24.107.1.9.50.2
      kernel-default-debuginfo-5.3.18-24.107.1
      kernel-default-debugsource-5.3.18-24.107.1
      kernel-default-devel-5.3.18-24.107.1
      kernel-default-devel-debuginfo-5.3.18-24.107.1
      kernel-obs-build-5.3.18-24.107.1
      kernel-obs-build-debugsource-5.3.18-24.107.1
      kernel-preempt-5.3.18-24.107.1
      kernel-preempt-debuginfo-5.3.18-24.107.1
      kernel-preempt-debugsource-5.3.18-24.107.1
      kernel-preempt-devel-5.3.18-24.107.1
      kernel-preempt-devel-debuginfo-5.3.18-24.107.1
      kernel-syms-5.3.18-24.107.1
      reiserfs-kmp-default-5.3.18-24.107.1
      reiserfs-kmp-default-debuginfo-5.3.18-24.107.1

   - SUSE Enterprise Storage 7 (noarch):

      kernel-devel-5.3.18-24.107.1
      kernel-docs-5.3.18-24.107.1
      kernel-macros-5.3.18-24.107.1
      kernel-source-5.3.18-24.107.1


References:

   https://www.suse.com/security/cve/CVE-2021-44879.html
   https://www.suse.com/security/cve/CVE-2022-0001.html
   https://www.suse.com/security/cve/CVE-2022-0002.html
   https://www.suse.com/security/cve/CVE-2022-0487.html
   https://www.suse.com/security/cve/CVE-2022-0492.html
   https://www.suse.com/security/cve/CVE-2022-0516.html
   https://www.suse.com/security/cve/CVE-2022-0617.html
   https://www.suse.com/security/cve/CVE-2022-0644.html
   https://www.suse.com/security/cve/CVE-2022-0847.html
   https://www.suse.com/security/cve/CVE-2022-24448.html
   https://www.suse.com/security/cve/CVE-2022-24958.html
   https://www.suse.com/security/cve/CVE-2022-24959.html
   https://www.suse.com/security/cve/CVE-2022-25258.html
   https://www.suse.com/security/cve/CVE-2022-25375.html
   https://bugzilla.suse.com/1189126
   https://bugzilla.suse.com/1191580
   https://bugzilla.suse.com/1192483
   https://bugzilla.suse.com/1194516
   https://bugzilla.suse.com/1195254
   https://bugzilla.suse.com/1195286
   https://bugzilla.suse.com/1195516
   https://bugzilla.suse.com/1195543
   https://bugzilla.suse.com/1195612
   https://bugzilla.suse.com/1195701
   https://bugzilla.suse.com/1195897
   https://bugzilla.suse.com/1195905
   https://bugzilla.suse.com/1195908
   https://bugzilla.suse.com/1195947
   https://bugzilla.suse.com/1195949
   https://bugzilla.suse.com/1195987
   https://bugzilla.suse.com/1195995
   https://bugzilla.suse.com/1196079
   https://bugzilla.suse.com/1196095
   https://bugzilla.suse.com/1196132
   https://bugzilla.suse.com/1196155
   https://bugzilla.suse.com/1196235
   https://bugzilla.suse.com/1196584
   https://bugzilla.suse.com/1196601
   https://bugzilla.suse.com/1196612
   https://bugzilla.suse.com/1196776

SUSE: 2022:0759-1 important: the Linux Kernel

March 8, 2022
An update that solves 14 vulnerabilities, contains one feature and has 12 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). The following non-security bugs were fixed: - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - gve: Add RX context (jsc#SLE-23652). - gve: Add a jumbo-frame device option (jsc#SLE-23652). - gve: Add consumed counts to ethtool stats (jsc#SLE-23652). - gve: Add optional metadata descriptor type GVE_TXD_MTD (jsc#SLE-23652). - gve: Correct order of processing device options (jsc#SLE-23652). - gve: Fix GFP flags when allocing pages (jsc#SLE-23652). - gve: Implement packet continuation for RX (jsc#SLE-23652). - gve: Implement suspend/resume/shutdown (jsc#SLE-23652). - gve: Move the irq db indexes out of the ntfy block struct (jsc#SLE-23652). - gve: Recording rx queue before sending to napi (jsc#SLE-23652). - gve: Update gve_free_queue_page_list signature (jsc#SLE-23652). - gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652). - gve: fix for null pointer dereference (jsc#SLE-23652). - gve: fix the wrong AdminQ buffer queue index check (jsc#SLE-23652). - gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652). - gve: remove memory barrier around seqno (jsc#SLE-23652). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - net: tipc: validate domain record count on input (bsc#1195254). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).

