SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2116-1
Rating:             important
References:         #1024718 #1055117 #1061840 #1065729 #1129770 
                    #1158266 #1162338 #1162369 #1173871 #1188885 
                    #1194124 #1195651 #1196426 #1196570 #1197219 
                    #1197601 #1198438 #1198577 #1198899 #1199035 
                    #1199063 #1199237 #1199239 #1199314 #1199399 
                    #1199426 #1199505 #1199507 #1199526 #1199602 
                    #1199605 #1199606 #1199631 #1199650 #1199671 
                    #1199839 #1200015 #1200045 #1200057 #1200143 
                    #1200144 #1200173 #1200249 
Cross-References:   CVE-2019-19377 CVE-2021-33061 CVE-2021-39711
                    CVE-2022-1184 CVE-2022-1652 CVE-2022-1729
                    CVE-2022-1734 CVE-2022-1966 CVE-2022-1974
                    CVE-2022-1975 CVE-2022-21123 CVE-2022-21125
                    CVE-2022-21127 CVE-2022-21166 CVE-2022-21180
                    CVE-2022-21499 CVE-2022-30594
CVSS scores:
                    CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
                    CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
                    CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Desktop 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
                    SUSE Linux Enterprise High Performance Computing 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP Applications 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________

   An update that solves 17 vulnerabilities and has 26 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP5 kernel was updated.

   The following security bugs were fixed:

   - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux
     kernel by simulating nfc device from user-space. (bsc#1200143)
   - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
     simulating an nfc device from user-space. (bsc#1200144)
   - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem.
     This flaw allowed a local attacker with user access to cause a privilege
     escalation issue. (bnc#1200015)
   - CVE-2019-19377: Fixed an user-after-free that could be triggered when an
     attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
   - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
     (bsc#1199507).
   - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
     mounting and operating on a corrupted image. (bsc#1198577)
   - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's
     been trivial to break out of it with kgdb or kdb. (bsc#1199426)
   - CVE-2022-1652: Fixed a statically allocated error counter inside the
     floppy kernel module (bsc#1199063).
   - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
     cleanup routine and firmware download routine. (bnc#1199605)
   - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a
     possible out of bounds read due to Incorrect Size Value. This could lead
     to local information disclosure with System execution privileges needed.
     User interaction is not needed for exploitation (bnc#1197219).
   - CVE-2022-30594: Fixed restriction bypass on setting the
     PT_SUSPEND_SECCOMP flag (bnc#1199505).
   - CVE-2021-33061: Fixed insufficient control flow management for the
     Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed
     an authenticated user to potentially enable denial of service via local
     access (bnc#1196426).

   The following non-security bugs were fixed:

   - ACPI: property: Release subnode properties with data nodes (git-fixes).
   - ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770)
   - arm64: set plt* section addresses to 0x0 (git-fixes)
   - arm64: Add missing ISB after invalidating TLB in __primary_switch
     (git-fixes)
   - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes)
   - arm64: avoid -Woverride-init warning (git-fixes)
   - arm64: berlin: Select DW_APB_TIMER_OF (git-fixes) Update arm64 default
     config too.
   - arm64: Clear OSDLR_EL1 on CPU boot (git-fixes)
   - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
     (git-fixes).
   - arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes)
   - arm64: compat: Reduce address limit (git-fixes)
   - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
     (git-fixes)
   - arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes)
   - arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes)
   - arm64: csum: Fix handling of bad packets (git-fixes)
   - arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug
     (git-fixes)
   - arm64: debug: Ensure debug handlers check triggering exception level
     (git-fixes)
   - arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes)
   - arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes)
   - arm64: Extend workaround for erratum 1024718 to all versions of
     (git-fixes)
   - arm64: Fix HCR.TGE status for NMI contexts (git-fixes)
   - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
   - arm64: Fix size of __early_cpu_boot_status (git-fixes)
   - arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes)
   - arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes)
   - arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP
     (git-fixes)
   - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
     (git-fixes)
   - arm64: futex: Restore oldval initialization to work around buggy
     (git-fixes)
   - arm64: hibernate: check pgd table allocation (git-fixes)
   - arm64: hugetlb: avoid potential NULL dereference (git-fixes)
   - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess
     (git-fixes)
   - arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes)
   - arm64: kdump: update ppos when reading elfcorehdr (git-fixes)
   - arm64: kgdb: Fix single-step exception handling oops (git-fixes)
   - arm64: kprobes: Recover pstate.D in single-step exception handler
     (git-fixes)
   - arm64: module: remove (NOLOAD) from linker script (git-fixes)
   - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
   - arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes)
   - arm64: ptrace: Override SPSR.SS when single-stepping is enabled
     (git-fixes)
   - arm64: Relax GIC version check during early boot (git-fixes)
   - arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes)
   - arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes)
   - arm64: smp: fix smp_send_stop() behaviour (git-fixes)
   - arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess
     (git-fixes)
   - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
     (git-fixes)
   - arm64/iommu: handle non-remapped addresses in ->mmap and (git-fixes)
   - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
   - bonding: pair enable_port with slave_arr_updates (git-fixes).
   - btrfs: relocation: Only remove reloc rb_trees if reloc control has been
     initialized (bsc#1199399).
   - btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
   - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
     cpuset_init_smp() (bsc#1199839).
   - cputime, cpuacct: Include guest time in user time in (git-fixes)
   - crypto: arm64/aes-neonbs - do not access already-freed walk.iv
     (git-fixes)
   - crypto: ixp4xx - dma_unmap the correct address (git-fixes).
   - crypto: qat - do not cast parameter in bit operations (git-fixes).
   - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
     (bsc#1197601).
   - crypto: virtio - deal with unsupported input sizes (git-fixes).
   - crypto: virtio: Fix dest length calculation in
     __virtio_crypto_skcipher_do_req() (git-fixes).
   - drbd: fix an invalid memory access caused by incorrect use of list
     iterator (git-fixes).
   - drbd: Fix five use after free bugs in get_initial_state (git-fixes).
   - drivers: net: xgene: Fix regression in CRC stripping (git-fixes).
   - drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770)
   - i40e: always propagate error value in i40e_set_vsi_promisc() (git-fixes).
   - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
   - i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc
     (git-fixes).
   - i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (git-fixes).
   - i40e: Fix virtchnl_queue_select bitmap validation (git-fixes).
   - i40e: Refactoring VF MAC filters counting to make more reliable
     (git-fixes).
   - i40e: Remove scheduling while atomic possibility (git-fixes).
   - iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
   - Input: aiptek - properly check endpoint type (git-fixes).
   - Input: appletouch - initialize work before device registration
     (git-fixes).
   - Input: elantench - fix misreporting trackpoint coordinates (git-fixes).
   - Input: spaceball - fix parsing of movement data packets (git-fixes).
   - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
   - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes).
   - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
   - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
   - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
   - KVM: PPC: Propagate errors to the guest when failed instead of ignoring
     (bsc#1061840 git-fixes).
   - lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899).
   - media: cpia2: fix control-message timeouts (git-fixes).
   - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
   - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes).
   - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes).
   - media: em28xx: fix control-message timeouts.
   - media: flexcop-usb: fix control-message timeouts (git-fixes).
   - media: mceusb: fix control-message timeouts (git-fixes).
   - media: mtk-vpu: Fix a resource leak in the error handling path of
     'mtk_vpu_probe()' (git-fixes).
   - media: netup_unidvb: Do not leak SPI master in probe error path
     (git-fixes).
   - media: pvrusb2: fix control-message timeouts (git-fixes).
   - media: redrat3: fix control-message timeouts (git-fixes).
   - media: s2255: fix control-message timeouts (git-fixes).
   - media: stk1160: fix control-message timeouts (git-fixes).
   - media: vim2m: Remove surplus name initialization (git-fixes).
   - mm, page_alloc: fix build_zonerefs_node() (git-fixes).
   - net: bcmgenet: Do not claim WOL when its not available (git-fixes).
   - net: mana: Add counter for packet dropped by XDP (bsc#1195651).
   - net: mana: Add counter for XDP_TX (bsc#1195651).
   - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
   - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
     (bsc#1195651).
   - net: mana: Reuse XDP dropped page (bsc#1195651).
   - net: mana: Use struct_size() helper in mana_gd_create_dma_region()
     (bsc#1195651).
   - net: qlogic: check the return value of dma_alloc_coherent() in
     qed_vf_hw_prepare() (git-fixes).
   - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
     (git-fixes).
   - netfilter: conntrack: connection timeout after re-register (bsc#1199035).
   - netfilter: conntrack: move synack init code to helper (bsc#1199035).
   - netfilter: conntrack: re-init state for retransmitted syn-ack
     (bsc#1199035).
   - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
     (bsc#1199035).
   - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
   - netfilter: nf_tables: disallow non-stateful expression in sets earlier
     (bsc#1200015).
   - NFS: Do not invalidate inode attributes on delegation return (git-fixes).
   - NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
   - PCI / ACPI: Mark expected switch fall-through (git-fixes).
   - PCI: Do not enable AtomicOps on VFs (bsc#1129770)
   - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
     (bsc#1199314).
   - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117
     ltc#159753).
   - powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753).
   - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask
     (bsc#1061840 git-fixes).
   - powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173
     ltc#198329).
   - powerpc/powernv: Get L1D flush requirements from device-tree
     (bsc#1188885 ltc#193722 git-fixes).
   - powerpc/powernv: Get STF barrier requirements from device-tree
     (bsc#1188885 ltc#193722 git-fixes).
   - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess
     flushes (bsc#1188885 ltc#193722 git-fixes).
   - powerpc/xive: Add some error handling code to 'xive_spapr_init()'
     (git-fixes).
   - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
   - qed: display VF trust config (git-fixes).
   - qed: return status of qed_iov_get_link (git-fixes).
   - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
   - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
   - sched/core: Add __sched tag for io_schedule() (git-fixes)
   - sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes)
   - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
   - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
   - scsi: fnic: Fix a tracing statement (git-fixes).
   - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
   - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
   - scsi: pm8001: Fix abort all task initialization (git-fixes).
   - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
     (git-fixes).
   - scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
     (git-fixes).
   - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
     (git-fixes).
   - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
     (git-fixes).
   - scsi: pm8001: Fix le32 values handling in
     pm80xx_set_sas_protocol_timer_config() (git-fixes).
   - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
   - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
   - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
     (git-fixes).
   - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
     (git-fixes).
   - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045).
   - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045).
   - scsi: qla2xxx: Remove free_sg command flag (bsc#1200045).
   - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045).
   - scsi: sr: Do not leak information in ioctl (git-fixes).
   - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit
     (git-fixes).
   - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
   - smp: Fix offline cpu check in flush_smp_call_function_queue()
     (git-fixes).
   - SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
   - SUNRPC: Ensure that the gssproxy client can start in a connected state
     (git-fixes).
   - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
   - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
     (bsc#1065729).
   - USB: cdc-wdm: fix reading stuck on device close (git-fixes).
   - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
   - USB: dwc3: gadget: Do not send unintended link state change (git-fixes).
   - USB: hub: Fix locking issues with address0_mutex (git-fixes).
   - USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
   - USB: quirks: add a Realtek card reader (git-fixes).
   - USB: quirks: add STRING quirk for VCOM device (git-fixes).
   - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
   - USB: serial: option: add Fibocom L610 modem (git-fixes).
   - USB: serial: option: add Fibocom MA510 modem (git-fixes).
   - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
     (git-fixes).
   - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
     (git-fixes).
   - USB: serial: pl2303: add device id for HP LM930 Display (git-fixes).
   - USB: serial: qcserial: add support for Sierra Wireless EM7590
     (git-fixes).
   - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
     (git-fixes).
   - veth: Ensure eth header is in skb's linear part (git-fixes).
   - video: backlight: Drop maximum brightness override for brightness
     (bsc#1129770)
   - video: hyperv_fb: Fix validation of screen resolution (bsc#1129770)
   - vxlan: fix memleak of fdb (git-fixes).
   - xhci: stop polling roothubs after shutdown (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2116=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2116=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2116=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2116=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2116=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.124.3
      kernel-default-debugsource-4.12.14-122.124.3
      kernel-default-extra-4.12.14-122.124.3
      kernel-default-extra-debuginfo-4.12.14-122.124.3

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.124.3
      kernel-obs-build-debugsource-4.12.14-122.124.3

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.124.2

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.124.3
      kernel-default-base-4.12.14-122.124.3
      kernel-default-base-debuginfo-4.12.14-122.124.3
      kernel-default-debuginfo-4.12.14-122.124.3
      kernel-default-debugsource-4.12.14-122.124.3
      kernel-default-devel-4.12.14-122.124.3
      kernel-syms-4.12.14-122.124.2

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.124.3

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.124.2
      kernel-macros-4.12.14-122.124.2
      kernel-source-4.12.14-122.124.2

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.124.3

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.124.3
      kernel-default-debugsource-4.12.14-122.124.3
      kernel-default-kgraft-4.12.14-122.124.3
      kernel-default-kgraft-devel-4.12.14-122.124.3
      kgraft-patch-4_12_14-122_124-default-1-8.3.3

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.124.3
      cluster-md-kmp-default-debuginfo-4.12.14-122.124.3
      dlm-kmp-default-4.12.14-122.124.3
      dlm-kmp-default-debuginfo-4.12.14-122.124.3
      gfs2-kmp-default-4.12.14-122.124.3
      gfs2-kmp-default-debuginfo-4.12.14-122.124.3
      kernel-default-debuginfo-4.12.14-122.124.3
      kernel-default-debugsource-4.12.14-122.124.3
      ocfs2-kmp-default-4.12.14-122.124.3
      ocfs2-kmp-default-debuginfo-4.12.14-122.124.3


References:

   https://www.suse.com/security/cve/CVE-2019-19377.html
   https://www.suse.com/security/cve/CVE-2021-33061.html
   https://www.suse.com/security/cve/CVE-2021-39711.html
   https://www.suse.com/security/cve/CVE-2022-1184.html
   https://www.suse.com/security/cve/CVE-2022-1652.html
   https://www.suse.com/security/cve/CVE-2022-1729.html
   https://www.suse.com/security/cve/CVE-2022-1734.html
   https://www.suse.com/security/cve/CVE-2022-1966.html
   https://www.suse.com/security/cve/CVE-2022-1974.html
   https://www.suse.com/security/cve/CVE-2022-1975.html
   https://www.suse.com/security/cve/CVE-2022-21123.html
   https://www.suse.com/security/cve/CVE-2022-21125.html
   https://www.suse.com/security/cve/CVE-2022-21127.html
   https://www.suse.com/security/cve/CVE-2022-21166.html
   https://www.suse.com/security/cve/CVE-2022-21180.html
   https://www.suse.com/security/cve/CVE-2022-21499.html
   https://www.suse.com/security/cve/CVE-2022-30594.html
   https://bugzilla.suse.com/1024718
   https://bugzilla.suse.com/1055117
   https://bugzilla.suse.com/1061840
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1129770
   https://bugzilla.suse.com/1158266
   https://bugzilla.suse.com/1162338
   https://bugzilla.suse.com/1162369
   https://bugzilla.suse.com/1173871
   https://bugzilla.suse.com/1188885
   https://bugzilla.suse.com/1194124
   https://bugzilla.suse.com/1195651
   https://bugzilla.suse.com/1196426
   https://bugzilla.suse.com/1196570
   https://bugzilla.suse.com/1197219
   https://bugzilla.suse.com/1197601
   https://bugzilla.suse.com/1198438
   https://bugzilla.suse.com/1198577
   https://bugzilla.suse.com/1198899
   https://bugzilla.suse.com/1199035
   https://bugzilla.suse.com/1199063
   https://bugzilla.suse.com/1199237
   https://bugzilla.suse.com/1199239
   https://bugzilla.suse.com/1199314
   https://bugzilla.suse.com/1199399
   https://bugzilla.suse.com/1199426
   https://bugzilla.suse.com/1199505
   https://bugzilla.suse.com/1199507
   https://bugzilla.suse.com/1199526
   https://bugzilla.suse.com/1199602
   https://bugzilla.suse.com/1199605
   https://bugzilla.suse.com/1199606
   https://bugzilla.suse.com/1199631
   https://bugzilla.suse.com/1199650
   https://bugzilla.suse.com/1199671
   https://bugzilla.suse.com/1199839
   https://bugzilla.suse.com/1200015
   https://bugzilla.suse.com/1200045
   https://bugzilla.suse.com/1200057
   https://bugzilla.suse.com/1200143
   https://bugzilla.suse.com/1200144
   https://bugzilla.suse.com/1200173
   https://bugzilla.suse.com/1200249