SUSE: 2022:2104-1 important: the Linux Kernel | LinuxSecurity.com

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2104-1
Rating:             important
References:         #1028340 #1065729 #1071995 #1158266 #1177282 
                    #1191647 #1195651 #1195926 #1196114 #1196367 
                    #1196426 #1196433 #1196514 #1196570 #1196942 
                    #1197157 #1197343 #1197472 #1197656 #1197660 
                    #1197895 #1198330 #1198400 #1198484 #1198516 
                    #1198577 #1198660 #1198687 #1198778 #1198825 
                    #1199012 #1199063 #1199314 #1199505 #1199507 
                    #1199605 #1199650 #1199918 #1200015 #1200143 
                    #1200144 #1200249 SLE-18234 
Cross-References:   CVE-2019-19377 CVE-2020-26541 CVE-2021-20321
                    CVE-2021-33061 CVE-2022-0168 CVE-2022-1011
                    CVE-2022-1158 CVE-2022-1184 CVE-2022-1353
                    CVE-2022-1516 CVE-2022-1652 CVE-2022-1729
                    CVE-2022-1734 CVE-2022-1966 CVE-2022-1974
                    CVE-2022-1975 CVE-2022-21123 CVE-2022-21125
                    CVE-2022-21127 CVE-2022-21166 CVE-2022-21180
                    CVE-2022-28893 CVE-2022-30594
CVSS scores:
                    CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-0168 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
                    CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
                    CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
                    CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-28893 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-28893 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Enterprise Storage 7
                    SUSE Linux Enterprise High Availability 15-SP2
                    SUSE Linux Enterprise High Performance Computing 15-SP2
                    SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
                    SUSE Linux Enterprise Module for Live Patching 15-SP2
                    SUSE Linux Enterprise Server 15-SP2
                    SUSE Linux Enterprise Server 15-SP2-BCL
                    SUSE Linux Enterprise Server 15-SP2-LTSS
                    SUSE Linux Enterprise Server for SAP 15-SP2
                    SUSE Linux Enterprise Server for SAP Applications 15-SP2
                    SUSE Manager Proxy 4.1
                    SUSE Manager Retail Branch Server 4.1
                    SUSE Manager Server 4.1
______________________________________________________________________________

   An update that solves 23 vulnerabilities, contains one
   feature and has 19 fixes is now available.

Description:


   The SUSE Linux Enterprise 15 SP2 kernel was updated.

   The following security bugs were fixed:

   - CVE-2022-0168: Fixed a NULL pointer dereference in
     smb2_ioctl_query_info. (bsc#1197472)
   - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem.
     This flaw allowed a local attacker with user access to cause a privilege
     escalation issue. (bnc#1200015)
   - CVE-2022-28893: Ensuring that sockets are in the intended state inside
     the SUNRPC subsystem (bnc#1198330).
   - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the
     user address (bsc#1197660).
   - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux
     kernel by simulating nfc device from user-space. (bsc#1200143)
   - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
     simulating an nfc device from user-space. (bsc#1200144)
   - CVE-2020-26541: Enforce the secure boot forbidden signature database
     (aka dbx) protection mechanism. (bnc#1177282)
   - CVE-2019-19377: Fixed an user-after-free that could be triggered when an
     attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
   - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
     (bsc#1199507).
   - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
     mounting and operating on a corrupted image. (bsc#1198577)
   - CVE-2022-1652: Fixed a statically allocated error counter inside the
     floppy kernel module (bsc#1199063).
   - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
     cleanup routine and firmware download routine. (bnc#1199605)
   - CVE-2022-30594: Fixed restriction bypass on setting the
     PT_SUSPEND_SECCOMP flag (bnc#1199505).
   - CVE-2021-33061: Fixed insufficient control flow management for the
     Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed
     an authenticated user to potentially enable denial of service via local
     access (bnc#1196426).
   - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect
     (bsc#1199012).
   - CVE-2021-20321: Fixed a race condition accessing file object in the
     OverlayFS subsystem in the way users do rename in specific way with
     OverlayFS. A local user could have used this flaw to crash the system
     (bnc#1191647).
   - CVE-2022-1353: Fixed access controll to kernel memory in the
     pfkey_register function in net/key/af_key.c. (bnc#1198516)
   - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a
     local attacker to retireve (partial) /etc/shadow hashes or any other
     data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)

   The following non-security bugs were fixed:

   - btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
   - cifs: fix bad fids sent over wire (bsc#1197157).
   - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).
   - direct-io: defer alignment check until after the EOF check (bsc#1197656).
   - direct-io: do not force writeback for reads beyond EOF (bsc#1197656).
   - net: ena: A typo fix in the file ena_com.h (bsc#1198778).
   - net: ena: Add capabilities field with support for ENI stats capability
     (bsc#1198778).
   - net: ena: Add debug prints for invalid req_id resets (bsc#1198778).
   - net: ena: add device distinct log prefix to files (bsc#1198778).
   - net: ena: add jiffies of last napi call to stats (bsc#1198778).
   - net: ena: aggregate doorbell common operations into a function
     (bsc#1198778).
   - net: ena: aggregate stats increase into a function (bsc#1198778).
   - net: ena: Change ENI stats support check to use capabilities field
     (bsc#1198778).
   - net: ena: Change return value of ena_calc_io_queue_size() to void
     (bsc#1198778).
   - net: ena: Change the name of bad_csum variable (bsc#1198778).
   - net: ena: Extract recurring driver reset code into a function
     (bsc#1198778).
   - net: ena: fix coding style nits (bsc#1198778).
   - net: ena: fix DMA mapping function issues in XDP (bsc#1198778).
   - net: ena: Fix error handling when calculating max IO queues number
     (bsc#1198778).
   - net: ena: fix inaccurate print type (bsc#1198778).
   - net: ena: Fix undefined state when tx request id is out of bounds
     (bsc#1198778).
   - net: ena: Fix wrong rx request id by resetting device (bsc#1198778).
   - net: ena: Improve error logging in driver (bsc#1198778).
   - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT
     (bsc#1198778).
   - net: ena: introduce XDP redirect implementation (bsc#1198778).
   - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778).
   - net: ena: Move reset completion print to the reset function
     (bsc#1198778).
   - net: ena: optimize data access in fast-path code (bsc#1198778).
   - net: ena: re-organize code to improve readability (bsc#1198778).
   - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778).
   - net: ena: remove extra words from comments (bsc#1198778).
   - net: ena: Remove module param and change message severity (bsc#1198778).
   - net: ena: Remove rcu_read_lock() around XDP program invocation
     (bsc#1198778).
   - net: ena: Remove redundant return code check (bsc#1198778).
   - net: ena: Remove unused code (bsc#1198778).
   - net: ena: store values in their appropriate variables types
     (bsc#1198778).
   - net: ena: Update XDP verdict upon failure (bsc#1198778).
   - net: ena: use build_skb() in RX path (bsc#1198778).
   - net: ena: use constant value for net_device allocation (bsc#1198778).
   - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778).
   - net: ena: use xdp_frame in XDP TX flow (bsc#1198778).
   - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778).
   - net: mana: Add counter for packet dropped by XDP (bsc#1195651).
   - net: mana: Add counter for XDP_TX (bsc#1195651).
   - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
   - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
     (bsc#1195651).
   - net: mana: Reuse XDP dropped page (bsc#1195651).
   - net: mana: Use struct_size() helper in mana_gd_create_dma_region()
     (bsc#1195651).
   - NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
   - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
     (bsc#1199314).
   - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1199918).
   - ping: remove pr_err from ping_lookup (bsc#1199918).
   - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433
     ltc#196449).
   - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449).
   - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729
     bsc#1198660 ltc#197803).
   - sched/rt: Disable RT_RUNTIME_SHARE by default (bnc#1197895).
   - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340
     bsc#1198825).
   - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
   - video: hyperv_fb: Fix validation of screen resolution (git-fixes).
   - x86/pm: Save the MSR validity status at context setup (bsc#1198400).
   - x86/speculation: Restore speculation related MSRs during S3 resume
     (bsc#1198400).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2104=1

   - SUSE Manager Retail Branch Server 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2104=1

   - SUSE Manager Proxy 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2104=1

   - SUSE Linux Enterprise Server for SAP 15-SP2:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2104=1

   - SUSE Linux Enterprise Server 15-SP2-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2104=1

   - SUSE Linux Enterprise Server 15-SP2-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2104=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2104=1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2104=1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2104=1

   - SUSE Linux Enterprise High Availability 15-SP2:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2104=1

   - SUSE Enterprise Storage 7:

      zypper in -t patch SUSE-Storage-7-2022-2104=1



Package List:

   - SUSE Manager Server 4.1 (ppc64le s390x x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1
      reiserfs-kmp-default-5.3.18-150200.24.115.1
      reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Manager Server 4.1 (x86_64):

      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1

   - SUSE Manager Server 4.1 (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Manager Retail Branch Server 4.1 (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Manager Retail Branch Server 4.1 (x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1
      reiserfs-kmp-default-5.3.18-150200.24.115.1
      reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Manager Proxy 4.1 (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Manager Proxy 4.1 (x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1
      reiserfs-kmp-default-5.3.18-150200.24.115.1
      reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1
      reiserfs-kmp-default-5.3.18-150200.24.115.1
      reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):

      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1
      reiserfs-kmp-default-5.3.18-150200.24.115.1
      reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64):

      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server 15-SP2-BCL (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-livepatch-5.3.18-150200.24.115.1
      kernel-default-livepatch-devel-5.3.18-150200.24.115.1
      kernel-livepatch-5_3_18-150200_24_115-default-1-150200.5.3.1
      kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-1-150200.5.3.1
      kernel-livepatch-SLE15-SP2_Update_27-debugsource-1-150200.5.3.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1

   - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-150200.24.115.1
      cluster-md-kmp-default-debuginfo-5.3.18-150200.24.115.1
      dlm-kmp-default-5.3.18-150200.24.115.1
      dlm-kmp-default-debuginfo-5.3.18-150200.24.115.1
      gfs2-kmp-default-5.3.18-150200.24.115.1
      gfs2-kmp-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      ocfs2-kmp-default-5.3.18-150200.24.115.1
      ocfs2-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Enterprise Storage 7 (aarch64 x86_64):

      kernel-default-5.3.18-150200.24.115.1
      kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1
      kernel-default-debuginfo-5.3.18-150200.24.115.1
      kernel-default-debugsource-5.3.18-150200.24.115.1
      kernel-default-devel-5.3.18-150200.24.115.1
      kernel-default-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-obs-build-5.3.18-150200.24.115.1
      kernel-obs-build-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-5.3.18-150200.24.115.1
      kernel-preempt-debuginfo-5.3.18-150200.24.115.1
      kernel-preempt-debugsource-5.3.18-150200.24.115.1
      kernel-preempt-devel-5.3.18-150200.24.115.1
      kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1
      kernel-syms-5.3.18-150200.24.115.1
      reiserfs-kmp-default-5.3.18-150200.24.115.1
      reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1

   - SUSE Enterprise Storage 7 (noarch):

      kernel-devel-5.3.18-150200.24.115.1
      kernel-docs-5.3.18-150200.24.115.1
      kernel-macros-5.3.18-150200.24.115.1
      kernel-source-5.3.18-150200.24.115.1


References:

   https://www.suse.com/security/cve/CVE-2019-19377.html
   https://www.suse.com/security/cve/CVE-2020-26541.html
   https://www.suse.com/security/cve/CVE-2021-20321.html
   https://www.suse.com/security/cve/CVE-2021-33061.html
   https://www.suse.com/security/cve/CVE-2022-0168.html
   https://www.suse.com/security/cve/CVE-2022-1011.html
   https://www.suse.com/security/cve/CVE-2022-1158.html
   https://www.suse.com/security/cve/CVE-2022-1184.html
   https://www.suse.com/security/cve/CVE-2022-1353.html
   https://www.suse.com/security/cve/CVE-2022-1516.html
   https://www.suse.com/security/cve/CVE-2022-1652.html
   https://www.suse.com/security/cve/CVE-2022-1729.html
   https://www.suse.com/security/cve/CVE-2022-1734.html
   https://www.suse.com/security/cve/CVE-2022-1966.html
   https://www.suse.com/security/cve/CVE-2022-1974.html
   https://www.suse.com/security/cve/CVE-2022-1975.html
   https://www.suse.com/security/cve/CVE-2022-21123.html
   https://www.suse.com/security/cve/CVE-2022-21125.html
   https://www.suse.com/security/cve/CVE-2022-21127.html
   https://www.suse.com/security/cve/CVE-2022-21166.html
   https://www.suse.com/security/cve/CVE-2022-21180.html
   https://www.suse.com/security/cve/CVE-2022-28893.html
   https://www.suse.com/security/cve/CVE-2022-30594.html
   https://bugzilla.suse.com/1028340
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1158266
   https://bugzilla.suse.com/1177282
   https://bugzilla.suse.com/1191647
   https://bugzilla.suse.com/1195651
   https://bugzilla.suse.com/1195926
   https://bugzilla.suse.com/1196114
   https://bugzilla.suse.com/1196367
   https://bugzilla.suse.com/1196426
   https://bugzilla.suse.com/1196433
   https://bugzilla.suse.com/1196514
   https://bugzilla.suse.com/1196570
   https://bugzilla.suse.com/1196942
   https://bugzilla.suse.com/1197157
   https://bugzilla.suse.com/1197343
   https://bugzilla.suse.com/1197472
   https://bugzilla.suse.com/1197656
   https://bugzilla.suse.com/1197660
   https://bugzilla.suse.com/1197895
   https://bugzilla.suse.com/1198330
   https://bugzilla.suse.com/1198400
   https://bugzilla.suse.com/1198484
   https://bugzilla.suse.com/1198516
   https://bugzilla.suse.com/1198577
   https://bugzilla.suse.com/1198660
   https://bugzilla.suse.com/1198687
   https://bugzilla.suse.com/1198778
   https://bugzilla.suse.com/1198825
   https://bugzilla.suse.com/1199012
   https://bugzilla.suse.com/1199063
   https://bugzilla.suse.com/1199314
   https://bugzilla.suse.com/1199505
   https://bugzilla.suse.com/1199507
   https://bugzilla.suse.com/1199605
   https://bugzilla.suse.com/1199650
   https://bugzilla.suse.com/1199918
   https://bugzilla.suse.com/1200015
   https://bugzilla.suse.com/1200143
   https://bugzilla.suse.com/1200144
   https://bugzilla.suse.com/1200249

SUSE: 2022:2104-1 important: the Linux Kernel

June 16, 2022
An update that solves 23 vulnerabilities, contains one feature and has 19 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cifs: fix bad fids sent over wire (bsc#1197157). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - net: ena: A typo fix in the file ena_com.h (bsc#1198778). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198778). - net: ena: Fix wrong rx request id by resetting device (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: optimize data access in fast-path code (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1199918). - ping: remove pr_err from ping_lookup (bsc#1199918). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - sched/rt: Disable RT_RUNTIME_SHARE by default (bnc#1197895). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400).

References

#1028340 #1065729 #1071995 #1158266 #1177282

#1191647 #1195651 #1195926 #1196114 #1196367

#1196426 #1196433 #1196514 #1196570 #1196942

#1197157 #1197343 #1197472 #1197656 #1197660

#1197895 #1198330 #1198400 #1198484 #1198516

#1198577 #1198660 #1198687 #1198778 #1198825

#1199012 #1199063 #1199314 #1199505 #1199507

#1199605 #1199650 #1199918 #1200015 #1200143

#1200144 #1200249 SLE-18234

Cross- CVE-2019-19377 CVE-2020-26541 CVE-2021-20321

CVE-2021-33061 CVE-2022-0168 CVE-2022-1011

CVE-2022-1158 CVE-2022-1184 CVE-2022-1353

CVE-2022-1516 CVE-2022-1652 CVE-2022-1729

CVE-2022-1734 CVE-2022-1966 CVE-2022-1974

CVE-2022-1975 CVE-2022-21123 CVE-2022-21125

CVE-2022-21127 CVE-2022-21166 CVE-2022-21180

CVE-2022-28893 CVE-2022-30594

CVSS scores:

CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-0168 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-28893 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-28893 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Availability 15-SP2

SUSE Linux Enterprise High Performance Computing 15-SP2

SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS

SUSE Linux Enterprise Module for Live Patching 15-SP2

SUSE Linux Enterprise Server 15-SP2

SUSE Linux Enterprise Server 15-SP2-BCL

SUSE Linux Enterprise Server 15-SP2-LTSS

SUSE Linux Enterprise Server for SAP 15-SP2

SUSE Linux Enterprise Server for SAP Applications 15-SP2

SUSE Manager Proxy 4.1

SUSE Manager Retail Branch Server 4.1

SUSE Manager Server 4.1

https://www.suse.com/security/cve/CVE-2019-19377.html

https://www.suse.com/security/cve/CVE-2020-26541.html

https://www.suse.com/security/cve/CVE-2021-20321.html

https://www.suse.com/security/cve/CVE-2021-33061.html

https://www.suse.com/security/cve/CVE-2022-0168.html

https://www.suse.com/security/cve/CVE-2022-1011.html

https://www.suse.com/security/cve/CVE-2022-1158.html

https://www.suse.com/security/cve/CVE-2022-1184.html

https://www.suse.com/security/cve/CVE-2022-1353.html

https://www.suse.com/security/cve/CVE-2022-1516.html

https://www.suse.com/security/cve/CVE-2022-1652.html

https://www.suse.com/security/cve/CVE-2022-1729.html

https://www.suse.com/security/cve/CVE-2022-1734.html

https://www.suse.com/security/cve/CVE-2022-1966.html

https://www.suse.com/security/cve/CVE-2022-1974.html

https://www.suse.com/security/cve/CVE-2022-1975.html

https://www.suse.com/security/cve/CVE-2022-21123.html

https://www.suse.com/security/cve/CVE-2022-21125.html

https://www.suse.com/security/cve/CVE-2022-21127.html

https://www.suse.com/security/cve/CVE-2022-21166.html

https://www.suse.com/security/cve/CVE-2022-21180.html

https://www.suse.com/security/cve/CVE-2022-28893.html

https://www.suse.com/security/cve/CVE-2022-30594.html

https://bugzilla.suse.com/1028340

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1158266

https://bugzilla.suse.com/1177282

https://bugzilla.suse.com/1191647

https://bugzilla.suse.com/1195651

https://bugzilla.suse.com/1195926

https://bugzilla.suse.com/1196114

https://bugzilla.suse.com/1196367

https://bugzilla.suse.com/1196426

https://bugzilla.suse.com/1196433

https://bugzilla.suse.com/1196514

https://bugzilla.suse.com/1196570

https://bugzilla.suse.com/1196942

https://bugzilla.suse.com/1197157

https://bugzilla.suse.com/1197343

https://bugzilla.suse.com/1197472

https://bugzilla.suse.com/1197656

https://bugzilla.suse.com/1197660

https://bugzilla.suse.com/1197895

https://bugzilla.suse.com/1198330

https://bugzilla.suse.com/1198400

https://bugzilla.suse.com/1198484

https://bugzilla.suse.com/1198516

https://bugzilla.suse.com/1198577

https://bugzilla.suse.com/1198660

https://bugzilla.suse.com/1198687

https://bugzilla.suse.com/1198778

https://bugzilla.suse.com/1198825

https://bugzilla.suse.com/1199012

https://bugzilla.suse.com/1199063

https://bugzilla.suse.com/1199314

https://bugzilla.suse.com/1199505

https://bugzilla.suse.com/1199507

https://bugzilla.suse.com/1199605

https://bugzilla.suse.com/1199650

https://bugzilla.suse.com/1199918

https://bugzilla.suse.com/1200015

https://bugzilla.suse.com/1200143

https://bugzilla.suse.com/1200144

https://bugzilla.suse.com/1200249

Severity
Announcement ID: SUSE-SU-2022:2104-1
Rating: important

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.