SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:0763-1
Rating:             important
References:         #1089644 #1154353 #1157038 #1157923 #1176447 
                    #1176940 #1178134 #1181147 #1181588 #1183872 
                    #1187716 #1188404 #1189126 #1190812 #1190972 
                    #1191580 #1191655 #1191741 #1192210 #1192483 
                    #1193096 #1193233 #1193243 #1193787 #1194163 
                    #1194967 #1195012 #1195081 #1195286 #1195352 
                    #1195378 #1195506 #1195668 #1195701 #1195798 
                    #1195799 #1195823 #1195928 #1195957 #1195995 
                    #1196195 #1196235 #1196339 #1196400 #1196516 
                    #1196584 SLE-20807 SLE-22135 SLE-22494 
Cross-References:   CVE-2022-0001 CVE-2022-0002 CVE-2022-25375
                   
CVSS scores:
                    CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-25375 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Micro 5.1
                    SUSE Linux Enterprise Module for Realtime 15-SP3
                    SUSE Linux Enterprise Real Time 15-SP3
______________________________________________________________________________

   An update that solves three vulnerabilities, contains three
   features and has 43 fixes is now available.

Description:

   The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various
   security and bugfixes.


   Transient execution side-channel attacks attacking the Branch History
   Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch
   History Injection" are now mitigated.

   The following security bugs were fixed:

   - CVE-2022-0001: Fixed Branch History Injection vulnerability
     (bsc#1191580).
   - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability
     (bsc#1191580).
   - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the
     RNDIS_MSG_SET command. Attackers can obtain sensitive information from
     kernel memory (bnc#1196235 ).

   The following non-security bugs were fixed:

   - ACPI/IORT: Check node revision for PMCG resources (git-fixes).
   - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570
     ALC1220 quirks (git-fixes).
   - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
   - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after
     reboot from Windows (git-fixes).
   - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master
     (newer chipset) (git-fixes).
   - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes).
   - ALSA: hda: Fix regression on forced probe mask option (git-fixes).
   - ASoC: Revert "ASoC: mediatek: Check for error clk pointer" (git-fixes).
   - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
     (git-fixes).
   - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
     (git-fixes).
   - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
     (git-fixes).
   - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
     (git-fixes).
   - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
     (git-fixes).
   - Align s390 NVME target options with other architectures (bsc#1188404,
     jsc#SLE-22494). CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_PASSTHRU=y
     CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_RDMA=m
     CONFIG_NVME_TARGET_FC=m CONFIG_NVME_TARGET_FCLOOP=m
     CONFIG_NVME_TARGET_TCP=m
   - EDAC/xgene: Fix deferred probing (bsc#1178134).
   - HID:Add support for UGTABLET WP5540 (git-fixes).
   - IB/cma: Do not send IGMP leaves for sendonly Multicast groups
     (git-fixes).
   - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
   - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674).
   - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
   - PM: hibernate: Remove register_nosave_region_late() (git-fixes).
   - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
   - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147).
   - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147).
   - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
     (git-fixes).
   - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
   - USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
   - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
     (git-fixes).
   - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes).
   - USB: serial: option: add ZTE MF286D modem (git-fixes).
   - ata: libata-core: Disable TRIM on M88V29 (git-fixes).
   - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes).
   - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787).
   - blk-mq: avoid to iterate over stale request (bsc#1193787).
   - blk-mq: clear stale request in tags->rq before freeing one request pool
     (bsc#1193787).
   - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787).
   - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787
     git-fixes).
   - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
   - blk-mq: fix kernel panic during iterating over flush request
     (bsc#1193787 git-fixes).
   - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter
     (bsc#1193787).
   - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787).
   - blk-tag: Hide spin_lock (bsc#1193787).
   - block: avoid double io accounting for flush request (bsc#1193787).
   - block: do not send a rezise udev event for hidden block device
     (bsc#1193096).
   - block: mark flush request as IDLE when it is really finished
     (bsc#1193787).
   - bonding: pair enable_port with slave_arr_updates (git-fixes).
   - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
   - btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
   - btrfs: do not do preemptive flushing if the majority is global rsv
     (bsc#1196195).
   - btrfs: do not include the global rsv size in the preemptive used amount
     (bsc#1196195).
   - btrfs: handle preemptive delalloc flushing slightly differently
     (bsc#1196195).
   - btrfs: make sure SB_I_VERSION does not get unset by remount
     (bsc#1192210).
   - btrfs: only clamp the first time we have to start flushing (bsc#1196195).
   - btrfs: only ignore delalloc if delalloc is much smaller than ordered
     (bsc#1196195).
   - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
   - btrfs: take into account global rsv in need_preemptive_reclaim
     (bsc#1196195).
   - btrfs: use the global rsv size in the preemptive thresh calculation
     (bsc#1196195).
   - ceph: properly put ceph_string reference after async create attempt
     (bsc#1195798).
   - ceph: set pool_ns in new inode layout for async creates (bsc#1195799).
   - drm/amdgpu: fix logic inversion in check (git-fixes).
   - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
   - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
   - drm/i915/opregion: check port number bounds for SWSCI display power
     state (git-fixes).
   - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes).
   - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV
     (git-fixes).
   - drm/panel: simple: Assign data from panel_dpi_probe() correctly
     (git-fixes).
   - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
   - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
     (git-fixes).
   - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes).
   - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes).
   - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
     (git-fixes).
   - ext4: check for inconsistent extents between index and leaf block
     (bsc#1194163 bsc#1196339).
   - ext4: check for out-of-order index extents in
     ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
   - ext4: prevent partial update of the extent blocks (bsc#1194163
     bsc#1196339).
   - gve: Add RX context (bsc#1191655).
   - gve: Add a jumbo-frame device option (bsc#1191655).
   - gve: Add consumed counts to ethtool stats (bsc#1191655).
   - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655).
   - gve: Correct order of processing device options (bsc#1191655).
   - gve: Fix GFP flags when allocing pages (git-fixes).
   - gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
   - gve: Implement packet continuation for RX (bsc#1191655).
   - gve: Implement suspend/resume/shutdown (bsc#1191655).
   - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655).
   - gve: Recording rx queue before sending to napi (bsc#1191655).
   - gve: Recover from queue stall due to missed IRQ (bsc#1191655).
   - gve: Update gve_free_queue_page_list signature (bsc#1191655).
   - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
   - gve: fix for null pointer dereference (bsc#1191655).
   - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940).
   - gve: fix unmatched u64_stats_update_end() (bsc#1191655).
   - gve: remove memory barrier around seqno (bsc#1191655).
   - i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
   - i40e: Fix for failed to init adminq while VF reset (git-fixes).
   - i40e: Fix issue when maximum queues is exceeded (git-fixes).
   - i40e: Fix queues reservation for XDP (git-fixes).
   - i40e: Increase delay to 1 s after global EMP reset (git-fixes).
   - i40e: fix unsigned stat widths (git-fixes).
   - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391).
   - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
   - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391).
   - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391).
   - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668
     ltc#195811).
   - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391).
   - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
   - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391).
   - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391).
   - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).
   - ice: fix IPIP and SIT TSO offload (git-fixes).
   - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
   - ima: Allow template selection with ima_template[_fmt]= after ima_hash     (git-fixes).
   - ima: Do not print policy rule with inactive LSM labels (git-fixes).
   - ima: Remove ima_policy file before directory (git-fixes).
   - integrity: Make function integrity_add_key() static (git-fixes).
   - integrity: check the return value of audit_log_start() (git-fixes).
   - integrity: double check iint_cache was initialized (git-fixes).
   - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes).
   - iommu/amd: Remove useless irq affinity notifier (git-fixes).
   - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes).
   - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume
     (git-fixes).
   - iommu/amd: X2apic mode: re-enable after resume (git-fixes).
   - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask
     (git-fixes).
   - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation
     failure (git-fixes).
   - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes).
   - iommu/iova: Fix race between FQ timeout and teardown (git-fixes).
   - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
     (git-fixes).
   - iwlwifi: fix use-after-free (git-fixes).
   - iwlwifi: pcie: fix locking when "HW not ready" (git-fixes).
   - iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes).
   - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).
   - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972
     LTC#194674).
   - kABI: Fix kABI for AMD IOMMU driver (git-fixes).
   - kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
   - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584).
   - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
   - md/raid5: fix oops during stripe resizing (bsc#1181588).
   - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes).
   - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes).
   - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes).
   - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes).
   - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
     (git-fixes).
   - net/ibmvnic: Cleanup workaround doing an EOI after partition migration
     (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
   - net/mlx5e: Fix handling of wrong devices during bond netevent
     (jsc#SLE-15172).
   - net: macb: Align the dma and coherent dma masks (git-fixes).
   - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447).
   - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
     (git-fixes).
   - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible
     PHYs (git-fixes).
   - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes).
   - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
   - nfp: flower: fix ida_idx not being released (bsc#1154353).
   - nfsd: allow delegation state ids to be revoked and then freed
     (bsc#1192483).
   - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
   - nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
   - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
   - nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
   - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
     (bsc#1195012).
   - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info
     (git-fixes).
   - nvme: do not return an error from nvme_configure_metadata (git-fixes).
   - nvme: let namespace probing continue for unsupported features
     (git-fixes).
   - powerpc/64: Move paca allocation later in boot (bsc#1190812).
   - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038
     bsc#1157923 ltc#182612 git-fixes).
   - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for
     persistent memory" (bsc#1195995 ltc#196394).
   - powerpc/pseries: read the lpar name from the firmware (bsc#1187716
     ltc#193451).
   - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812).
   - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038
     bsc#1157923 ltc#182612 git-fixes).
   - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
   - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes).
   - s390/bpf: Fix optimizing out zero-extensions (git-fixes).
   - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549).
   - s390/cio: verify the driver availability for path_event call
     (bsc#1195928 LTC#196418).
   - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081
     LTC#196088).
   - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit
     (bsc#1195081 LTC#196088).
   - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233
     LTC#195540).
   - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967
     LTC#196028).
   - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135).
   - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816).
   - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135).
   - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135).
   - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h
     (bsc#1195506).
   - scsi: core: Add limitless cmd retry support (bsc#1195506).
   - scsi: core: No retries on abort success (bsc#1195506).
   - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
   - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
   - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
   - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).
   - scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
   - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of
     NVMe queues (bsc#1195823).
   - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823).
   - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
   - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).
   - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX
     adapters (bsc#1195823).
   - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).
   - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).
   - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
   - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
   - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
   - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
   - scsi: qla2xxx: Fix warning message due to adisc being flushed
     (bsc#1195823).
   - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).
   - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
   - scsi: qla2xxx: Refactor asynchronous command initialization
     (bsc#1195823).
   - scsi: qla2xxx: Remove a declaration (bsc#1195823).
   - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t
     (bsc#1195823).
   - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
   - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
     (bsc#1195823).
   - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
   - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
   - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
   - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).
   - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
   - scsi: qla2xxx: edif: Replace list_for_each_safe with
     list_for_each_entry_safe (bsc#1195823).
   - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
   - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL
     (bsc#1195506).
   - scsi: scsi_transport_fc: Add store capability to rport port_state in
     sysfs (bsc#1195506).
   - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).
   - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP
     devices (bsc#1195378 LTC#196244).
   - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL
     (bsc#1195506).
   - staging/fbtft: Fix backlight (git-fixes).
   - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes).
   - tracing: Do not inc err_log entry count if entry allocation fails
     (git-fixes).
   - tracing: Dump stacktrace trigger to the corresponding instance
     (git-fixes).
   - tracing: Fix smatch warning for null glob in event_hist_trigger_parse()
     (git-fixes).
   - tracing: Have traceon and traceoff trigger honor the instance
     (git-fixes).
   - tracing: Propagate is_signed to expression (git-fixes).
   - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
   - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend
     (git-fixes).
   - usb: dwc3: do not set gadget->is_otg flag (git-fixes).
   - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes).
   - usb: f_fs: Fix use-after-free for epfile (git-fixes).
   - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
   - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes).
   - usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
   - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
     (git-fixes).
   - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe()
     (git-fixes).
   - usb: ulpi: Call of_node_put correctly (git-fixes).
   - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Realtime 15-SP3:

      zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-763=1

   - SUSE Linux Enterprise Micro 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-763=1



Package List:

   - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch):

      kernel-devel-rt-5.3.18-150300.79.1
      kernel-source-rt-5.3.18-150300.79.1

   - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64):

      cluster-md-kmp-rt-5.3.18-150300.79.1
      cluster-md-kmp-rt-debuginfo-5.3.18-150300.79.1
      dlm-kmp-rt-5.3.18-150300.79.1
      dlm-kmp-rt-debuginfo-5.3.18-150300.79.1
      gfs2-kmp-rt-5.3.18-150300.79.1
      gfs2-kmp-rt-debuginfo-5.3.18-150300.79.1
      kernel-rt-5.3.18-150300.79.1
      kernel-rt-debuginfo-5.3.18-150300.79.1
      kernel-rt-debugsource-5.3.18-150300.79.1
      kernel-rt-devel-5.3.18-150300.79.1
      kernel-rt-devel-debuginfo-5.3.18-150300.79.1
      kernel-rt_debug-debuginfo-5.3.18-150300.79.1
      kernel-rt_debug-debugsource-5.3.18-150300.79.1
      kernel-rt_debug-devel-5.3.18-150300.79.1
      kernel-rt_debug-devel-debuginfo-5.3.18-150300.79.1
      kernel-syms-rt-5.3.18-150300.79.1
      ocfs2-kmp-rt-5.3.18-150300.79.1
      ocfs2-kmp-rt-debuginfo-5.3.18-150300.79.1

   - SUSE Linux Enterprise Micro 5.1 (x86_64):

      kernel-rt-5.3.18-150300.79.1
      kernel-rt-debuginfo-5.3.18-150300.79.1
      kernel-rt-debugsource-5.3.18-150300.79.1


References:

   https://www.suse.com/security/cve/CVE-2022-0001.html
   https://www.suse.com/security/cve/CVE-2022-0002.html
   https://www.suse.com/security/cve/CVE-2022-25375.html
   https://bugzilla.suse.com/1089644
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1157038
   https://bugzilla.suse.com/1157923
   https://bugzilla.suse.com/1176447
   https://bugzilla.suse.com/1176940
   https://bugzilla.suse.com/1178134
   https://bugzilla.suse.com/1181147
   https://bugzilla.suse.com/1181588
   https://bugzilla.suse.com/1183872
   https://bugzilla.suse.com/1187716
   https://bugzilla.suse.com/1188404
   https://bugzilla.suse.com/1189126
   https://bugzilla.suse.com/1190812
   https://bugzilla.suse.com/1190972
   https://bugzilla.suse.com/1191580
   https://bugzilla.suse.com/1191655
   https://bugzilla.suse.com/1191741
   https://bugzilla.suse.com/1192210
   https://bugzilla.suse.com/1192483
   https://bugzilla.suse.com/1193096
   https://bugzilla.suse.com/1193233
   https://bugzilla.suse.com/1193243
   https://bugzilla.suse.com/1193787
   https://bugzilla.suse.com/1194163
   https://bugzilla.suse.com/1194967
   https://bugzilla.suse.com/1195012
   https://bugzilla.suse.com/1195081
   https://bugzilla.suse.com/1195286
   https://bugzilla.suse.com/1195352
   https://bugzilla.suse.com/1195378
   https://bugzilla.suse.com/1195506
   https://bugzilla.suse.com/1195668
   https://bugzilla.suse.com/1195701
   https://bugzilla.suse.com/1195798
   https://bugzilla.suse.com/1195799
   https://bugzilla.suse.com/1195823
   https://bugzilla.suse.com/1195928
   https://bugzilla.suse.com/1195957
   https://bugzilla.suse.com/1195995
   https://bugzilla.suse.com/1196195
   https://bugzilla.suse.com/1196235
   https://bugzilla.suse.com/1196339
   https://bugzilla.suse.com/1196400
   https://bugzilla.suse.com/1196516
   https://bugzilla.suse.com/1196584

SUSE: 2022:0763-1 important: the Linux Kernel

March 8, 2022
An update that solves three vulnerabilities, contains three features and has 43 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ASoC: Revert "ASoC: mediatek: Check for error clk pointer" (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_PASSTHRU=y CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_RDMA=m CONFIG_NVME_TARGET_FC=m CONFIG_NVME_TARGET_FCLOOP=m CONFIG_NVME_TARGET_TCP=m - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). - iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).

References

#1089644 #1154353 #1157038 #1157923 #1176447

#1176940 #1178134 #1181147 #1181588 #1183872

#1187716 #1188404 #1189126 #1190812 #1190972

#1191580 #1191655 #1191741 #1192210 #1192483

#1193096 #1193233 #1193243 #1193787 #1194163

#1194967 #1195012 #1195081 #1195286 #1195352

#1195378 #1195506 #1195668 #1195701 #1195798

#1195799 #1195823 #1195928 #1195957 #1195995

#1196195 #1196235 #1196339 #1196400 #1196516

#1196584 SLE-20807 SLE-22135 SLE-22494

Cross- CVE-2022-0001 CVE-2022-0002 CVE-2022-25375

CVSS scores:

CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-25375 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Module for Realtime 15-SP3

SUSE Linux Enterprise Real Time 15-SP3

https://www.suse.com/security/cve/CVE-2022-0001.html

https://www.suse.com/security/cve/CVE-2022-0002.html

https://www.suse.com/security/cve/CVE-2022-25375.html

https://bugzilla.suse.com/1089644

https://bugzilla.suse.com/1154353

https://bugzilla.suse.com/1157038

https://bugzilla.suse.com/1157923

https://bugzilla.suse.com/1176447

https://bugzilla.suse.com/1176940

https://bugzilla.suse.com/1178134

https://bugzilla.suse.com/1181147

https://bugzilla.suse.com/1181588

https://bugzilla.suse.com/1183872

https://bugzilla.suse.com/1187716

https://bugzilla.suse.com/1188404

https://bugzilla.suse.com/1189126

https://bugzilla.suse.com/1190812

https://bugzilla.suse.com/1190972

https://bugzilla.suse.com/1191580

https://bugzilla.suse.com/1191655

https://bugzilla.suse.com/1191741

https://bugzilla.suse.com/1192210

https://bugzilla.suse.com/1192483

https://bugzilla.suse.com/1193096

https://bugzilla.suse.com/1193233

https://bugzilla.suse.com/1193243

https://bugzilla.suse.com/1193787

https://bugzilla.suse.com/1194163

https://bugzilla.suse.com/1194967

https://bugzilla.suse.com/1195012

https://bugzilla.suse.com/1195081

https://bugzilla.suse.com/1195286

https://bugzilla.suse.com/1195352

https://bugzilla.suse.com/1195378

https://bugzilla.suse.com/1195506

https://bugzilla.suse.com/1195668

https://bugzilla.suse.com/1195701

https://bugzilla.suse.com/1195798

https://bugzilla.suse.com/1195799

https://bugzilla.suse.com/1195823

https://bugzilla.suse.com/1195928

https://bugzilla.suse.com/1195957

https://bugzilla.suse.com/1195995

https://bugzilla.suse.com/1196195

https://bugzilla.suse.com/1196235

https://bugzilla.suse.com/1196339

https://bugzilla.suse.com/1196400

https://bugzilla.suse.com/1196516

https://bugzilla.suse.com/1196584

Severity
Announcement ID: SUSE-SU-2022:0763-1
Rating: important

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved