SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2083-1
Rating:             important
References:         #1028340 #1065729 #1071995 #1114648 #1172456 
                    #1182171 #1183723 #1187055 #1191647 #1191958 
                    #1195651 #1196426 #1197099 #1197219 #1197343 
                    #1198400 #1198516 #1198660 #1198687 #1198742 
                    #1198825 #1199012 #1199063 #1199314 #1199399 
                    #1199426 #1199505 #1199605 #1199650 SLE-24124 
                    
Cross-References:   CVE-2019-20811 CVE-2021-20292 CVE-2021-20321
                    CVE-2021-33061 CVE-2021-38208 CVE-2021-39711
                    CVE-2021-43389 CVE-2022-1011 CVE-2022-1353
                    CVE-2022-1419 CVE-2022-1516 CVE-2022-1652
                    CVE-2022-1734 CVE-2022-21123 CVE-2022-21125
                    CVE-2022-21127 CVE-2022-21166 CVE-2022-21180
                    CVE-2022-30594
CVSS scores:
                    CVE-2019-20811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
                    CVE-2019-20811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
                    CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-43389 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
                    CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
                    CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise High Availability 12-SP4
                    SUSE Linux Enterprise High Performance Computing 12-SP4
                    SUSE Linux Enterprise Live Patching 12-SP4
                    SUSE Linux Enterprise Server 12-SP4
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________

   An update that solves 19 vulnerabilities, contains one
   feature and has 10 fixes is now available.

Description:


   The SUSE Linux Enterprise 12 SP4 kernel was updated.

   The following security bugs were fixed:

   - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-1652: Fixed a statically allocated error counter inside the
     floppy kernel module (bsc#1199063).
   - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
     cleanup routine and firmware download routine. (bnc#1199605)
   - CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect
     Size Value. This could lead to local information disclosure with System
     execution privileges needed. User interaction is not needed for
     exploitation (bnc#1197219).
   - CVE-2022-30594: Fixed restriction bypass on setting the
     PT_SUSPEND_SECCOMP flag (bnc#1199505).
   - CVE-2021-33061: Fixed insufficient control flow management for the
     Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed
     an authenticated user to potentially enable denial of service via local
     access (bnc#1196426).
   - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect
     (bsc#1199012).
   - CVE-2021-20321: Fixed a race condition accessing file object in the
     OverlayFS subsystem in the way users do rename in specific way with
     OverlayFS. A local user could have used this flaw to crash the system
     (bnc#1191647).
   - CVE-2022-1419: Fixed a concurrency use-after-free in
     vgem_gem_dumb_create (bsc#1198742).
   - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the
     detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
   - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and
     netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference
     count is mishandled (bnc#1172456).
   - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
     BUG) by making a getsockname call after a certain type of failure of a
     bind call (bnc#1187055).
   - CVE-2022-1353: Fixed access controll to kernel memory in the
     pfkey_register function in net/key/af_key.c. (bnc#1198516)
   - CVE-2021-20292: Fixed object validation prior to performing operations
     on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem
     (bnc#1183723).
   - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a
     local attacker to retireve (partial) /etc/shadow hashes or any other
     data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)

   The following non-security bugs were fixed:

   - btrfs: relocation: Only remove reloc rb_trees if reloc control has been
     initialized (bsc#1199399).
   - btrfs: relocation: Only remove reloc rb_trees if reloc control has been
     initialized (bsc#1199399).
   - debug: Lock down kgdb (bsc#1199426).
   - dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124).
   - lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099
     jsc#SLE-24124).
   - lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124).
   - linux/dim: Add completions count to dim_sample (bsc#1197099
     jsc#SLE-24124).
   - linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124).
   - linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099
     jsc#SLE-24124).
   - linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124).
   - linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124).
   - linux/dim: Remove "net" prefix from internal DIM members (bsc#1197099
     jsc#SLE-24124).
   - linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124).
   - linux/dim: Rename externally used net_dim members (bsc#1197099
     jsc#SLE-24124).
   - linux/dim: Rename net_dim_sample() to net_dim_update_sample()
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124).
   - net: ena: Add capabilities field with support for ENI stats capability
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: add device distinct log prefix to files (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Add first_interrupt field to napi struct (bsc#1197099
     jsc#SLE-24124).
   - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: add jiffies of last napi call to stats (bsc#1197099
     jsc#SLE-24124).
   - net: ena: add missing ethtool TX timestamping indication (bsc#1197099
     jsc#SLE-24124).
   - net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124).
   - net: ena: add support for reporting of packet drops (bsc#1197099
     jsc#SLE-24124).
   - net: ena: add support for the rx offset feature (bsc#1197099
     jsc#SLE-24124).
   - net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124).
   - net: ena: add unmask interrupts statistics to ethtool (bsc#1197099
     jsc#SLE-24124).
   - net: ena: aggregate stats increase into a function (bsc#1197099
     jsc#SLE-24124).
   - net: ena: allow setting the hash function without changing the key
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: avoid memory access violation by validating req_id properly
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: avoid unnecessary admin command when RSS function set fails
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: avoid unnecessary rearming of interrupt vector when
     busy-polling (bsc#1197099 jsc#SLE-24124).
   - net: ena: Capitalize all log strings and improve code readability
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: change default RSS hash function to Toeplitz (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Change ENI stats support check to use capabilities field
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: Change license into format to SPDX in all files (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Change log message to netif/dev function (bsc#1197099
     jsc#SLE-24124).
   - net: ena: change num_queues to num_io_queues for clarity and consistency
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: Change return value of ena_calc_io_queue_size() to void
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: Change RSS related macros and variables names (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Change the name of bad_csum variable (bsc#1197099
     jsc#SLE-24124).
   - net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124).
   - net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124).
   - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099
     jsc#SLE-24124).
   - net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124).
   - net: ena: cosmetic: extract code to ena_indirection_table_set()
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124).
   - net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124).
   - net: ena: cosmetic: fix spelling and grammar mistakes in comments
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124).
   - net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124).
   - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h
     macros (bsc#1197099 jsc#SLE-24124).
   - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation()
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099
     jsc#SLE-24124).
   - net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124).
   - net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124).
   - net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099
     jsc#SLE-24124).
   - net: ena: enable support of rss hash key and function changes
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: enable the interrupt_moderation in driver_supported_features
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124).
   - net: ena: ethtool: clean up minor indentation issue (bsc#1197099
     jsc#SLE-24124).
   - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099
     jsc#SLE-24124).
   - net: ena: ethtool: get_channels: use combined only (bsc#1197099
     jsc#SLE-24124).
   - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099
     jsc#SLE-24124).
   - net: ena: ethtool: support set_channels callback (bsc#1197099
     jsc#SLE-24124).
   - net: ena: ethtool: use correct value for crc32 hash (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124).
   - net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124).
   - net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124).
   - net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124).
   - net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099
     jsc#SLE-24124).
   - net: ena: fix default tx interrupt moderation interval (bsc#1197099
     jsc#SLE-24124).
   - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Fix error handling when calculating max IO queues number