References

#1189126 #1191580 #1192483 #1194516 #1195254

#1195286 #1195516 #1195543 #1195612 #1195701

#1195897 #1195905 #1195908 #1195947 #1195949

#1195987 #1195995 #1196079 #1196095 #1196132

#1196155 #1196235 #1196584 #1196601 #1196612

#1196776 SLE-23652

Cross- CVE-2021-44879 CVE-2022-0001 CVE-2022-0002

CVE-2022-0487 CVE-2022-0492 CVE-2022-0516

CVE-2022-0617 CVE-2022-0644 CVE-2022-0847

CVE-2022-24448 CVE-2022-24958 CVE-2022-24959

CVE-2022-25258 CVE-2022-25375

CVSS scores:

CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-0487 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-0487 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-0516 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-0847 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-24958 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-24958 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-25258 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-25258 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-25375 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Availability 15-SP2

SUSE Linux Enterprise High Performance Computing 15-SP2

SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS

SUSE Linux Enterprise Micro 5.0

SUSE Linux Enterprise Module for Live Patching 15-SP2

SUSE Linux Enterprise Realtime Extension 15-SP2

SUSE Linux Enterprise Server 15-SP2

SUSE Linux Enterprise Server 15-SP2-BCL

SUSE Linux Enterprise Server 15-SP2-LTSS

SUSE Linux Enterprise Server for SAP 15-SP2

SUSE Linux Enterprise Server for SAP Applications 15-SP2

SUSE Linux Enterprise Storage 7

SUSE Manager Proxy 4.1

SUSE Manager Retail Branch Server 4.1

SUSE Manager Server 4.1

https://www.suse.com/security/cve/CVE-2021-44879.html

https://www.suse.com/security/cve/CVE-2022-0001.html

https://www.suse.com/security/cve/CVE-2022-0002.html

https://www.suse.com/security/cve/CVE-2022-0487.html

https://www.suse.com/security/cve/CVE-2022-0492.html

https://www.suse.com/security/cve/CVE-2022-0516.html

https://www.suse.com/security/cve/CVE-2022-0617.html

https://www.suse.com/security/cve/CVE-2022-0644.html

https://www.suse.com/security/cve/CVE-2022-0847.html

https://www.suse.com/security/cve/CVE-2022-24448.html

https://www.suse.com/security/cve/CVE-2022-24958.html

https://www.suse.com/security/cve/CVE-2022-24959.html

https://www.suse.com/security/cve/CVE-2022-25258.html

https://www.suse.com/security/cve/CVE-2022-25375.html

https://bugzilla.suse.com/1189126

https://bugzilla.suse.com/1191580

https://bugzilla.suse.com/1192483

https://bugzilla.suse.com/1194516

https://bugzilla.suse.com/1195254

https://bugzilla.suse.com/1195286

https://bugzilla.suse.com/1195516

https://bugzilla.suse.com/1195543

https://bugzilla.suse.com/1195612

https://bugzilla.suse.com/1195701

https://bugzilla.suse.com/1195897

https://bugzilla.suse.com/1195905

https://bugzilla.suse.com/1195908

https://bugzilla.suse.com/1195947

https://bugzilla.suse.com/1195949

https://bugzilla.suse.com/1195987

https://bugzilla.suse.com/1195995

https://bugzilla.suse.com/1196079

https://bugzilla.suse.com/1196095

https://bugzilla.suse.com/1196132

https://bugzilla.suse.com/1196155

https://bugzilla.suse.com/1196235

https://bugzilla.suse.com/1196584

https://bugzilla.suse.com/1196601

https://bugzilla.suse.com/1196612

https://bugzilla.suse.com/1196776

Severity
Announcement ID: SUSE-SU-2022:0759-1
Rating: important

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved