SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:0764-1
Rating:             important
References:         #1191580 #1192483 #1195701 #1195995 #1196584 
                    
Cross-References:   CVE-2022-0001 CVE-2022-0002
CVSS scores:
                    CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Micro 5.0
                    SUSE Linux Enterprise Module for Realtime 15-SP2
                    SUSE Linux Enterprise Real Time 15-SP2
______________________________________________________________________________

   An update that solves two vulnerabilities and has three
   fixes is now available.

Description:

   The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various
   security and bugfixes.


   Transient execution side-channel attacks attacking the Branch History
   Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch
   History Injection" are now mitigated.

   The following security bugs were fixed:

   - CVE-2022-0001: Fixed Branch History Injection vulnerability
     (bsc#1191580).
   - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability
     (bsc#1191580).

   The following non-security bugs were fixed:

   - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
   - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584).
   - nfsd: allow delegation state ids to be revoked and then freed
     (bsc#1192483).
   - nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
   - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
   - nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
   - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for
     persistent memory" (bsc#1195995 ltc#196394).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Realtime 15-SP2:

      zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2022-764=1

   - SUSE Linux Enterprise Micro 5.0:

      zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-764=1



Package List:

   - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch):

      kernel-devel-rt-5.3.18-76.1
      kernel-source-rt-5.3.18-76.1

   - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64):

      cluster-md-kmp-rt-5.3.18-76.1
      cluster-md-kmp-rt-debuginfo-5.3.18-76.1
      dlm-kmp-rt-5.3.18-76.1
      dlm-kmp-rt-debuginfo-5.3.18-76.1
      gfs2-kmp-rt-5.3.18-76.1
      gfs2-kmp-rt-debuginfo-5.3.18-76.1
      kernel-rt-5.3.18-76.1
      kernel-rt-debuginfo-5.3.18-76.1
      kernel-rt-debugsource-5.3.18-76.1
      kernel-rt-devel-5.3.18-76.1
      kernel-rt-devel-debuginfo-5.3.18-76.1
      kernel-rt_debug-5.3.18-76.1
      kernel-rt_debug-debuginfo-5.3.18-76.1
      kernel-rt_debug-debugsource-5.3.18-76.1
      kernel-rt_debug-devel-5.3.18-76.1
      kernel-rt_debug-devel-debuginfo-5.3.18-76.1
      kernel-syms-rt-5.3.18-76.1
      ocfs2-kmp-rt-5.3.18-76.1
      ocfs2-kmp-rt-debuginfo-5.3.18-76.1

   - SUSE Linux Enterprise Micro 5.0 (x86_64):

      kernel-rt-5.3.18-76.1
      kernel-rt-debuginfo-5.3.18-76.1
      kernel-rt-debugsource-5.3.18-76.1


References:

   https://www.suse.com/security/cve/CVE-2022-0001.html
   https://www.suse.com/security/cve/CVE-2022-0002.html
   https://bugzilla.suse.com/1191580
   https://bugzilla.suse.com/1192483
   https://bugzilla.suse.com/1195701
   https://bugzilla.suse.com/1195995
   https://bugzilla.suse.com/1196584