SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:0765-1
Rating:             important
References:         #1046306 #1050244 #1089644 #1094978 #1097583 
                    #1097584 #1097585 #1097586 #1097587 #1097588 
                    #1101674 #1101816 #1103991 #1109837 #1111981 
                    #1112374 #1114648 #1114685 #1114893 #1117495 
                    #1118661 #1119113 #1136460 #1136461 #1157038 
                    #1157923 #1158533 #1174852 #1185377 #1185973 
                    #1187716 #1189126 #1191271 #1191580 #1191655 
                    #1193857 #1193867 #1194048 #1194516 #1195080 
                    #1195377 #1195536 #1195543 #1195612 #1195638 
                    #1195795 #1195823 #1195840 #1195897 #1195908 
                    #1195934 #1195949 #1195987 #1195995 #1196079 
                    #1196155 #1196400 #1196516 #1196584 #1196612 
                    SLE-20809 
Cross-References:   CVE-2021-44879 CVE-2021-45095 CVE-2022-0001
                    CVE-2022-0002 CVE-2022-0487 CVE-2022-0492
                    CVE-2022-0617 CVE-2022-0644 CVE-2022-24448
                    CVE-2022-24959
CVSS scores:
                    CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-0487 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-0487 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that solves 10 vulnerabilities, contains one
   feature and has 50 fixes is now available.

Description:

   The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive
   various security and bugfixes.


   Transient execution side-channel attacks attacking the Branch History
   Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch
   History Injection" are now mitigated.

   The following security bugs were fixed:

   - CVE-2022-0001: Fixed Branch History Injection vulnerability
     (bsc#1191580).
   - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability
     (bsc#1191580).
   - CVE-2022-0617: Fixed a null pointer dereference in UDF file system
     functionality. A local user could crash the system by triggering
     udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
   - CVE-2022-0644: Fixed a denial of service by a local user. A assertion
     failure could be triggered in kernel_read_file_from_fd() (bsc#1196155).
   - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were
     not considered, which lead to a move_data_page NULL pointer dereference
     (bsc#1195987).
   - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in
     drivers/net/hamradio/yam.c (bsc#1195897).
   - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in
     net/phonet/pep.c (bsc#1193867).
   - CVE-2022-0487: A use-after-free vulnerability was found in
     rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c
     (bsc#1194516).
   - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1
     release_agent feature, which allowed bypassing namespace isolation
     unexpectedly (bsc#1195543).
   - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets
     the O_DIRECTORY flag, and tries to open a regular file,
     nfs_atomic_open() performs a regular lookup. If a regular file is found,
     ENOTDIR should have occured, but the server instead returned
     uninitialized data in the file descriptor (bsc#1195612).

   The following non-security bugs were fixed:

   - Bluetooth: bfusb: fix division by zero in send path (git-fixes).
   - Bluetooth: fix the erroneous flush_work() order (git-fixes).
   - EDAC/xgene: Fix deferred probing (bsc#1114648).
   - IB/rdmavt: Validate remote_addr during loopback atomic tests
     (bsc#1114685).
   - NFSv4.x: by default serialize open/close operations (bsc#1114893
     bsc#1195934). Make this work-around optional
   - NFSv42: Do not fail clone() unless the OP_CLONE operation failed
     (git-fixes).
   - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes).
   - NFSv4: Handle case where the lookup of a directory fails (git-fixes).
   - NFSv4: nfs_atomic_open() can race when looking up a non-regular file
     (git-fixes).
   - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
     (git-fixes).
   - RDMA/bnxt_re: Fix query SRQ failure (bsc#1050244).
   - RDMA/mlx5: Set user priority for DCT (bsc#1103991).
   - RDMA/netlink: Add __maybe_unused to static inline in C file
     (bsc#1046306).
   - Replace with an alternative fix for bsc#1185377
   - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840).
   - cxgb4: fix eeprom len when diagnostics not implemented (bsc#1097585
     bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584).
   - e1000e: Fix packet loss on Tiger Lake and later (bsc#1158533).
   - ext4: avoid trim error on fs with small groups (bsc#1191271).
   - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1195795).
   - gve: Add RX context (bsc#1191655).
   - gve: Add a jumbo-frame device option (bsc#1191655).
   - gve: Add consumed counts to ethtool stats (bsc#1191655).
   - gve: Add netif_set_xps_queue call (bsc#1191655).
   - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655).
   - gve: Add rx buffer pagecnt bias (bsc#1191655).
   - gve: Allow pageflips on larger pages (bsc#1191655).
   - gve: Avoid freeing NULL pointer (bsc#1191655).
   - gve: Correct available tx qpl check (bsc#1191655).
   - gve: Correct order of processing device options (bsc#1191655).
   - gve: DQO: avoid unused variable warnings (bsc#1191655).
   - gve: Do lazy cleanup in TX path (bsc#1191655).
   - gve: Fix GFP flags when allocing pages (bsc#1191655).
   - gve: Implement packet continuation for RX (bsc#1191655).
   - gve: Implement suspend/resume/shutdown (bsc#1191655).
   - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655).
   - gve: Properly handle errors in gve_assign_qpl (bsc#1191655).
   - gve: Recording rx queue before sending to napi (bsc#1191655).
   - gve: Switch to use napi_complete_done (bsc#1191655).
   - gve: Track RX buffer allocation failures (bsc#1191655).
   - gve: Update gve_free_queue_page_list signature (bsc#1191655).
   - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
   - gve: fix for null pointer dereference (bsc#1191655).
   - gve: fix gve_get_stats() (bsc#1191655).
   - gve: fix the wrong AdminQ buffer queue index check (bsc#1191655).
   - gve: fix unmatched u64_stats_update_end() (bsc#1191655).
   - gve: remove memory barrier around seqno (bsc#1191655).
   - gve: report 64bit tx_bytes counter from gve_handle_report_stats()
     (bsc#1191655).
   - i40e: Fix changing previously set num_queue_pairs for PFs (bsc#1094978).
   - i40e: Fix correct max_pkt_size on VF RX queue (bsc#1101816 ).
   - i40e: Fix creation of first queue by omitting it if is not power of two
     (bsc#1101816).
   - i40e: Fix display error code in dmesg (bsc#1109837 bsc#1111981 ).
   - i40e: Fix for displaying message regarding NVM version (jsc#SLE-4797).
   - i40e: Fix freeing of uninitialized misc IRQ vector (bsc#1101816 ).
   - i40e: Fix ping is lost after configuring ADq on VF (bsc#1094978).
   - i40e: Fix pre-set max number of queues for VF (bsc#1111981 ).
   - i40e: Increase delay to 1 s after global EMP reset (bsc#1101816 ).
   - iavf: Fix limit of total number of queues to active queues of VF
     (bsc#1111981).
   - iavf: prevent accidental free of filter structure (bsc#1111981 ).
   - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391).
   - ibmvnic: Update driver return codes (bsc#1196516 ltc#196391).
   - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
   - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391).
   - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391).
   - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391).
   - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
   - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391).
   - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391).
   - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).
   - ice: Delete always true check of PF pointer (bsc#1118661 ).
   - ice: ignore dropped packets during init (bsc#1118661 ).
   - igb: Fix removal of unicast MAC filters of VFs (bsc#1117495).
   - ixgbevf: Require large buffers for build_skb on 82599VF (bsc#1101674).
   - kabi: Hide changes to s390/AP structures (jsc#SLE-20809).
   - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584).
   - mqprio: Correct stats in mqprio_dump_class_stats() (bsc#1109837).
   - net/ibmvnic: Cleanup workaround doing an EOI after partition migration
     (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
   - net: Prevent infinite while loop in skb_tx_hash() (bsc#1109837).
   - net: ena: Fix error handling when calculating max IO queues number
     (bsc#1174852).
   - net: ena: Fix undefined state when tx request id is out of bounds
     (bsc#1174852).
   - net: marvell: mvpp2: Fix the computation of shared CPUs (bsc#1119113).
   - net: phylink: avoid mvneta warning when setting pause parameters
     (bsc#1119113).
   - net: usb: pegasus: Do not drop long Ethernet frames (git-fixes).
   - nfsd: fix use-after-free due to delegation race (git-fixes).
   - phylib: fix potential use-after-free (bsc#1119113).
   - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
     (bsc#1112374).
   - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038
     bsc#1157923 ltc#182612 git-fixes).
   - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for
     persistent memory" (bsc#1195995 ltc#196394).
   - powerpc/pseries: read the lpar name from the firmware (bsc#1187716
     ltc#193451).
   - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038
     bsc#1157923 ltc#182612 git-fixes).
   - qed: Handle management FW error (git-fixes).
   - qed: rdma - do not wait for resources under hw error recovery flow
     (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
   - rndis_host: support Hytera digital radios (git-fixes).
   - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20809).
   - s390/ap: rework crypto config info and default domain code
     (jsc#SLE-20809).
   - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195080
     LTC#196090).
   - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit
     (bsc#1195080 LTC#196090).
   - s390/hypfs: include z/VM guests with access control group set
     (bsc#1195638 LTC#196354).
   - scsi: bnx2fc: Flush destroy_work queue before calling
     bnx2fc_interface_put() (git-fixes).
   - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
   - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
     (git-fixes).
   - scsi: nsp_cs: Check of ioremap return value (git-fixes).
   - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes).
   - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).
   - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of
     NVMe queues (bsc#1195823).
   - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823).
   - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
   - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).
   - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX
     adapters (bsc#1195823).
   - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).
   - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).
   - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
   - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
   - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
   - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
   - scsi: qla2xxx: Fix warning message due to adisc being flushed
     (bsc#1195823).
   - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).
   - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
   - scsi: qla2xxx: Refactor asynchronous command initialization
     (bsc#1195823).
   - scsi: qla2xxx: Remove a declaration (bsc#1195823).
   - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t
     (bsc#1195823).
   - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
   - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
     (bsc#1195823).
   - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
   - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
   - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
   - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).
   - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
   - scsi: qla2xxx: edif: Replace list_for_each_safe with
     list_for_each_entry_safe (bsc#1195823).
   - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
   - scsi: scsi_debug: Sanity check block descriptor length in
     resp_mode_select() (git-fixes).
   - scsi: ufs: Fix race conditions related to driver data (git-fixes).
   - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP
     devices (bsc#1195377 LTC#196245).
   - sunrpc/auth_gss: support timeout on gss upcalls (bsc#1193857).
   - tracing: Dump stacktrace trigger to the corresponding instance
     (git-fixes).
   - tracing: Have traceon and traceoff trigger honor the instance
     (git-fixes).
   - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
   - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).
   - xfrm: fix MTU regression (bsc#1185377, bsc#1194048).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-765=1



Package List:

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-azure-4.12.14-16.91.1
      kernel-azure-base-4.12.14-16.91.1
      kernel-azure-base-debuginfo-4.12.14-16.91.1
      kernel-azure-debuginfo-4.12.14-16.91.1
      kernel-azure-debugsource-4.12.14-16.91.1
      kernel-azure-devel-4.12.14-16.91.1
      kernel-syms-azure-4.12.14-16.91.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-azure-4.12.14-16.91.1
      kernel-source-azure-4.12.14-16.91.1


References:

   https://www.suse.com/security/cve/CVE-2021-44879.html
   https://www.suse.com/security/cve/CVE-2021-45095.html
   https://www.suse.com/security/cve/CVE-2022-0001.html
   https://www.suse.com/security/cve/CVE-2022-0002.html
   https://www.suse.com/security/cve/CVE-2022-0487.html
   https://www.suse.com/security/cve/CVE-2022-0492.html
   https://www.suse.com/security/cve/CVE-2022-0617.html
   https://www.suse.com/security/cve/CVE-2022-0644.html
   https://www.suse.com/security/cve/CVE-2022-24448.html
   https://www.suse.com/security/cve/CVE-2022-24959.html
   https://bugzilla.suse.com/1046306
   https://bugzilla.suse.com/1050244
   https://bugzilla.suse.com/1089644
   https://bugzilla.suse.com/1094978
   https://bugzilla.suse.com/1097583
   https://bugzilla.suse.com/1097584
   https://bugzilla.suse.com/1097585
   https://bugzilla.suse.com/1097586
   https://bugzilla.suse.com/1097587
   https://bugzilla.suse.com/1097588
   https://bugzilla.suse.com/1101674
   https://bugzilla.suse.com/1101816
   https://bugzilla.suse.com/1103991
   https://bugzilla.suse.com/1109837
   https://bugzilla.suse.com/1111981
   https://bugzilla.suse.com/1112374
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1114685
   https://bugzilla.suse.com/1114893
   https://bugzilla.suse.com/1117495
   https://bugzilla.suse.com/1118661
   https://bugzilla.suse.com/1119113
   https://bugzilla.suse.com/1136460
   https://bugzilla.suse.com/1136461
   https://bugzilla.suse.com/1157038
   https://bugzilla.suse.com/1157923
   https://bugzilla.suse.com/1158533
   https://bugzilla.suse.com/1174852
   https://bugzilla.suse.com/1185377
   https://bugzilla.suse.com/1185973
   https://bugzilla.suse.com/1187716
   https://bugzilla.suse.com/1189126
   https://bugzilla.suse.com/1191271
   https://bugzilla.suse.com/1191580
   https://bugzilla.suse.com/1191655
   https://bugzilla.suse.com/1193857
   https://bugzilla.suse.com/1193867
   https://bugzilla.suse.com/1194048
   https://bugzilla.suse.com/1194516
   https://bugzilla.suse.com/1195080
   https://bugzilla.suse.com/1195377
   https://bugzilla.suse.com/1195536
   https://bugzilla.suse.com/1195543
   https://bugzilla.suse.com/1195612
   https://bugzilla.suse.com/1195638
   https://bugzilla.suse.com/1195795
   https://bugzilla.suse.com/1195823
   https://bugzilla.suse.com/1195840
   https://bugzilla.suse.com/1195897
   https://bugzilla.suse.com/1195908
   https://bugzilla.suse.com/1195934
   https://bugzilla.suse.com/1195949
   https://bugzilla.suse.com/1195987
   https://bugzilla.suse.com/1195995
   https://bugzilla.suse.com/1196079
   https://bugzilla.suse.com/1196155
   https://bugzilla.suse.com/1196400
   https://bugzilla.suse.com/1196516
   https://bugzilla.suse.com/1196584
   https://bugzilla.suse.com/1196612