SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:1669-1
Rating:             important
References:         #1028340 #1071995 #1137728 #1152472 #1152489 
                    #1177028 #1179878 #1182073 #1183723 #1187055 
                    #1191647 #1193556 #1193842 #1194625 #1195651 
                    #1195926 #1196018 #1196114 #1196367 #1196514 
                    #1196639 #1196942 #1197157 #1197391 #1197656 
                    #1197660 #1197677 #1197914 #1197926 #1198077 
                    #1198217 #1198330 #1198400 #1198413 #1198437 
                    #1198448 #1198484 #1198515 #1198516 #1198534 
                    #1198742 #1198825 #1198989 #1199012 #1199024 
                    SLE-13208 SLE-13513 SLE-15172 SLE-15175 SLE-18234 
                    SLE-8449 
Cross-References:   CVE-2020-27835 CVE-2021-0707 CVE-2021-20292
                    CVE-2021-20321 CVE-2021-38208 CVE-2021-4154
                    CVE-2022-0812 CVE-2022-1158 CVE-2022-1280
                    CVE-2022-1353 CVE-2022-1419 CVE-2022-1516
                    CVE-2022-28356 CVE-2022-28748 CVE-2022-28893
                    CVE-2022-29156
CVSS scores:
                    CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-0707 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-0707 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-4154 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
                    CVE-2021-4154 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
                    CVE-2022-0812 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1280 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1280 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
                    CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-28356 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-28893 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-28893 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-29156 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-29156 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Micro 5.1
                    SUSE Linux Enterprise Micro 5.2
                    SUSE Linux Enterprise Module for Realtime 15-SP3
                    SUSE Linux Enterprise Real Time 15-SP3
                    SUSE Linux Enterprise Realtime Extension 15-SP3
______________________________________________________________________________

   An update that solves 16 vulnerabilities, contains 6
   features and has 29 fixes is now available.

Description:


   The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release
     (bnc#1198515).
   - CVE-2022-28893: Ensuring that sockets are in the intended state inside
     the SUNRPC subsystem (bnc#1198330).
   - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a
     devices (bsc#1196018).
   - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c
     (bnc#1197391).
   - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect
     (bsc#1199012).
   - CVE-2022-1419: Fixed a concurrency use-after-free in
     vgem_gem_dumb_create (bsc#1198742).
   - CVE-2022-1353: Fixed access controll to kernel memory in the
     pfkey_register function in net/key/af_key.c (bnc#1198516).
   - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in
     drivers/gpu/drm/drm_lease.c (bnc#1197914).
   - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the
     user address (bsc#1197660).
   - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).
   - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in
     kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could
     cause a privilege escalation by exploiting the fsconfig syscall
     parameter leading to a container breakout and a denial of service on the
     system (bnc#1193842).
   - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
     BUG) by making a getsockname call after a certain type of failure of a
     bind call (bnc#1187055).
   - CVE-2021-20321: Fixed a race condition accessing file object in the
     OverlayFS subsystem in the way users do rename in specific way with
     OverlayFS. A local user could have used this flaw to crash the system
     (bnc#1191647).
   - CVE-2021-20292: Fixed object validation prior to performing operations
     on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem
     (bnc#1183723).
   - CVE-2021-0707: Fixed possible memory corruption due to a use after free
     inside dma_buf_releas e of dma-buf.c (bnc#1198437).
   - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the
     way user calls Ioctl after open dev file and fork. A local user could
     use this flaw to crash the system (bnc#1179878).


   The following non-security bugs were fixed:

   - ACPI: processor idle: Check for architectural support for LPI
     (git-fixes).
   - ACPI/APEI: Limit printable size of BERT table data (git-fixes).
   - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
   - adm8211: fix error return code in adm8211_probe() (git-fixes).
   - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).
   - ALSA: hda/hdmi: fix warning about PCM count when used with SOF
     (git-fixes).
   - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
   - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
     (git-fixes).
   - ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
     (git-fixes).
   - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb
     (git-fixes).
   - ALSA: usb-audio: Increase max buffer size (git-fixes).
   - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
   - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
     (git-fixes)
   - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
   - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
   - arm64: dts: exynos: correct GIC CPU interfaces address range on
     (git-fixes)
   - arm64: dts: ls1028a: fix memory node (git-fixes)
   - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
   - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
   - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
   - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of
     (git-fixes)
   - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0
     (git-fixes)
   - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
   - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
   - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
   - arm64: head: avoid over-mapping in map_memory (git-fixes)
   - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m
     (bsc#1199024).
   - arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
   - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
     (git-fixes).
   - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use
     (git-fixes).
   - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
   - ASoC: msm8916-wcd-digital: Check failure for
     devm_snd_soc_register_component (git-fixes).
   - ASoC: soc-compress: Change the check for codec_dai (git-fixes).
   - ASoC: soc-compress: prevent the potentially use of null pointer
     (git-fixes).
   - ASoC: soc-core: skip zero num_dai component in searching dai name
     (git-fixes).
   - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).
   - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
     (git-fixes).
   - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
   - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
     (git-fixes).
   - ath5k: fix building with LEDS=m (git-fixes).
   - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
   - ath9k_htc: fix uninit value bugs (git-fixes).
   - ath9k: Fix usage of driver-private space in tx_info (git-fixes).
   - ath9k: Properly clear TX status area before reporting to mac80211
     (git-fixes).
   - backlight: qcom-wled: Respect enabled-strings in set_brightness
     (bsc#1152489)
   - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).
   - bfq: Avoid merging queues with different parents (bsc#1197926).
   - bfq: Drop pointless unlock-lock pair (bsc#1197926).
   - bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
   - bfq: Make sure bfqg for which we are queueing requests is online
     (bsc#1197926).
   - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
   - bfq: Split shared queues on move between cgroups (bsc#1197926).
   - bfq: Track whether bfq_group is still online (bsc#1197926).
   - bfq: Update cgroup information before merging bio (bsc#1197926).
   - block: Drop leftover references to RQF_SORTED (bsc#1182073).
   - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
   - Bluetooth: Fix use after free in hci_send_acl (git-fixes).
   - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).
   - bnx2x: fix napi API usage sequence (bsc#1198217).
   - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT
     (git-fixes bsc#1177028).
   - brcmfmac: firmware: Allocate space for default boardrev in nvram
     (git-fixes).
   - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
   - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
     (git-fixes).
   - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
     (git-fixes).
   - carl9170: fix missing bit-wise or operator for tx_params (git-fixes).
   - cfg80211: hold bss_lock while updating nontrans_list (git-fixes).
   - cifs: do not skip link targets when an I/O fails (bsc#1194625).
   - cifs: fix bad fids sent over wire (bsc#1197157).
   - clk: Enforce that disjoints limits are invalid (git-fixes).
   - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
   - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).
   - direct-io: defer alignment check until after the EOF check (bsc#1197656).
   - direct-io: do not force writeback for reads beyond EOF (bsc#1197656).
   - dma-debug: fix return value of __setup handlers (git-fixes).
   - dma: at_xdmac: fix a missing check on list iterator (git-fixes).
   - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).
   - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
   - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
   - dmaengine: mediatek:Fix PM usage reference leak of
     mtk_uart_apdma_alloc_chan_resources (git-fixes).
   - dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
     (git-fixes).
   - Documentation: add link to stable release candidate tree (git-fixes).
   - drm: add a locked version of drm_is_current_master (bsc#1197914).
   - drm: Add orientation quirk for GPD Win Max (git-fixes).
   - drm: drm_file struct kABI compatibility workaround (bsc#1197914).
   - drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
   - drm: serialize drm_file.master with a new spinlock (bsc#1197914).
   - drm: use the lookup lock in drm_is_current_master (bsc#1197914).
   - drm/amd: Add USBC connector ID (git-fixes).
   - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
     (git-fixes).
   - drm/amd/display: do not ignore alpha property on pre-multiplied mode
     (git-fixes).
   - drm/amd/display: Fix a NULL pointer dereference in
     amdgpu_dm_connector_add_common_modes() (git-fixes).
   - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).
   - drm/amd/display: Fix memory leak in dcn21_clock_source_create
     (bsc#1152472)
   - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
   - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).
   - drm/amdgpu: Fix recursive locking warning (git-fixes).
   - drm/amdkfd: Check for potential null return of kmalloc_array()
     (git-fixes).
   - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
   - drm/amdkfd: make CRAT table missing message informational only
     (git-fixes).
   - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
     (git-fixes).
   - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
     (git-fixes).
   - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
     (git-fixes).
   - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
   - drm/edid: check basic audio support on CEA extension block (git-fixes).
   - drm/edid: Do not clear formats if using deep color (git-fixes).
   - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
   - drm/i915: Call i915_globals_exit() if pci_register_device() fails
     (git-fixes).
   - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
   - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
   - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
   - drm/i915/gem: Flush coherency domains on first set-domain-ioctl
     (git-fixes).
   - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).
   - drm/mediatek: Add AAL output size configuration (git-fixes).
   - drm/mediatek: Fix aal size config (git-fixes).
   - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
     (git-fixes).
   - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
     (git-fixes).
   - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
     (git-fixes).
   - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
   - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).
   - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
   - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync()
     usage (git-fixes).
   - drm/vmwgfx: Remove unused compile options (bsc#1152472)
   - e1000e: Fix possible overflow in LTR decoding (git-fixes).
   - fibmap: Reject negative block numbers (bsc#1198448).
   - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).
   - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).
   - gpiolib: acpi: use correct format characters (git-fixes).
   - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
   - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).
   - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
     (git-fixes).
   - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
   - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
   - Input: omap4-keypad - fix pm_runtime_get_sync() error checking
     (git-fixes).
   - ipmi: bail out if init_srcu_struct fails (git-fixes).
   - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
     (git-fixes).
   - ipmi: Move remove_work to dedicated workqueue (git-fixes).
   - iwlwifi: Fix -EIO error code that is never returned (git-fixes).
   - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
   - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).
   - livepatch: Do not block removal of patches that are safe to unload
     (bsc#1071995).
   - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).
   - media: cx88-mpeg: clear interrupt status register before streaming video
     (git-fixes).
   - media: hdpvr: initialize dev->worker at hdpvr_register_videodev
     (git-fixes).
   - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
     (git-fixes).
   - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).
   - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
   - mmc: host: Return an error when ->enable_sdio_irq() ops is missing
     (git-fixes).
   - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
   - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).
   - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is
     complete (git-fixes).
   - mtd: onenand: Check for error irq (git-fixes).
   - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
     (git-fixes).
   - mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
   - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
   - net: asix: add proper error handling of usb read errors (git-fixes).
   - net: mana: Add counter for packet dropped by XDP (bsc#1195651).
   - net: mana: Add counter for XDP_TX (bsc#1195651).
   - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
   - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
     (bsc#1195651).
   - net: mana: Reuse XDP dropped page (bsc#1195651).
   - net: mana: Use struct_size() helper in mana_gd_create_dma_region()
     (bsc#1195651).
   - net: mcs7830: handle usb read errors properly (git-fixes).
   - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).
   - nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
   - NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
   - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
     (git-fixes).
   - PCI: aardvark: Fix support for MSI interrupts (git-fixes).
   - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
   - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
     (git-fixes).
   - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
   - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).
   - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
     (git-fixes).
   - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
     (git-fixes).
   - power: supply: axp20x_battery: properly report current when discharging
     (git-fixes).
   - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
   - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong
     false return (git-fixes).
   - power: supply: wm8350-power: Add missing free in free_charger_irq
     (git-fixes).
   - power: supply: wm8350-power: Handle error for wm8350_register_irq
     (git-fixes).
   - powerpc/perf: Expose Performance Monitor Counter SPR's as part of
     extended regs (bsc#1198077 ltc#197299).
   - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).
   - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106,
     git-fixes).
   - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct
     (bsc#1198077 ltc#197299).
   - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
     (bsc#1198413).
   - random: check for signal_pending() outside of need_resched() check
     (git-fixes).
   - ray_cs: Check ioremap return value (git-fixes).
   - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
   - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175).
   - RDMA/mlx5: Do not remove cache MRs when a delay is needed
     (jsc#SLE-15175).
   - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR
     (jsc#SLE-15175).
   - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).
   - rpm: Run external scriptlets on uninstall only when available
     (bsc#1196514 bsc#1196114 bsc#1196942).
   - rpm: Use bash for %() expansion (jsc#SLE-18234).
   - rpm/*.spec.in: remove backtick usage
   - rpm/constraints.in: skip SLOW_DISK workers for kernel-source
   - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926,
     bsc#1198484)
   - rtc: check if __rtc_read_time was successful (git-fixes).
   - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
   - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677
     LTC#197378).
   - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
     (git-fixes).
   - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()
     (git-fixes).
   - scsi: mpt3sas: Page fault in reply q processing (git-fixes).
   - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340
     bsc#1198825).
   - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and
     controller (git-fixes).
   - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
     (git-fixes).
   - spi: Fix erroneous sgs value with min_t() (git-fixes).
   - spi: Fix invalid sgs value (git-fixes).
   - spi: mxic: Fix the transmit path (git-fixes).
   - spi: tegra20: Use of_device_get_match_data() (git-fixes).
   - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
     (git-fixes).
   - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
   - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
     (git-fixes).
   - SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
   - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
   - SUNRPC: Handle low memory situations in call_status() (git-fixes).
   - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes).
   - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
   - USB: dwc3: gadget: Return proper request status (git-fixes).
   - USB: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
     (git-fixes).
   - USB: gadget: uvc: Fix crash when encoding data for usb request
     (git-fixes).
   - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs
     (bsc#1152489)
   - USB: serial: pl2303: add IBM device IDs (git-fixes).
   - USB: serial: simple: add Nokia phone driver (git-fixes).
   - USB: storage: ums-realtek: fix error code in rts51x_read_mem()
     (git-fixes).
   - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
     (git-fixes).
   - vgacon: Propagate console boot parameters before calling `vc_resize'
     (bsc#1152489)
   - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).
   - video: fbdev: cirrusfb: check pixclock to avoid divide by zero
     (git-fixes).
   - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
     (git-fixes).
   - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
   - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
   - video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
   - video: fbdev: w100fb: Reset global state (git-fixes).
   - virtio_console: break out of buf poll on remove (git-fixes).
   - virtio_console: eliminate anonymous module_init & module_exit
     (git-fixes).
   - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
   - x86/pm: Save the MSR validity status at context setup (bsc#1198400).
   - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
     (git-fixes).
   - x86/speculation: Restore speculation related MSRs during S3 resume
     (bsc#1198400).
   - xen: fix is_xen_pmu() (git-fixes).
   - xen/blkfront: fix comment for need_copy (git-fixes).
   - xen/x86: obtain full video frame buffer address for Dom0 also under EFI
     (bsc#1193556).
   - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0
     (bsc#1193556).
   - xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
   - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
     (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Realtime Extension 15-SP3:

      zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2022-1669=1

   - SUSE Linux Enterprise Module for Realtime 15-SP3:

      zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-1669=1

   - SUSE Linux Enterprise Micro 5.2:

      zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1669=1

   - SUSE Linux Enterprise Micro 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1669=1



Package List:

   - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch):

      release-notes-sle_rt-15.3.20220422-150300.3.3.2

   - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64):

      cluster-md-kmp-rt-5.3.18-150300.88.2
      cluster-md-kmp-rt-debuginfo-5.3.18-150300.88.2
      dlm-kmp-rt-5.3.18-150300.88.2
      dlm-kmp-rt-debuginfo-5.3.18-150300.88.2
      gfs2-kmp-rt-5.3.18-150300.88.2
      gfs2-kmp-rt-debuginfo-5.3.18-150300.88.2
      kernel-rt-5.3.18-150300.88.2
      kernel-rt-debuginfo-5.3.18-150300.88.2
      kernel-rt-debugsource-5.3.18-150300.88.2
      kernel-rt-devel-5.3.18-150300.88.2
      kernel-rt-devel-debuginfo-5.3.18-150300.88.2
      kernel-rt_debug-debuginfo-5.3.18-150300.88.2
      kernel-rt_debug-debugsource-5.3.18-150300.88.2
      kernel-rt_debug-devel-5.3.18-150300.88.2
      kernel-rt_debug-devel-debuginfo-5.3.18-150300.88.2
      kernel-syms-rt-5.3.18-150300.88.1
      ocfs2-kmp-rt-5.3.18-150300.88.2
      ocfs2-kmp-rt-debuginfo-5.3.18-150300.88.2

   - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch):

      kernel-devel-rt-5.3.18-150300.88.2
      kernel-source-rt-5.3.18-150300.88.2
      release-notes-sle_rt-15.3.20220422-150300.3.3.2

   - SUSE Linux Enterprise Micro 5.2 (x86_64):

      kernel-rt-5.3.18-150300.88.2
      kernel-rt-debuginfo-5.3.18-150300.88.2
      kernel-rt-debugsource-5.3.18-150300.88.2

   - SUSE Linux Enterprise Micro 5.1 (x86_64):

      kernel-rt-5.3.18-150300.88.2
      kernel-rt-debuginfo-5.3.18-150300.88.2
      kernel-rt-debugsource-5.3.18-150300.88.2


References:

   https://www.suse.com/security/cve/CVE-2020-27835.html
   https://www.suse.com/security/cve/CVE-2021-0707.html
   https://www.suse.com/security/cve/CVE-2021-20292.html
   https://www.suse.com/security/cve/CVE-2021-20321.html
   https://www.suse.com/security/cve/CVE-2021-38208.html
   https://www.suse.com/security/cve/CVE-2021-4154.html
   https://www.suse.com/security/cve/CVE-2022-0812.html
   https://www.suse.com/security/cve/CVE-2022-1158.html
   https://www.suse.com/security/cve/CVE-2022-1280.html
   https://www.suse.com/security/cve/CVE-2022-1353.html
   https://www.suse.com/security/cve/CVE-2022-1419.html
   https://www.suse.com/security/cve/CVE-2022-1516.html
   https://www.suse.com/security/cve/CVE-2022-28356.html
   https://www.suse.com/security/cve/CVE-2022-28748.html
   https://www.suse.com/security/cve/CVE-2022-28893.html
   https://www.suse.com/security/cve/CVE-2022-29156.html
   https://bugzilla.suse.com/1028340
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1137728
   https://bugzilla.suse.com/1152472
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1177028
   https://bugzilla.suse.com/1179878
   https://bugzilla.suse.com/1182073
   https://bugzilla.suse.com/1183723
   https://bugzilla.suse.com/1187055
   https://bugzilla.suse.com/1191647
   https://bugzilla.suse.com/1193556
   https://bugzilla.suse.com/1193842
   https://bugzilla.suse.com/1194625
   https://bugzilla.suse.com/1195651
   https://bugzilla.suse.com/1195926
   https://bugzilla.suse.com/1196018
   https://bugzilla.suse.com/1196114
   https://bugzilla.suse.com/1196367
   https://bugzilla.suse.com/1196514
   https://bugzilla.suse.com/1196639
   https://bugzilla.suse.com/1196942
   https://bugzilla.suse.com/1197157
   https://bugzilla.suse.com/1197391
   https://bugzilla.suse.com/1197656
   https://bugzilla.suse.com/1197660
   https://bugzilla.suse.com/1197677
   https://bugzilla.suse.com/1197914
   https://bugzilla.suse.com/1197926
   https://bugzilla.suse.com/1198077
   https://bugzilla.suse.com/1198217
   https://bugzilla.suse.com/1198330
   https://bugzilla.suse.com/1198400
   https://bugzilla.suse.com/1198413
   https://bugzilla.suse.com/1198437
   https://bugzilla.suse.com/1198448
   https://bugzilla.suse.com/1198484
   https://bugzilla.suse.com/1198515
   https://bugzilla.suse.com/1198516
   https://bugzilla.suse.com/1198534
   https://bugzilla.suse.com/1198742
   https://bugzilla.suse.com/1198825
   https://bugzilla.suse.com/1198989
   https://bugzilla.suse.com/1199012
   https://bugzilla.suse.com/1199024

SUSE: 2022:1669-1 important: the Linux Kernel

May 16, 2022
An update that solves 16 vulnerabilities, contains 6 features and has 29 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515). - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639). - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437). - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). The following non-security bugs were fixed: - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for "silence" field in struct "pcm_format_data" (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). - rpm: Use bash for %() expansion (jsc#SLE-18234). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Return proper request status (git-fixes). - USB: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen: fix is_xen_pmu() (git-fixes). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes).

