SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:0764-1
Rating: important
References: #1191580 #1192483 #1195701 #1195995 #1196584
Cross-References: CVE-2022-0001 CVE-2022-0002
CVSS scores:
CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise Micro 5.0
SUSE Linux Enterprise Module for Realtime 15-SP2
SUSE Linux Enterprise Real Time 15-SP2
______________________________________________________________________________
An update that solves two vulnerabilities and has three
fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various
security and bugfixes.
Transient execution side-channel attacks attacking the Branch History
Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch
History Injection" are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability
(bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability
(bsc#1191580).
The following non-security bugs were fixed:
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584).
- nfsd: allow delegation state ids to be revoked and then freed
(bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for
persistent memory" (bsc#1195995 ltc#196394).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Realtime 15-SP2:
zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2022-764=1
- SUSE Linux Enterprise Micro 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-764=1
Package List:
- SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch):
kernel-devel-rt-5.3.18-76.1
kernel-source-rt-5.3.18-76.1
- SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64):
cluster-md-kmp-rt-5.3.18-76.1
cluster-md-kmp-rt-debuginfo-5.3.18-76.1
dlm-kmp-rt-5.3.18-76.1
dlm-kmp-rt-debuginfo-5.3.18-76.1
gfs2-kmp-rt-5.3.18-76.1
gfs2-kmp-rt-debuginfo-5.3.18-76.1
kernel-rt-5.3.18-76.1
kernel-rt-debuginfo-5.3.18-76.1
kernel-rt-debugsource-5.3.18-76.1
kernel-rt-devel-5.3.18-76.1
kernel-rt-devel-debuginfo-5.3.18-76.1
kernel-rt_debug-5.3.18-76.1
kernel-rt_debug-debuginfo-5.3.18-76.1
kernel-rt_debug-debugsource-5.3.18-76.1
kernel-rt_debug-devel-5.3.18-76.1
kernel-rt_debug-devel-debuginfo-5.3.18-76.1
kernel-syms-rt-5.3.18-76.1
ocfs2-kmp-rt-5.3.18-76.1
ocfs2-kmp-rt-debuginfo-5.3.18-76.1
- SUSE Linux Enterprise Micro 5.0 (x86_64):
kernel-rt-5.3.18-76.1
kernel-rt-debuginfo-5.3.18-76.1
kernel-rt-debugsource-5.3.18-76.1
References:
https://www.suse.com/security/cve/CVE-2022-0001.html
https://www.suse.com/security/cve/CVE-2022-0002.html
https://bugzilla.suse.com/1191580
https://bugzilla.suse.com/1192483
https://bugzilla.suse.com/1195701
https://bugzilla.suse.com/1195995
https://bugzilla.suse.com/1196584
SUSE: 2022:0764-1 important: the Linux Kernel
March 8, 2022
An update that solves two vulnerabilities and has three fixes is now available
Summary
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). The following non-security bugs were fixed: - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394).
References
#1191580 #1192483 #1195701 #1195995 #1196584
Cross- CVE-2022-0001 CVE-2022-0002
CVSS scores:
CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise Micro 5.0
SUSE Linux Enterprise Module for Realtime 15-SP2
SUSE Linux Enterprise Real Time 15-SP2
https://www.suse.com/security/cve/CVE-2022-0001.html
https://www.suse.com/security/cve/CVE-2022-0002.html
https://bugzilla.suse.com/1191580
https://bugzilla.suse.com/1192483
https://bugzilla.suse.com/1195701
https://bugzilla.suse.com/1195995
https://bugzilla.suse.com/1196584
Severity
Announcement ID: SUSE-SU-2022:0764-1
Rating: important
News
HOWTOs
Features
What You Need to Know about the Sysrv-K Cryptomining Botnet in Less than a Minute
Strengthen Your Linux Endpoint Security & Zero Trust Strategy with Defense-in-Depth & Endpoint Encryption
Call for Contributors with Knowledge of Linux Firewalls!
How To Create a Transparent Proxy through the Tor Network to Protect Your Privacy Online with archtorify & kalitorify
You are Tracked Online - Why? And How To Avoid Being Tracked Online
About Us
Powered By