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: fix error returning in ena_com_get_hash_function()
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124).
   - net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124).
   - net: ena: fix incorrect setting of the number of msix vectors     (bsc#1197099 jsc#SLE-24124).
   - net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099
     jsc#SLE-24124).
   - net: ena: fix incorrectly saving queue numbers when setting RSS
     indirection table (bsc#1197099 jsc#SLE-24124).
   - net: ena: fix issues in setting interrupt moderation params in ethtool
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: fix packet's addresses for rx_offset feature (bsc#1197099
     jsc#SLE-24124).
   - net: ena: fix potential crash when rxfh key is NULL (bsc#1197099
     jsc#SLE-24124).
   - net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099
     jsc#SLE-24124).
   - net: ena: fix retrieval of nonadaptive interrupt moderation intervals
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: fix update of interrupt moderation register (bsc#1197099
     jsc#SLE-24124).
   - net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124).
   - net: ena: Fix using plain integer as NULL pointer in
     ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124).
   - net: ena: Fix wrong rx request id by resetting device (bsc#1197099
     jsc#SLE-24124).
   - net: ena: handle bad request id in ena_netdev (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124).
   - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099
     jsc#SLE-24124).
   - net: ena: make ethtool -l show correct max number of queues (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124).
   - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099
     jsc#SLE-24124).
   - net: ena: move llq configuration from ena_probe to ena_device_init()
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: Move reset completion print to the reset function (bsc#1197099
     jsc#SLE-24124).
   - net: ena: multiple queue creation related cleanups (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Prevent reset after device destruction (bsc#1197099
     jsc#SLE-24124).
   - net: ena: re-organize code to improve readability (bsc#1197099
     jsc#SLE-24124).
   - net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124).
   - net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124).
   - net: ena: remove all old adaptive rx interrupt moderation code from
     ena_com (bsc#1197099 jsc#SLE-24124).
   - net: ena: remove code duplication in
     ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099
     jsc#SLE-24124).
   - net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124).
   - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099
     jsc#SLE-24124).
   - net: ena: remove ena_restore_ethtool_params() and relevant fields
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124).
   - net: ena: Remove module param and change message severity (bsc#1197099
     jsc#SLE-24124).
   - net: ena: remove old adaptive interrupt moderation code from ena_netdev
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: remove redundant print of number of queues (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Remove redundant print of placement policy (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124).
   - net: ena: remove set but not used variable 'hash_key' (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124).
   - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099
     jsc#SLE-24124).
   - net: ena: rss: do not allocate key when not supported (bsc#1197099
     jsc#SLE-24124).
   - net: ena: rss: fix failure to get indirection table (bsc#1197099
     jsc#SLE-24124).
   - net: ena: rss: store hash function as values and not bits (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124).
   - net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099
     jsc#SLE-24124).
   - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099
     jsc#SLE-24124).
   - net: ena: store values in their appropriate variables types (bsc#1197099
     jsc#SLE-24124).
   - net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124).
   - net: ena: switch to dim algorithm for rx adaptive interrupt moderation
     (bsc#1197099 jsc#SLE-24124).
   - net: ena: use constant value for net_device allocation (bsc#1197099
     jsc#SLE-24124).
   - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099
     jsc#SLE-24124).
   - net: ena: use explicit variable size for clarity (bsc#1197099
     jsc#SLE-24124).
   - net: ena: use SHUTDOWN as reset reason when closing interface
     (bsc#1197099 jsc#SLE-24124).
   - net: mana: Add counter for packet dropped by XDP (bsc#1195651).
   - net: mana: Add counter for XDP_TX (bsc#1195651).
   - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
   - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
     (bsc#1195651).
   - net: mana: Reuse XDP dropped page (bsc#1195651).
   - net: mana: Use struct_size() helper in mana_gd_create_dma_region()
     (bsc#1195651).
   - net: update net_dim documentation after rename (bsc#1197099
     jsc#SLE-24124).
   - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
     (bsc#1199314).
   - powerpc/pseries: extract host bridge from pci_bus prior to bus removal
     (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803).
   - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729
     bsc#1198660 ltc#197803).
   - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340
     bsc#1198825).
   - x86/pm: Save the MSR validity status at context setup (bsc#1114648).
   - x86/speculation: Restore speculation related MSRs during S3 resume
     (bsc#1114648).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2083=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2083=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2083=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2083=1

   - SUSE Linux Enterprise Live Patching 12-SP4:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2083=1

   - SUSE Linux Enterprise High Availability 12-SP4:

      zypper in -t patch SUSE-SLE-HA-12-SP4-2022-2083=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      kernel-devel-4.12.14-95.99.2
      kernel-macros-4.12.14-95.99.2
      kernel-source-4.12.14-95.99.2

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      kernel-default-4.12.14-95.99.3
      kernel-default-base-4.12.14-95.99.3
      kernel-default-base-debuginfo-4.12.14-95.99.3
      kernel-default-debuginfo-4.12.14-95.99.3
      kernel-default-debugsource-4.12.14-95.99.3
      kernel-default-devel-4.12.14-95.99.3
      kernel-default-devel-debuginfo-4.12.14-95.99.3
      kernel-syms-4.12.14-95.99.2

   - SUSE OpenStack Cloud 9 (noarch):

      kernel-devel-4.12.14-95.99.2
      kernel-macros-4.12.14-95.99.2
      kernel-source-4.12.14-95.99.2

   - SUSE OpenStack Cloud 9 (x86_64):

      kernel-default-4.12.14-95.99.3
      kernel-default-base-4.12.14-95.99.3
      kernel-default-base-debuginfo-4.12.14-95.99.3
      kernel-default-debuginfo-4.12.14-95.99.3
      kernel-default-debugsource-4.12.14-95.99.3
      kernel-default-devel-4.12.14-95.99.3
      kernel-default-devel-debuginfo-4.12.14-95.99.3
      kernel-syms-4.12.14-95.99.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      kernel-default-4.12.14-95.99.3
      kernel-default-base-4.12.14-95.99.3
      kernel-default-base-debuginfo-4.12.14-95.99.3
      kernel-default-debuginfo-4.12.14-95.99.3
      kernel-default-debugsource-4.12.14-95.99.3
      kernel-default-devel-4.12.14-95.99.3
      kernel-syms-4.12.14-95.99.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):

      kernel-devel-4.12.14-95.99.2
      kernel-macros-4.12.14-95.99.2
      kernel-source-4.12.14-95.99.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-95.99.3

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-95.99.3
      kernel-default-base-4.12.14-95.99.3
      kernel-default-base-debuginfo-4.12.14-95.99.3
      kernel-default-debuginfo-4.12.14-95.99.3
      kernel-default-debugsource-4.12.14-95.99.3
      kernel-default-devel-4.12.14-95.99.3
      kernel-syms-4.12.14-95.99.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64):

      kernel-default-devel-debuginfo-4.12.14-95.99.3

   - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):

      kernel-devel-4.12.14-95.99.2
      kernel-macros-4.12.14-95.99.2
      kernel-source-4.12.14-95.99.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x):

      kernel-default-man-4.12.14-95.99.3

   - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):

      kernel-default-kgraft-4.12.14-95.99.3
      kernel-default-kgraft-devel-4.12.14-95.99.3
      kgraft-patch-4_12_14-95_99-default-1-6.3.3

   - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-95.99.3
      cluster-md-kmp-default-debuginfo-4.12.14-95.99.3
      dlm-kmp-default-4.12.14-95.99.3
      dlm-kmp-default-debuginfo-4.12.14-95.99.3
      gfs2-kmp-default-4.12.14-95.99.3
      gfs2-kmp-default-debuginfo-4.12.14-95.99.3
      kernel-default-debuginfo-4.12.14-95.99.3
      kernel-default-debugsource-4.12.14-95.99.3
      ocfs2-kmp-default-4.12.14-95.99.3
      ocfs2-kmp-default-debuginfo-4.12.14-95.99.3


References:

   https://www.suse.com/security/cve/CVE-2019-20811.html
   https://www.suse.com/security/cve/CVE-2021-20292.html
   https://www.suse.com/security/cve/CVE-2021-20321.html
   https://www.suse.com/security/cve/CVE-2021-33061.html
   https://www.suse.com/security/cve/CVE-2021-38208.html
   https://www.suse.com/security/cve/CVE-2021-39711.html
   https://www.suse.com/security/cve/CVE-2021-43389.html
   https://www.suse.com/security/cve/CVE-2022-1011.html
   https://www.suse.com/security/cve/CVE-2022-1353.html
   https://www.suse.com/security/cve/CVE-2022-1419.html
   https://www.suse.com/security/cve/CVE-2022-1516.html
   https://www.suse.com/security/cve/CVE-2022-1652.html
   https://www.suse.com/security/cve/CVE-2022-1734.html
   https://www.suse.com/security/cve/CVE-2022-21123.html
   https://www.suse.com/security/cve/CVE-2022-21125.html
   https://www.suse.com/security/cve/CVE-2022-21127.html
   https://www.suse.com/security/cve/CVE-2022-21166.html
   https://www.suse.com/security/cve/CVE-2022-21180.html
   https://www.suse.com/security/cve/CVE-2022-30594.html
   https://bugzilla.suse.com/1028340
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1172456
   https://bugzilla.suse.com/1182171
   https://bugzilla.suse.com/1183723
   https://bugzilla.suse.com/1187055
   https://bugzilla.suse.com/1191647
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1195651
   https://bugzilla.suse.com/1196426
   https://bugzilla.suse.com/1197099
   https://bugzilla.suse.com/1197219
   https://bugzilla.suse.com/1197343
   https://bugzilla.suse.com/1198400
   https://bugzilla.suse.com/1198516
   https://bugzilla.suse.com/1198660
   https://bugzilla.suse.com/1198687
   https://bugzilla.suse.com/1198742
   https://bugzilla.suse.com/1198825
   https://bugzilla.suse.com/1199012
   https://bugzilla.suse.com/1199063
   https://bugzilla.suse.com/1199314
   https://bugzilla.suse.com/1199399
   https://bugzilla.suse.com/1199426
   https://bugzilla.suse.com/1199505
   https://bugzilla.suse.com/1199605
   https://bugzilla.suse.com/1199650

SUSE: 2022:2083-1 important: the Linux Kernel

June 14, 2022
An update that solves 19 vulnerabilities, contains one feature and has 10 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - debug: Lock down kgdb (bsc#1199426). - dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124). - lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124). - linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124). - linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124). - linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#SLE-24124). - linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124). - linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099 jsc#SLE-24124). - net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24124). - net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24124). - net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#SLE-24124). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1197099 jsc#SLE-24124). - net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24124). - net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#SLE-24124). - net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124). - net: ena: add support for reporting of packet drops (bsc#1197099 jsc#SLE-24124). - net: ena: add support for the rx offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124). - net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24124). - net: ena: allow setting the hash function without changing the key (bsc#1197099 jsc#SLE-24124). - net: ena: avoid memory access violation by validating req_id properly (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1197099 jsc#SLE-24124). - net: ena: Capitalize all log strings and improve code readability (bsc#1197099 jsc#SLE-24124). - net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#SLE-24124). - net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24124). - net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#SLE-24124). - net: ena: Change log message to netif/dev function (bsc#1197099 jsc#SLE-24124). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1197099 jsc#SLE-24124). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24124). - net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#SLE-24124). - net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124). - net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124). - net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc#SLE-24124). - net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124). - net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124). - net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#SLE-24124). - net: ena: enable support of rss hash key and function changes (bsc#1197099 jsc#SLE-24124). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#SLE-24124). - net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124). - net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124). - net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124). - net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124). - net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#SLE-24124). - net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#SLE-24124). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#SLE-24124). - net: ena: Fix error handling when calculating max IO queues number (bsc#1197099 jsc#SLE-24124). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099 jsc#SLE-24124). - net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#SLE-24124). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1197099 jsc#SLE-24124). - net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#SLE-24124). - net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124). - net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24124). - net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#SLE-24124). - net: ena: make ethtool -l show correct max number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24124). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1197099 jsc#SLE-24124). - net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24124). - net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#SLE-24124). - net: ena: Prevent reset after device destruction (bsc#1197099 jsc#SLE-24124). - net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24124). - net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124). - net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1197099 jsc#SLE-24124). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#SLE-24124). - net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24124). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1197099 jsc#SLE-24124). - net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124). - net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24124). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: remove redundant print of number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124). - net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#SLE-24124). - net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099 jsc#SLE-24124). - net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#SLE-24124). - net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#SLE-24124). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124). - net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc#SLE-24124). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#SLE-24124). - net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24124). - net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1197099 jsc#SLE-24124). - net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24124). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24124). - net: ena: use explicit variable size for clarity (bsc#1197099 jsc#SLE-24124). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099 jsc#SLE-24124). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648).