References

#1028340 #1071995 #1137728 #1152472 #1152489

#1177028 #1179878 #1182073 #1183723 #1187055

#1191647 #1193556 #1193842 #1194625 #1195651

#1195926 #1196018 #1196114 #1196367 #1196514

#1196639 #1196942 #1197157 #1197391 #1197656

#1197660 #1197677 #1197914 #1197926 #1198077

#1198217 #1198330 #1198400 #1198413 #1198437

#1198448 #1198484 #1198515 #1198516 #1198534

#1198742 #1198825 #1198989 #1199012 #1199024

SLE-13208 SLE-13513 SLE-15172 SLE-15175 SLE-18234

SLE-8449

Cross- CVE-2020-27835 CVE-2021-0707 CVE-2021-20292

CVE-2021-20321 CVE-2021-38208 CVE-2021-4154

CVE-2022-0812 CVE-2022-1158 CVE-2022-1280

CVE-2022-1353 CVE-2022-1419 CVE-2022-1516

CVE-2022-28356 CVE-2022-28748 CVE-2022-28893

CVE-2022-29156

CVSS scores:

CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-0707 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-0707 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-4154 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2021-4154 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2022-0812 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1280 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2022-1280 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-28356 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2022-28893 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-28893 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-29156 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-29156 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Module for Realtime 15-SP3

SUSE Linux Enterprise Real Time 15-SP3

SUSE Linux Enterprise Realtime Extension 15-SP3

https://www.suse.com/security/cve/CVE-2020-27835.html

https://www.suse.com/security/cve/CVE-2021-0707.html

https://www.suse.com/security/cve/CVE-2021-20292.html

https://www.suse.com/security/cve/CVE-2021-20321.html

https://www.suse.com/security/cve/CVE-2021-38208.html

https://www.suse.com/security/cve/CVE-2021-4154.html

https://www.suse.com/security/cve/CVE-2022-0812.html

https://www.suse.com/security/cve/CVE-2022-1158.html

https://www.suse.com/security/cve/CVE-2022-1280.html

https://www.suse.com/security/cve/CVE-2022-1353.html

https://www.suse.com/security/cve/CVE-2022-1419.html

https://www.suse.com/security/cve/CVE-2022-1516.html

https://www.suse.com/security/cve/CVE-2022-28356.html

https://www.suse.com/security/cve/CVE-2022-28748.html

https://www.suse.com/security/cve/CVE-2022-28893.html

https://www.suse.com/security/cve/CVE-2022-29156.html

https://bugzilla.suse.com/1028340

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1137728

https://bugzilla.suse.com/1152472

https://bugzilla.suse.com/1152489

https://bugzilla.suse.com/1177028

https://bugzilla.suse.com/1179878

https://bugzilla.suse.com/1182073

https://bugzilla.suse.com/1183723

https://bugzilla.suse.com/1187055

https://bugzilla.suse.com/1191647

https://bugzilla.suse.com/1193556

https://bugzilla.suse.com/1193842

https://bugzilla.suse.com/1194625

https://bugzilla.suse.com/1195651

https://bugzilla.suse.com/1195926

https://bugzilla.suse.com/1196018

https://bugzilla.suse.com/1196114

https://bugzilla.suse.com/1196367

https://bugzilla.suse.com/1196514

https://bugzilla.suse.com/1196639

https://bugzilla.suse.com/1196942

https://bugzilla.suse.com/1197157

https://bugzilla.suse.com/1197391

https://bugzilla.suse.com/1197656

https://bugzilla.suse.com/1197660

https://bugzilla.suse.com/1197677

https://bugzilla.suse.com/1197914

https://bugzilla.suse.com/1197926

https://bugzilla.suse.com/1198077

https://bugzilla.suse.com/1198217

https://bugzilla.suse.com/1198330

https://bugzilla.suse.com/1198400

https://bugzilla.suse.com/1198413

https://bugzilla.suse.com/1198437

https://bugzilla.suse.com/1198448

https://bugzilla.suse.com/1198484

https://bugzilla.suse.com/1198515

https://bugzilla.suse.com/1198516

https://bugzilla.suse.com/1198534

https://bugzilla.suse.com/1198742

https://bugzilla.suse.com/1198825

https://bugzilla.suse.com/1198989

https://bugzilla.suse.com/1199012

https://bugzilla.suse.com/1199024

Severity
Announcement ID: SUSE-SU-2022:1669-1
Rating: important

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved