SUSE: 2022:1686-1 important: the Linux Kernel | LinuxSecurity.com

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:1686-1
Rating:             important
References:         #1028340 #1071995 #1084513 #1114648 #1121726 
                    #1129770 #1137728 #1172456 #1183723 #1187055 
                    #1191647 #1191958 #1194625 #1196018 #1196247 
                    #1197075 #1197343 #1197391 #1197663 #1197888 
                    #1197914 #1198217 #1198413 #1198516 #1198687 
                    #1198742 #1198825 #1198989 #1199012 
Cross-References:   CVE-2018-7755 CVE-2019-20811 CVE-2021-20292
                    CVE-2021-20321 CVE-2021-38208 CVE-2021-43389
                    CVE-2022-1011 CVE-2022-1280 CVE-2022-1353
                    CVE-2022-1419 CVE-2022-1516 CVE-2022-28356
                    CVE-2022-28748
CVSS scores:
                    CVE-2018-7755 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2018-7755 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2019-20811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
                    CVE-2019-20811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
                    CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43389 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1280 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1280 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
                    CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-28356 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Desktop 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
                    SUSE Linux Enterprise High Performance Computing 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP Applications 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has 16 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a
     devices (bsc#1196018).
   - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c
     (bnc#1197391).
   - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect
     (bsc#1199012).
   - CVE-2022-1419: Fixed a concurrency use-after-free in
     vgem_gem_dumb_create (bsc#1198742).
   - CVE-2022-1353: Fixed access controll to kernel memory in the
     pfkey_register function in net/key/af_key.c (bnc#1198516).
   - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in
     drivers/gpu/drm/drm_lease.c (bnc#1197914).
   - CVE-2022-1011: Fixed a use-after-free flaw inside the FUSE filesystem in
     the way a user triggers write(). This flaw allowed a local user to gain
     unauthorized access to data from the FUSE filesystem, resulting in
     privilege escalation (bnc#1197343).
   - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the
     detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
   - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
     BUG) by making a getsockname call after a certain type of failure of a
     bind call (bnc#1187055).
   - CVE-2021-20321: Fixed a race condition accessing file object in the
     OverlayFS subsystem in the way users do rename in specific way with
     OverlayFS. A local user could have used this flaw to crash the system
     (bnc#1191647).
   - CVE-2021-20292: Fixed object validation prior to performing operations
     on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem
     (bnc#1183723).
   - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and
     netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference
     count is mishandled (bnc#1172456).
   - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in
     drivers/block/floppy.c. The floppy driver will copy a kernel pointer to
     user memory in response to the FDGETPRM ioctl. An attacker can send the
     FDGETPRM ioctl and use the obtained kernel pointer to discover the
     location of kernel code and data and bypass kernel security protections
     such as KASLR (bnc#1084513).


   The following non-security bugs were fixed:

   - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (git-fixes)
   - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
   - NFSv4: recover from pre-mature loss of openstateid (bsc#1196247).
   - NFSv4: Do not try to CLOSE if the stateid 'other' field has changed
     (bsc#1196247).
   - NFSv4: Fix a regression in nfs_set_open_stateid_locked() (bsc#1196247).
   - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1196247).
   - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1196247).
   - NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
   - PCI/switchtec: Read all 64 bits of part_event_bitmap (git-fixes).
   - PCI: Add device even if driver attach failed (git-fixes).
   - PCI: Fix overflow in command-line resource alignment requests
     (git-fixes).
   - PCI: iproc: Fix out-of-bound array accesses (git-fixes).
   - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
   - PCI: qcom: Change duplicate PCI reset to phy reset (git-fixes).
   - PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0 (git-fixes).
   - RDMA/rxe: Missing unlock on error in get_srq_wqe() (git-fixes)
   - RDMA/rxe: Restore setting tot_len in the IPv4 header (git-fixes)
   - RDMA/rxe: Use the correct size of wqe when processing SRQ (git-fixes)
   - SUNRPC: Handle low memory situations in call_status() (git-fixes).
   - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
     (git-fixes).
   - USB: core: Fix bug in resuming hub's handling of wakeup requests
     (git-fixes).
   - USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
   - USB: serial: pl2303: add IBM device IDs (git-fixes).
   - USB: serial: simple: add Nokia phone driver (git-fixes).
   - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
     (git-fixes).
   - arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint
     (git-fixes)
   - arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ (git-fixes)
   - arm64: drop linker script hack to hide __efistub_ symbols (git-fixes)
   - arm64: fix for bad_mode() handler to always result in panic (git-fixes)
   - arm64: hibernate: Clean the __hyp_text to PoC after resume (git-fixes)
   - arm64: hyp-stub: Forbid kprobing of the hyp-stub (git-fixes)
   - arm64: kaslr: ensure randomized quantities are clean also when kaslr
     (git-fixes)
   - arm64: kaslr: ensure randomized quantities are clean to the PoC
     (git-fixes)
   - arm64: kprobe: Always blacklist the KVM world-switch code (git-fixes)
   - arm64: only advance singlestep for user instruction traps (git-fixes)
   - arm64: relocatable: fix inconsistencies in linker script and options
     (git-fixes)
   - ath10k: fix max antenna gain unit (git-fixes).
   - ath6kl: fix control-message timeout (git-fixes).
   - ath6kl: fix division by zero in send path (git-fixes).
   - ath9k: Fix potential interrupt storm on queue reset (git-fixes).
   - b43: fix a lower bounds test (git-fixes).
   - b43legacy: fix a lower bounds test (git-fixes).
   - backlight: pwm_bl: Improve bootloader/kernel device handover
     (bsc#1129770)
   - bnx2x: fix napi API usage sequence (bsc#1198217).
   - can: gs_usb: fix use of uninitialized variable, detach device on
     reception of invalid USB data (git-fixes).
   - char/mwave: Adjust io port register size (git-fixes).
   - cifs: do not skip link targets when an I/O fails (bsc#1194625).
   - crypto: arm64/aes-ce-cipher - move assembler code to .S file (git-fixes)
   - fbmem: do not allow too huge resolutions (bsc#1129770)
   - fix parallelism for rpc tasks (bsc#1197663).
   - fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes).
   - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes).
   - hwrng: atmel - disable trng on failure path (git-fixes).
   - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
     (git-fixes).
   - i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes).
   - i40e: add correct exception tracing for XDP (git-fixes).
   - i40e: optimize for XDP_REDIRECT in xsk path (git-fixes).
   - ieee802154: atusb: fix uninit value in atusb_set_extended_addr
     (git-fixes).
   - io-64-nonatomic: add io{read|write}64{_lo_hi|_hi_lo} macros (git-fixes).
   - libertas: Fix possible memory leak in probe and disconnect (git-fixes).
   - libertas_tf: Fix possible memory leak in probe and disconnect
     (git-fixes).
   - livepatch: Do not block removal of patches that are safe to unload
     (bsc#1071995).
   - mac80211: mesh: fix potentially unaligned access (git-fixes).
   - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes).
   - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes).
   - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
   - media: em28xx: fix memory leak in em28xx_init_dev (git-fixes).
   - media: lmedm04: Fix misuse of comma (git-fixes).
   - media: rc-loopback: return number of emitters rather than error
     (git-fixes).
   - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes).
   - media: uvc: do not do DMA on stack (git-fixes).
   - media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
   - media: videobuf2-core: dequeue if start_streaming fails (git-fixes).
   - mt7601u: fix rx buffer refcounting (git-fixes).
   - mwifiex: Read a PCI register after writing the TX ring write pointer
     (git-fixes).
   - mwifiex: Send DELBA requests according to spec (git-fixes).
   - mxser: fix xmit_buf leak in activate when LSR == 0xff (git-fixes).
   - net/mlx5e: Reduce tc unsupported key print level (git-fixes).
   - net: davinci_emac: Fix incorrect masking of tx and rx error channel
     (git-fixes).
   - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops
     (git-fixes).
   - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
   - net: stmicro: handle clk_prepare() failure during init (git-fixes).
   - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
     (git-fixes).
   - parisc/sticon: fix reverse colors (bsc#1129770)
   - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106,
     git-fixes).
   - ppp: ensure minimum packet size in ppp_write() (git-fixes).
   - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
     (bsc#1198413).
   - random: check for signal_pending() outside of need_resched() check
     (git-fixes).
   - random: fix data race on crng_node_pool (git-fixes).
   - rtl8187: fix control-message timeouts (git-fixes).
   - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
     (git-fixes).
   - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340
     bsc#1198825).
   - tcp: Fix potential use-after-free due to double kfree() (bsc#1197075).
   - tcp: fix race condition when creating child sockets from syncookies
     (bsc#1197075).
   - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes).
   - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
   - usb: ulpi: Call of_node_put correctly (git-fixes).
   - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
   - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (bsc#1129770)
   - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
     (bsc#1129770)
   - video: fbdev: chipsfb: use memset_io() instead of memset() (bsc#1129770)
   - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (bsc#1129770)
   - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
     (bsc#1129770)
   - video: fbdev: sm712fb: Fix crash in smtcfb_read() (bsc#1129770)
   - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
     (bsc#1129770)
   - video: fbdev: udlfb: properly check endpoint type (bsc#1129770)
   - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
   - wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
   - x86/pm: Save the MSR validity status at context setup (bsc#1114648).
   - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
     (git-fixes).
   - x86/speculation: Restore speculation related MSRs during S3 resume
     (bsc#1114648).
   - xen/blkfront: fix comment for need_copy (git-fixes).
   - xen: detect uninitialized xenbus in xenbus_init (git-fixes).
   - xen: do not continue xenstore initialization in case of errors
     (git-fixes).
   - xen: fix is_xen_pmu() (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1686=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1686=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1686=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1686=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2022-1686=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.121.2
      kernel-default-debugsource-4.12.14-122.121.2
      kernel-default-extra-4.12.14-122.121.2
      kernel-default-extra-debuginfo-4.12.14-122.121.2

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.121.1
      kernel-obs-build-debugsource-4.12.14-122.121.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.121.2

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.121.2
      kernel-default-base-4.12.14-122.121.2
      kernel-default-base-debuginfo-4.12.14-122.121.2
      kernel-default-debuginfo-4.12.14-122.121.2
      kernel-default-debugsource-4.12.14-122.121.2
      kernel-default-devel-4.12.14-122.121.2
      kernel-syms-4.12.14-122.121.2

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.121.2

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.121.2
      kernel-macros-4.12.14-122.121.2
      kernel-source-4.12.14-122.121.2

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.121.2

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.121.2
      kernel-default-debugsource-4.12.14-122.121.2
      kernel-default-kgraft-4.12.14-122.121.2
      kernel-default-kgraft-devel-4.12.14-122.121.2
      kgraft-patch-4_12_14-122_121-default-1-8.5.2

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.121.2
      cluster-md-kmp-default-debuginfo-4.12.14-122.121.2
      dlm-kmp-default-4.12.14-122.121.2
      dlm-kmp-default-debuginfo-4.12.14-122.121.2
      gfs2-kmp-default-4.12.14-122.121.2
      gfs2-kmp-default-debuginfo-4.12.14-122.121.2
      kernel-default-debuginfo-4.12.14-122.121.2
      kernel-default-debugsource-4.12.14-122.121.2
      ocfs2-kmp-default-4.12.14-122.121.2
      ocfs2-kmp-default-debuginfo-4.12.14-122.121.2


References:

   https://www.suse.com/security/cve/CVE-2018-7755.html
   https://www.suse.com/security/cve/CVE-2019-20811.html
   https://www.suse.com/security/cve/CVE-2021-20292.html
   https://www.suse.com/security/cve/CVE-2021-20321.html
   https://www.suse.com/security/cve/CVE-2021-38208.html
   https://www.suse.com/security/cve/CVE-2021-43389.html
   https://www.suse.com/security/cve/CVE-2022-1011.html
   https://www.suse.com/security/cve/CVE-2022-1280.html
   https://www.suse.com/security/cve/CVE-2022-1353.html
   https://www.suse.com/security/cve/CVE-2022-1419.html
   https://www.suse.com/security/cve/CVE-2022-1516.html
   https://www.suse.com/security/cve/CVE-2022-28356.html
   https://www.suse.com/security/cve/CVE-2022-28748.html
   https://bugzilla.suse.com/1028340
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1084513
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1121726
   https://bugzilla.suse.com/1129770
   https://bugzilla.suse.com/1137728
   https://bugzilla.suse.com/1172456
   https://bugzilla.suse.com/1183723
   https://bugzilla.suse.com/1187055
   https://bugzilla.suse.com/1191647
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1194625
   https://bugzilla.suse.com/1196018
   https://bugzilla.suse.com/1196247
   https://bugzilla.suse.com/1197075
   https://bugzilla.suse.com/1197343
   https://bugzilla.suse.com/1197391
   https://bugzilla.suse.com/1197663
   https://bugzilla.suse.com/1197888
   https://bugzilla.suse.com/1197914
   https://bugzilla.suse.com/1198217
   https://bugzilla.suse.com/1198413
   https://bugzilla.suse.com/1198516
   https://bugzilla.suse.com/1198687
   https://bugzilla.suse.com/1198742
   https://bugzilla.suse.com/1198825
   https://bugzilla.suse.com/1198989
   https://bugzilla.suse.com/1199012

SUSE: 2022:1686-1 important: the Linux Kernel

May 16, 2022
An update that solves 13 vulnerabilities and has 16 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1011: Fixed a use-after-free flaw inside the FUSE filesystem in the way a user triggers write(). This flaw allowed a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation (bnc#1197343). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513). The following non-security bugs were fixed: - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (git-fixes) - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NFSv4: recover from pre-mature loss of openstateid (bsc#1196247). - NFSv4: Do not try to CLOSE if the stateid 'other' field has changed (bsc#1196247). - NFSv4: Fix a regression in nfs_set_open_stateid_locked() (bsc#1196247). - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1196247). - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1196247). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI/switchtec: Read all 64 bits of part_event_bitmap (git-fixes). - PCI: Add device even if driver attach failed (git-fixes). - PCI: Fix overflow in command-line resource alignment requests (git-fixes). - PCI: iproc: Fix out-of-bound array accesses (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Change duplicate PCI reset to phy reset (git-fixes). - PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0 (git-fixes). - RDMA/rxe: Missing unlock on error in get_srq_wqe() (git-fixes) - RDMA/rxe: Restore setting tot_len in the IPv4 header (git-fixes) - RDMA/rxe: Use the correct size of wqe when processing SRQ (git-fixes) - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status (git-fixes). - USB: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint (git-fixes) - arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ (git-fixes) - arm64: drop linker script hack to hide __efistub_ symbols (git-fixes) - arm64: fix for bad_mode() handler to always result in panic (git-fixes) - arm64: hibernate: Clean the __hyp_text to PoC after resume (git-fixes) - arm64: hyp-stub: Forbid kprobing of the hyp-stub (git-fixes) - arm64: kaslr: ensure randomized quantities are clean also when kaslr (git-fixes) - arm64: kaslr: ensure randomized quantities are clean to the PoC (git-fixes) - arm64: kprobe: Always blacklist the KVM world-switch code (git-fixes) - arm64: only advance singlestep for user instruction traps (git-fixes) - arm64: relocatable: fix inconsistencies in linker script and options (git-fixes) - ath10k: fix max antenna gain unit (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - backlight: pwm_bl: Improve bootloader/kernel device handover (bsc#1129770) - bnx2x: fix napi API usage sequence (bsc#1198217). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes). - char/mwave: Adjust io port register size (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - crypto: arm64/aes-ce-cipher - move assembler code to .S file (git-fixes) - fbmem: do not allow too huge resolutions (bsc#1129770) - fix parallelism for rpc tasks (bsc#1197663). - fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes). - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes). - i40e: add correct exception tracing for XDP (git-fixes). - i40e: optimize for XDP_REDIRECT in xsk path (git-fixes). - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes). - io-64-nonatomic: add io{read|write}64{_lo_hi|_hi_lo} macros (git-fixes). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: fix memory leak in em28xx_init_dev (git-fixes). - media: lmedm04: Fix misuse of comma (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - mt7601u: fix rx buffer refcounting (git-fixes). - mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - mxser: fix xmit_buf leak in activate when LSR == 0xff (git-fixes). - net/mlx5e: Reduce tc unsupported key print level (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - parisc/sticon: fix reverse colors (bsc#1129770) - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - ppp: ensure minimum packet size in ppp_write() (git-fixes). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - random: fix data race on crng_node_pool (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - tcp: Fix potential use-after-free due to double kfree() (bsc#1197075). - tcp: fix race condition when creating child sockets from syncookies (bsc#1197075). - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (bsc#1129770) - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (bsc#1129770) - video: fbdev: chipsfb: use memset_io() instead of memset() (bsc#1129770) - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (bsc#1129770) - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (bsc#1129770) - video: fbdev: sm712fb: Fix crash in smtcfb_read() (bsc#1129770) - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (bsc#1129770) - video: fbdev: udlfb: properly check endpoint type (bsc#1129770) - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). - xen/blkfront: fix comment for need_copy (git-fixes). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). - xen: fix is_xen_pmu() (git-fixes).

References

#1028340 #1071995 #1084513 #1114648 #1121726

#1129770 #1137728 #1172456 #1183723 #1187055

#1191647 #1191958 #1194625 #1196018 #1196247

#1197075 #1197343 #1197391 #1197663 #1197888

#1197914 #1198217 #1198413 #1198516 #1198687

#1198742 #1198825 #1198989 #1199012

Cross- CVE-2018-7755 CVE-2019-20811 CVE-2021-20292

CVE-2021-20321 CVE-2021-38208 CVE-2021-43389

CVE-2022-1011 CVE-2022-1280 CVE-2022-1353

CVE-2022-1419 CVE-2022-1516 CVE-2022-28356

CVE-2022-28748

CVSS scores:

CVE-2018-7755 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2018-7755 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2019-20811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVE-2019-20811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-43389 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1280 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2022-1280 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-28356 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

SUSE Linux Enterprise Desktop 12-SP5

SUSE Linux Enterprise High Availability 12-SP5

SUSE Linux Enterprise High Performance Computing 12-SP5

SUSE Linux Enterprise Live Patching 12-SP5

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP Applications 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Workstation Extension 12-SP5

https://www.suse.com/security/cve/CVE-2018-7755.html

https://www.suse.com/security/cve/CVE-2019-20811.html

https://www.suse.com/security/cve/CVE-2021-20292.html

https://www.suse.com/security/cve/CVE-2021-20321.html

https://www.suse.com/security/cve/CVE-2021-38208.html

https://www.suse.com/security/cve/CVE-2021-43389.html

https://www.suse.com/security/cve/CVE-2022-1011.html

https://www.suse.com/security/cve/CVE-2022-1280.html

https://www.suse.com/security/cve/CVE-2022-1353.html

https://www.suse.com/security/cve/CVE-2022-1419.html

https://www.suse.com/security/cve/CVE-2022-1516.html

https://www.suse.com/security/cve/CVE-2022-28356.html

https://www.suse.com/security/cve/CVE-2022-28748.html

https://bugzilla.suse.com/1028340

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1084513

https://bugzilla.suse.com/1114648

https://bugzilla.suse.com/1121726

https://bugzilla.suse.com/1129770

https://bugzilla.suse.com/1137728

https://bugzilla.suse.com/1172456

https://bugzilla.suse.com/1183723

https://bugzilla.suse.com/1187055

https://bugzilla.suse.com/1191647

https://bugzilla.suse.com/1191958

https://bugzilla.suse.com/1194625

https://bugzilla.suse.com/1196018

https://bugzilla.suse.com/1196247

https://bugzilla.suse.com/1197075

https://bugzilla.suse.com/1197343

https://bugzilla.suse.com/1197391

https://bugzilla.suse.com/1197663

https://bugzilla.suse.com/1197888

https://bugzilla.suse.com/1197914

https://bugzilla.suse.com/1198217

https://bugzilla.suse.com/1198413

https://bugzilla.suse.com/1198516

https://bugzilla.suse.com/1198687

https://bugzilla.suse.com/1198742

https://bugzilla.suse.com/1198825

https://bugzilla.suse.com/1198989

https://bugzilla.suse.com/1199012

Severity
Announcement ID: SUSE-SU-2022:1686-1
Rating: important

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.