References

#1028340 #1065729 #1071995 #1114648 #1172456

#1182171 #1183723 #1187055 #1191647 #1191958

#1195651 #1196426 #1197099 #1197219 #1197343

#1198400 #1198516 #1198660 #1198687 #1198742

#1198825 #1199012 #1199063 #1199314 #1199399

#1199426 #1199505 #1199605 #1199650 SLE-24124

Cross- CVE-2019-20811 CVE-2021-20292 CVE-2021-20321

CVE-2021-33061 CVE-2021-38208 CVE-2021-39711

CVE-2021-43389 CVE-2022-1011 CVE-2022-1353

CVE-2022-1419 CVE-2022-1516 CVE-2022-1652

CVE-2022-1734 CVE-2022-21123 CVE-2022-21125

CVE-2022-21127 CVE-2022-21166 CVE-2022-21180

CVE-2022-30594

CVSS scores:

CVE-2019-20811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVE-2019-20811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-43389 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise High Availability 12-SP4

SUSE Linux Enterprise High Performance Computing 12-SP4

SUSE Linux Enterprise Live Patching 12-SP4

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP4-LTSS

SUSE Linux Enterprise Server for SAP 12-SP4

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 9

https://www.suse.com/security/cve/CVE-2019-20811.html

https://www.suse.com/security/cve/CVE-2021-20292.html

https://www.suse.com/security/cve/CVE-2021-20321.html

https://www.suse.com/security/cve/CVE-2021-33061.html

https://www.suse.com/security/cve/CVE-2021-38208.html

https://www.suse.com/security/cve/CVE-2021-39711.html

https://www.suse.com/security/cve/CVE-2021-43389.html

https://www.suse.com/security/cve/CVE-2022-1011.html

https://www.suse.com/security/cve/CVE-2022-1353.html

https://www.suse.com/security/cve/CVE-2022-1419.html

https://www.suse.com/security/cve/CVE-2022-1516.html

https://www.suse.com/security/cve/CVE-2022-1652.html

https://www.suse.com/security/cve/CVE-2022-1734.html

https://www.suse.com/security/cve/CVE-2022-21123.html

https://www.suse.com/security/cve/CVE-2022-21125.html

https://www.suse.com/security/cve/CVE-2022-21127.html

https://www.suse.com/security/cve/CVE-2022-21166.html

https://www.suse.com/security/cve/CVE-2022-21180.html

https://www.suse.com/security/cve/CVE-2022-30594.html

https://bugzilla.suse.com/1028340

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1114648

https://bugzilla.suse.com/1172456

https://bugzilla.suse.com/1182171

https://bugzilla.suse.com/1183723

https://bugzilla.suse.com/1187055

https://bugzilla.suse.com/1191647

https://bugzilla.suse.com/1191958

https://bugzilla.suse.com/1195651

https://bugzilla.suse.com/1196426

https://bugzilla.suse.com/1197099

https://bugzilla.suse.com/1197219

https://bugzilla.suse.com/1197343

https://bugzilla.suse.com/1198400

https://bugzilla.suse.com/1198516

https://bugzilla.suse.com/1198660

https://bugzilla.suse.com/1198687

https://bugzilla.suse.com/1198742

https://bugzilla.suse.com/1198825

https://bugzilla.suse.com/1199012

https://bugzilla.suse.com/1199063

https://bugzilla.suse.com/1199314

https://bugzilla.suse.com/1199399

https://bugzilla.suse.com/1199426

https://bugzilla.suse.com/1199505

https://bugzilla.suse.com/1199605

https://bugzilla.suse.com/1199650

Severity
Announcement ID: SUSE-SU-2022:2083-1
Rating: important

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved