
   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2116-1
Rating:             important
References:         #1024718 #1055117 #1061840 #1065729 #1129770 
                    #1158266 #1162338 #1162369 #1173871 #1188885 
                    #1194124 #1195651 #1196426 #1196570 #1197219 
                    #1197601 #1198438 #1198577 #1198899 #1199035 
                    #1199063 #1199237 #1199239 #1199314 #1199399 
                    #1199426 #1199505 #1199507 #1199526 #1199602 
                    #1199605 #1199606 #1199631 #1199650 #1199671 
                    #1199839 #1200015 #1200045 #1200057 #1200143 
                    #1200144 #1200173 #1200249 
Cross-References:   CVE-2019-19377 CVE-2021-33061 CVE-2021-39711
                    CVE-2022-1184 CVE-2022-1652 CVE-2022-1729
                    CVE-2022-1734 CVE-2022-1966 CVE-2022-1974
                    CVE-2022-1975 CVE-2022-21123 CVE-2022-21125
                    CVE-2022-21127 CVE-2022-21166 CVE-2022-21180
                    CVE-2022-21499 CVE-2022-30594
CVSS scores:
                    CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
                    CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
                    CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Desktop 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
                    SUSE Linux Enterprise High Performance Computing 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP Applications 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________

   An update that solves 17 vulnerabilities and has 26 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP5 kernel was updated.

   The following security bugs were fixed:

   - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux
     kernel by simulating nfc device from user-space. (bsc#1200143)
   - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
     simulating an nfc device from user-space. (bsc#1200144)
   - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem.
     This flaw allowed a local attacker with user access to cause a privilege
     escalation issue. (bnc#1200015)
   - CVE-2019-19377: Fixed an user-after-free that could be triggered when an
     attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
   - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
     (bsc#1199507).
   - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
     mounting and operating on a corrupted image. (bsc#1198577)
   - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's
     been trivial to break out of it with kgdb or kdb. (bsc#1199426)
   - CVE-2022-1652: Fixed a statically allocated error counter inside the
     floppy kernel module (bsc#1199063).
   - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
     cleanup routine and firmware download routine. (bnc#1199605)
   - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a
     possible out of bounds read due to Incorrect Size Value. This could lead
     to local information disclosure with System execution privileges needed.
     User interaction is not needed for exploitation (bnc#1197219).
   - CVE-2022-30594: Fixed restriction bypass on setting the
     PT_SUSPEND_SECCOMP flag (bnc#1199505).
   - CVE-2021-33061: Fixed insufficient control flow management for the
     Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed
     an authenticated user to potentially enable denial of service via local
     access (bnc#1196426).

   The following non-security bugs were fixed:

   - ACPI: property: Release subnode properties with data nodes (git-fixes).
   - ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770)
   - arm64: set plt* section addresses to 0x0 (git-fixes)
   - arm64: Add missing ISB after invalidating TLB in __primary_switch
     (git-fixes)
   - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes)
   - arm64: avoid -Woverride-init warning (git-fixes)
   - arm64: berlin: Select DW_APB_TIMER_OF (git-fixes) Update arm64 default
     config too.
   - arm64: Clear OSDLR_EL1 on CPU boot (git-fixes)
   - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
     (git-fixes).
   - arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes)
   - arm64: compat: Reduce address limit (git-fixes)
   - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
     (git-fixes)
   - arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes)
   - arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes)
   - arm64: csum: Fix handling of bad packets (git-fixes)
   - arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug
     (git-fixes)
   - arm64: debug: Ensure debug handlers check triggering exception level
     (git-fixes)
   - arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes)
   - arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes)
   - arm64: Extend workaround for erratum 1024718 to all versions of
     (git-fixes)
   - arm64: Fix HCR.TGE status for NMI contexts (git-fixes)
   - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
   - arm64: Fix size of __early_cpu_boot_status (git-fixes)
   - arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes)
   - arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes)
   - arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP
     (git-fixes)
   - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
     (git-fixes)
   - arm64: futex: Restore oldval initialization to work around buggy
     (git-fixes)
   - arm64: hibernate: check pgd table allocation (git-fixes)
   - arm64: hugetlb: avoid potential NULL dereference (git-fixes)
   - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess
     (git-fixes)
   - arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes)
   - arm64: kdump: update ppos when reading elfcorehdr (git-fixes)
   - arm64: kgdb: Fix single-step exception handling oops (git-fixes)
   - arm64: kprobes: Recover pstate.D in single-step exception handler
     (git-fixes)
   - arm64: module: remove (NOLOAD) from linker script (git-fixes)
   - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
   - arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes)
   - arm64: ptrace: Override SPSR.SS when single-stepping is enabled
     (git-fixes)
   - arm64: Relax GIC version check during early boot (git-fixes)
   - arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes)
   - arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes)
   - arm64: smp: fix smp_send_stop() behaviour (git-fixes)
   - arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess
     (git-fixes)
   - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
     (git-fixes)
   - arm64/iommu: handle non-remapped addresses in ->mmap and (git-fixes)
   - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
   - bonding: pair enable_port with slave_arr_updates (git-fixes).
   - btrfs: relocation: Only remove reloc rb_trees if reloc control has been
     initialized (bsc#1199399).
   - btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
   - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
     cpuset_init_smp() (bsc#1199839).
   - cputime, cpuacct: Include guest time in user time in (git-fixes)
   - crypto: arm64/aes-neonbs - do not access already-freed walk.iv
     (git-fixes)
   - crypto: ixp4xx - dma_unmap the correct address (git-fixes).
   - crypto: qat - do not cast parameter in bit operations (git-fixes).
   - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
     (bsc#1197601).
   - crypto: virtio - deal with unsupported input sizes (git-fixes).
   - crypto: virtio: Fix dest length calculation in
     __virtio_crypto_skcipher_do_req() (git-fixes).
   - drbd: fix an invalid memory access caused by incorrect use of list
     iterator (git-fixes).
   - drbd: Fix five use after free bugs in get_initial_state (git-fixes).
   - drivers: net: xgene: Fix regression in CRC stripping (git-fixes).
   - drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770)
   - i40e: always propagate error value in i40e_set_vsi_promisc() (git-fixes).
   - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
   - i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc
     (git-fixes).
   - i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (git-fixes).
   - i40e: Fix virtchnl_queue_select bitmap validation (git-fixes).
   - i40e: Refactoring VF MAC filters counting to make more reliable
     (git-fixes).
   - i40e: Remove scheduling while atomic possibility (git-fixes).
   - iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
   - Input: aiptek - properly check endpoint type (git-fixes).
   - Input: appletouch - initialize work before device registration
     (git-fixes).
   - Input: elantench - fix misreporting trackpoint coordinates (git-fixes).
   - Input: spaceball - fix parsing of movement data packets (git-fixes).
   - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
   - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes).
   - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
   - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
   - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
   - KVM: PPC: Propagate errors to the guest when failed instead of ignoring
     (bsc#1061840 git-fixes).
   - lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899).
   - media: cpia2: fix control-message timeouts (git-fixes).
   - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
   - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes).
   - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes).
   - media: em28xx: fix control-message timeouts.
   - media: flexcop-usb: fix control-message timeouts (git-fixes).
   - media: mceusb: fix control-message timeouts (git-fixes).
   - media: mtk-vpu: Fix a resource leak in the error handling path of
     'mtk_vpu_probe()' (git-fixes).
   - media: netup_unidvb: Do not leak SPI master in probe error path
     (git-fixes).
   - media: pvrusb2: fix control-message timeouts (git-fixes).
   - media: redrat3: fix control-message timeouts (git-fixes).
   - media: s2255: fix control-message timeouts (git-fixes).
   - media: stk1160: fix control-message timeouts (git-fixes).
   - media: vim2m: Remove surplus name initialization (git-fixes).
   - mm, page_alloc: fix build_zonerefs_node() (git-fixes).
   - net: bcmgenet: Do not claim WOL when its not available (git-fixes).
   - net: mana: Add counter for packet dropped by XDP (bsc#1195651).
   - net: mana: Add counter for XDP_TX (bsc#1195651).
   - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
   - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
     (bsc#1195651).
   - net: mana: Reuse XDP dropped page (bsc#1195651).
   - net: mana: Use struct_size() helper in mana_gd_create_dma_region()
     (bsc#1195651).
   - net: qlogic: check the return value of dma_alloc_coherent() in
     qed_vf_hw_prepare() (git-fixes).
   - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
     (git-fixes).
   - netfilter: conntrack: connection timeout after re-register (bsc#1199035).
   - netfilter: conntrack: move synack init code to helper (bsc#1199035).
   - netfilter: conntrack: re-init state for retransmitted syn-ack
     (bsc#1199035).
   - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
     (bsc#1199035).
   - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
   - netfilter: nf_tables: disallow non-stateful expression in sets earlier
     (bsc#1200015).
   - NFS: Do not invalidate inode attributes on delegation return (git-fixes).
   - NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
   - PCI / ACPI: Mark expected switch fall-through (git-fixes).
   - PCI: Do not enable AtomicOps on VFs (bsc#1129770)
   - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
     (bsc#1199314).
   - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117
     ltc#159753).
   - powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753).
   - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask
     (bsc#1061840 git-fixes).
   - powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173
     ltc#198329).
   - powerpc/powernv: Get L1D flush requirements from device-tree
     (bsc#1188885 ltc#193722 git-fixes).
   - powerpc/powernv: Get STF barrier requirements from device-tree
     (bsc#1188885 ltc#193722 git-fixes).
   - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess
     flushes (bsc#1188885 ltc#193722 git-fixes).
   - powerpc/xive: Add some error handling code to 'xive_spapr_init()'
     (git-fixes).
   - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
   - qed: display VF trust config (git-fixes).
   - qed: return status of qed_iov_get_link (git-fixes).
   - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
   - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
   - sched/core: Add __sched tag for io_schedule() (git-fixes)
   - sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes)
   - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
   - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
   - scsi: fnic: Fix a tracing statement (git-fixes).
   - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
   - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
   - scsi: pm8001: Fix abort all task initialization (git-fixes).
   - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
     (git-fixes).
   - scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
     (git-fixes).
   - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
     (git-fixes).
   - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
     (git-fixes).
   - scsi: pm8001: Fix le32 values handling in
     pm80xx_set_sas_protocol_timer_config() (git-fixes).
   - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
   - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
   - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
     (git-fixes).
   - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
     (git-fixes).
   - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045).
   - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045).
   - scsi: qla2xxx: Remove free_sg command flag (bsc#1200045).
   - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045).
   - scsi: sr: Do not leak information in ioctl (git-fixes).
   - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit
     (git-fixes).
   - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
   - smp: Fix offline cpu check in flush_smp_call_function_queue()
     (git-fixes).
   - SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
   - SUNRPC: Ensure that the gssproxy client can start in a connected state
     (git-fixes).
   - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
   - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
     (bsc#1065729).
   - USB: cdc-wdm: fix reading stuck on device close (git-fixes).
   - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
   - USB: dwc3: gadget: Do not send unintended link state change (git-fixes).
   - USB: hub: Fix locking issues with address0_mutex (git-fixes).
   - USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
   - USB: quirks: add a Realtek card reader (git-fixes).
   - USB: quirks: add STRING quirk for VCOM device (git-fixes).
   - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
   - USB: serial: option: add Fibocom L610 modem (git-fixes).
   - USB: serial: option: add Fibocom MA510 modem (git-fixes).
   - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
     (git-fixes).
   - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
     (git-fixes).
   - USB: serial: pl2303: add device id for HP LM930 Display (git-fixes).
   - USB: serial: qcserial: add support for Sierra Wireless EM7590
     (git-fixes).
   - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
     (git-fixes).
   - veth: Ensure eth header is in skb's linear part (git-fixes).
   - video: backlight: Drop maximum brightness override for brightness
     (bsc#1129770)
   - video: hyperv_fb: Fix validation of screen resolution (bsc#1129770)
   - vxlan: fix memleak of fdb (git-fixes).
   - xhci: stop polling roothubs after shutdown (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2116=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2116=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2116=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2116=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2116=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.124.3
      kernel-default-debugsource-4.12.14-122.124.3
      kernel-default-extra-4.12.14-122.124.3
      kernel-default-extra-debuginfo-4.12.14-122.124.3

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.124.3
      kernel-obs-build-debugsource-4.12.14-122.124.3

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.124.2

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.124.3
      kernel-default-base-4.12.14-122.124.3
      kernel-default-base-debuginfo-4.12.14-122.124.3
      kernel-default-debuginfo-4.12.14-122.124.3
      kernel-default-debugsource-4.12.14-122.124.3
      kernel-default-devel-4.12.14-122.124.3
      kernel-syms-4.12.14-122.124.2

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.124.3

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.124.2
      kernel-macros-4.12.14-122.124.2
      kernel-source-4.12.14-122.124.2

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.124.3

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.124.3
      kernel-default-debugsource-4.12.14-122.124.3
      kernel-default-kgraft-4.12.14-122.124.3
      kernel-default-kgraft-devel-4.12.14-122.124.3
      kgraft-patch-4_12_14-122_124-default-1-8.3.3

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.124.3
      cluster-md-kmp-default-debuginfo-4.12.14-122.124.3
      dlm-kmp-default-4.12.14-122.124.3
      dlm-kmp-default-debuginfo-4.12.14-122.124.3
      gfs2-kmp-default-4.12.14-122.124.3
      gfs2-kmp-default-debuginfo-4.12.14-122.124.3
      kernel-default-debuginfo-4.12.14-122.124.3
      kernel-default-debugsource-4.12.14-122.124.3
      ocfs2-kmp-default-4.12.14-122.124.3
      ocfs2-kmp-default-debuginfo-4.12.14-122.124.3


References:

   https://www.suse.com/security/cve/CVE-2019-19377.html
   https://www.suse.com/security/cve/CVE-2021-33061.html
   https://www.suse.com/security/cve/CVE-2021-39711.html
   https://www.suse.com/security/cve/CVE-2022-1184.html
   https://www.suse.com/security/cve/CVE-2022-1652.html
   https://www.suse.com/security/cve/CVE-2022-1729.html
   https://www.suse.com/security/cve/CVE-2022-1734.html
   https://www.suse.com/security/cve/CVE-2022-1966.html
   https://www.suse.com/security/cve/CVE-2022-1974.html
   https://www.suse.com/security/cve/CVE-2022-1975.html
   https://www.suse.com/security/cve/CVE-2022-21123.html
   https://www.suse.com/security/cve/CVE-2022-21125.html
   https://www.suse.com/security/cve/CVE-2022-21127.html
   https://www.suse.com/security/cve/CVE-2022-21166.html
   https://www.suse.com/security/cve/CVE-2022-21180.html
   https://www.suse.com/security/cve/CVE-2022-21499.html
   https://www.suse.com/security/cve/CVE-2022-30594.html
   https://bugzilla.suse.com/1024718
   https://bugzilla.suse.com/1055117
   https://bugzilla.suse.com/1061840
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1129770
   https://bugzilla.suse.com/1158266
   https://bugzilla.suse.com/1162338
   https://bugzilla.suse.com/1162369
   https://bugzilla.suse.com/1173871
   https://bugzilla.suse.com/1188885
   https://bugzilla.suse.com/1194124
   https://bugzilla.suse.com/1195651
   https://bugzilla.suse.com/1196426
   https://bugzilla.suse.com/1196570
   https://bugzilla.suse.com/1197219
   https://bugzilla.suse.com/1197601
   https://bugzilla.suse.com/1198438
   https://bugzilla.suse.com/1198577
   https://bugzilla.suse.com/1198899
   https://bugzilla.suse.com/1199035
   https://bugzilla.suse.com/1199063
   https://bugzilla.suse.com/1199237
   https://bugzilla.suse.com/1199239
   https://bugzilla.suse.com/1199314
   https://bugzilla.suse.com/1199399
   https://bugzilla.suse.com/1199426
   https://bugzilla.suse.com/1199505
   https://bugzilla.suse.com/1199507
   https://bugzilla.suse.com/1199526
   https://bugzilla.suse.com/1199602
   https://bugzilla.suse.com/1199605
   https://bugzilla.suse.com/1199606
   https://bugzilla.suse.com/1199631
   https://bugzilla.suse.com/1199650
   https://bugzilla.suse.com/1199671
   https://bugzilla.suse.com/1199839
   https://bugzilla.suse.com/1200015
   https://bugzilla.suse.com/1200045
   https://bugzilla.suse.com/1200057
   https://bugzilla.suse.com/1200143
   https://bugzilla.suse.com/1200144
   https://bugzilla.suse.com/1200173
   https://bugzilla.suse.com/1200249

SUSE: 2022:2116-1 important: the Linux Kernel

June 20, 2022

An update that solves 17 vulnerabilities and has 26 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770) - arm64: set plt* section addresses to 0x0 (git-fixes) - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes) - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes) - arm64: avoid -Woverride-init warning (git-fixes) - arm64: berlin: Select DW_APB_TIMER_OF (git-fixes) Update arm64 default config too. - arm64: Clear OSDLR_EL1 on CPU boot (git-fixes) - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes). - arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes) - arm64: compat: Reduce address limit (git-fixes) - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes) - arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes) - arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes) - arm64: csum: Fix handling of bad packets (git-fixes) - arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug (git-fixes) - arm64: debug: Ensure debug handlers check triggering exception level (git-fixes) - arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes) - arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes) - arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) - arm64: Fix HCR.TGE status for NMI contexts (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: Fix size of __early_cpu_boot_status (git-fixes) - arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes) - arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes) - arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP (git-fixes) - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (git-fixes) - arm64: futex: Restore oldval initialization to work around buggy (git-fixes) - arm64: hibernate: check pgd table allocation (git-fixes) - arm64: hugetlb: avoid potential NULL dereference (git-fixes) - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess (git-fixes) - arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes) - arm64: kdump: update ppos when reading elfcorehdr (git-fixes) - arm64: kgdb: Fix single-step exception handling oops (git-fixes) - arm64: kprobes: Recover pstate.D in single-step exception handler (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: Relax GIC version check during early boot (git-fixes) - arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes) - arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes) - arm64: smp: fix smp_send_stop() behaviour (git-fixes) - arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64/iommu: handle non-remapped addresses in ->mmap and (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - bonding: pair enable_port with slave_arr_updates (git-fixes). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: arm64/aes-neonbs - do not access already-freed walk.iv (git-fixes) - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (bsc#1197601). - crypto: virtio - deal with unsupported input sizes (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drivers: net: xgene: Fix regression in CRC stripping (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770) - i40e: always propagate error value in i40e_set_vsi_promisc() (git-fixes). - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes). - i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc (git-fixes). - i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (git-fixes). - i40e: Fix virtchnl_queue_select bitmap validation (git-fixes). - i40e: Refactoring VF MAC filters counting to make more reliable (git-fixes). - i40e: Remove scheduling while atomic possibility (git-fixes). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - Input: appletouch - initialize work before device registration (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (git-fixes). - Input: spaceball - fix parsing of movement data packets (git-fixes). - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: PPC: Propagate errors to the guest when failed instead of ignoring (bsc#1061840 git-fixes). - lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899). - media: cpia2: fix control-message timeouts (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: em28xx: fix control-message timeouts. - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: vim2m: Remove surplus name initialization (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (git-fixes). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc#1200015). - NFS: Do not invalidate inode attributes on delegation return (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - PCI / ACPI: Mark expected switch fall-through (git-fixes). - PCI: Do not enable AtomicOps on VFs (bsc#1129770) - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173 ltc#198329). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - qed: display VF trust config (git-fixes). - qed: return status of qed_iov_get_link (git-fixes). - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - sched/core: Add __sched tag for io_schedule() (git-fixes) - sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200045). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - USB: cdc-wdm: fix reading stuck on device close (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Do not send unintended link state change (git-fixes). - USB: hub: Fix locking issues with address0_mutex (git-fixes). - USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - USB: quirks: add a Realtek card reader (git-fixes). - USB: quirks: add STRING quirk for VCOM device (git-fixes). - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - USB: serial: option: add Fibocom L610 modem (git-fixes). - USB: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - USB: serial: pl2303: add device id for HP LM930 Display (git-fixes). - USB: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - veth: Ensure eth header is in skb's linear part (git-fixes). - video: backlight: Drop maximum brightness override for brightness (bsc#1129770) - video: hyperv_fb: Fix validation of screen resolution (bsc#1129770) - vxlan: fix memleak of fdb (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes).

References

#1024718 #1055117 #1061840 #1065729 #1129770

#1158266 #1162338 #1162369 #1173871 #1188885

#1194124 #1195651 #1196426 #1196570 #1197219

#1197601 #1198438 #1198577 #1198899 #1199035

#1199063 #1199237 #1199239 #1199314 #1199399

#1199426 #1199505 #1199507 #1199526 #1199602

#1199605 #1199606 #1199631 #1199650 #1199671

#1199839 #1200015 #1200045 #1200057 #1200143

#1200144 #1200173 #1200249

Cross- CVE-2019-19377 CVE-2021-33061 CVE-2021-39711

CVE-2022-1184 CVE-2022-1652 CVE-2022-1729

CVE-2022-1734 CVE-2022-1966 CVE-2022-1974

CVE-2022-1975 CVE-2022-21123 CVE-2022-21125

CVE-2022-21127 CVE-2022-21166 CVE-2022-21180

CVE-2022-21499 CVE-2022-30594

CVSS scores:

CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Desktop 12-SP5

SUSE Linux Enterprise High Availability 12-SP5

SUSE Linux Enterprise High Performance Computing 12-SP5

SUSE Linux Enterprise Live Patching 12-SP5

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP Applications 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Workstation Extension 12-SP5

https://www.suse.com/security/cve/CVE-2019-19377.html

https://www.suse.com/security/cve/CVE-2021-33061.html

https://www.suse.com/security/cve/CVE-2021-39711.html

https://www.suse.com/security/cve/CVE-2022-1184.html

https://www.suse.com/security/cve/CVE-2022-1652.html

https://www.suse.com/security/cve/CVE-2022-1729.html

https://www.suse.com/security/cve/CVE-2022-1734.html

https://www.suse.com/security/cve/CVE-2022-1966.html

https://www.suse.com/security/cve/CVE-2022-1974.html

https://www.suse.com/security/cve/CVE-2022-1975.html

https://www.suse.com/security/cve/CVE-2022-21123.html

https://www.suse.com/security/cve/CVE-2022-21125.html

https://www.suse.com/security/cve/CVE-2022-21127.html

https://www.suse.com/security/cve/CVE-2022-21166.html

https://www.suse.com/security/cve/CVE-2022-21180.html

https://www.suse.com/security/cve/CVE-2022-21499.html

https://www.suse.com/security/cve/CVE-2022-30594.html

https://bugzilla.suse.com/1024718

https://bugzilla.suse.com/1055117

https://bugzilla.suse.com/1061840

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1129770

https://bugzilla.suse.com/1158266

https://bugzilla.suse.com/1162338

https://bugzilla.suse.com/1162369

https://bugzilla.suse.com/1173871

https://bugzilla.suse.com/1188885

https://bugzilla.suse.com/1194124

https://bugzilla.suse.com/1195651

https://bugzilla.suse.com/1196426

https://bugzilla.suse.com/1196570

https://bugzilla.suse.com/1197219

https://bugzilla.suse.com/1197601

https://bugzilla.suse.com/1198438

https://bugzilla.suse.com/1198577

https://bugzilla.suse.com/1198899

https://bugzilla.suse.com/1199035

https://bugzilla.suse.com/1199063

https://bugzilla.suse.com/1199237

https://bugzilla.suse.com/1199239

https://bugzilla.suse.com/1199314

https://bugzilla.suse.com/1199399

https://bugzilla.suse.com/1199426

https://bugzilla.suse.com/1199505

https://bugzilla.suse.com/1199507

https://bugzilla.suse.com/1199526

https://bugzilla.suse.com/1199602

https://bugzilla.suse.com/1199605

https://bugzilla.suse.com/1199606

https://bugzilla.suse.com/1199631

https://bugzilla.suse.com/1199650

https://bugzilla.suse.com/1199671

https://bugzilla.suse.com/1199839

https://bugzilla.suse.com/1200015

https://bugzilla.suse.com/1200045

https://bugzilla.suse.com/1200057

https://bugzilla.suse.com/1200143

https://bugzilla.suse.com/1200144

https://bugzilla.suse.com/1200173

https://bugzilla.suse.com/1200249

Severity

Announcement ID: SUSE-SU-2022:2116-1

Rating: important

What Are You Looking For?

Popular Tags

SUSE: 2022:2116-1 important: the Linux Kernel

Summary

References

Severe Chromium DoS, Info Disclosure Vulns Fixed

Critical Node.js Info Disclosure, Code Execution Bugs Fixed

GitHub Makes Passkeys Security Feature Available to All

Remotely Exploitable Poppler DoS Bugs Fixed - Update Now!

News

Advisories

HOWTOs

Features

Everything You Need to Know About Linux Proxy Servers

Simple Steps for Identifying & Troubleshooting a Kernel Panic

Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy

Supercharging Linux: Tips & Tricks to Beat the Threat Landscape

LinuxSecurity.com Migrates to Joomla 4 and PHP 8: Our Experience & Key Takeaways

About Us

Powered By

Feedback

What Are You Looking For?

Popular Tags

SUSE: 2022:2116-1 important: the Linux Kernel

Summary

References

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By