SUSE: 2022:2377-1 important: the Linux Kernel | LinuxSecurity.com

Advisories


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2377-1
Rating:             important
References:         #1065729 #1129770 #1177282 #1194013 #1196964 
                    #1197170 #1199482 #1199487 #1199657 #1200343 
                    #1200571 #1200599 #1200600 #1200604 #1200605 
                    #1200608 #1200619 #1200692 #1200762 #1200806 
                    #1200807 #1200809 #1200810 #1200813 #1200820 
                    #1200821 #1200822 #1200829 #1200868 #1200869 
                    #1200870 #1200871 #1200872 #1200873 #1200925 
                    #1201080 #1201251 
Cross-References:   CVE-2020-26541 CVE-2021-4157 CVE-2022-1012
                    CVE-2022-1679 CVE-2022-20132 CVE-2022-20141
                    CVE-2022-20154 CVE-2022-2318 CVE-2022-26365
                    CVE-2022-29900 CVE-2022-29901 CVE-2022-33740
                    CVE-2022-33741 CVE-2022-33742 CVE-2022-33981
                   
CVSS scores:
                    CVE-2020-26541 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
                    CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
                    CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
                    CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-29900 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that solves 15 vulnerabilities and has 22 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre
     like Branch Target Buffer attack, that can leak arbitrary kernel
     information (bsc#1199657).
   - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in
     the way a user forces the ath9k_htc_wait_for_target function to fail
     with some input messages (bsc#1199487).
   - CVE-2022-20132: Fixed out of bounds read due to improper input
     validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
   - CVE-2022-1012: Fixed information leak caused by small table perturb size
     in the TCP source port generation algorithm (bsc#1199482).
   - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
   - CVE-2022-20141: Fixed a possible use after free due to improper locking
     in ip_check_mc_rcu() (bsc#1200604).
   - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS
     subsystem, related to the replication of files with NFS. A user could
     potentially crash the system or escalate privileges on the system
     (bsc#1194013).
   - CVE-2022-20154: Fixed a use after free due to a race condition in
     lock_sock_nested of sock.c. This could lead to local escalation of
     privilege with System execution privileges needed (bsc#1200599).
   - CVE-2020-26541: Enforce the secure boot forbidden signature database
     (aka dbx) protection mechanism. (bsc#1177282)
   - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer
     handler in net/rose/rose_timer.c that allow attackers to crash the
     system without any privileges (bsc#1201251).
   - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed
     multiple potential data leaks with Block and Network devices when using
     untrusted backends (bsc#1200762).

   The following non-security bugs were fixed:

   - audit: fix a race condition with the auditd tracking code (bsc#1197170).
   - block: bio-integrity: Advance seed correctly for larger interval sizes
     (git-fixes).
   - bnxt_en: Remove the setting of dev_port (git-fixes).
   - bonding: fix bond_neigh_init() (git-fixes).
   - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
     (git-fixes).
   - drbd: fix duplicate array initializer (git-fixes).
   - drbd: remove assign_p_sizes_qlim (git-fixes).
   - drbd: use bdev_alignment_offset instead of queue_alignment_offset
     (git-fixes).
   - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
   - exec: Force single empty string when argv is empty (bsc#1200571).
   - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
   - ext4: fix bug_on in __es_tree_search (bsc#1200809).
   - ext4: fix bug_on in ext4_writepages (bsc#1200872).
   - ext4: fix overhead calculation to account for the reserved gdt blocks
     (bsc#1200869).
   - ext4: fix race condition between ext4_write and ext4_convert_inline_data
     (bsc#1200807).
   - ext4: fix symlink file size not match to file content (bsc#1200868).
   - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
   - ext4: force overhead calculation if the s_overhead_cluster makes no
     sense (bsc#1200870).
   - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
     (bsc#1200806).
   - ext4: make variable "count" signed (bsc#1200820).
   - fs-writeback: writeback_sb_inodes Recalculate 'wrote' according skipped
     pages (bsc#1200873).
   - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
   - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).
   - init: Initialize noop_backing_dev_info early (bsc#1200822).
   - inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
   - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
     (git-fixes).
   - Input: elan_i2c - fix regulator enable count imbalance after
     suspend/resume (git-fixes).
   - Input: elan_i2c - move regulator_[en|dis]able() out of
     elan_[en|dis]able_power() (git-fixes).
   - Input: omap4-keypad - fix pm_runtime_get_sync() error checking
     (git-fixes).
   - iomap: iomap_write_failed fix (bsc#1200829).
   - kvm: fix wrong exception emulation in check_rdtsc (git-fixes).
   - kvm: i8254: remove redundant assignment to pointer s (git-fixes).
   - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw
     disabled (git-fixes).
   - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
   - KVM: x86: Allocate new rmap and large page tracking when moving memslot
     (git-fixes).
   - KVM: x86: always stop emulation on page fault (git-fixes).
   - KVM: x86: clear stale x86_emulate_ctxt->intercept value (git-fixes).
   - KVM: x86: clflushopt should be treated as a no-op by emulation
     (git-fixes).
   - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural
     PMU (git-fixes).
   - KVM: x86: Do not force set BSP bit when local APIC is managed by
     userspace (git-fixes).
   - KVM: x86: do not modify masked bits of shared MSRs (git-fixes).
   - KVM: x86/emulator: Defer not-present segment check in
     __load_segment_descriptor() (git-fixes).
   - KVM: x86: Fix emulation in writing cr8 (git-fixes).
   - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
     (git-fixes).
   - KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform
     (git-fixes).
   - KVM: x86: Fix x86_decode_insn() return when fetching insn bytes fails
     (git-fixes).
   - KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails (git-fixes).
   - kvm: x86: Improve emulation of CPUID leaves 0BH and 1FH (git-fixes).
   - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
     (git-fixes).
   - KVM: x86: Manually calculate reserved bits when loading PDPTRS
     (git-fixes).
   - KVM: x86: Manually flush collapsible SPTEs only when toggling flags
     (git-fixes).
   - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP
     (git-fixes).
   - KVM: x86/mmu: Treat invalid shadow pages as obsolete (git-fixes).
   - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
     (git-fixes).
   - KVM: x86: Remove spurious clearing of async #PF MSR (git-fixes).
   - KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path
     (git-fixes).
   - KVM: x86: remove stale comment from struct x86_emulate_ctxt (git-fixes).
   - KVM: x86: set ctxt->have_exception in x86_decode_insn() (git-fixes).
   - kvm: x86: skip populating logical dest map if apic is not sw enabled
     (git-fixes).
   - KVM: x86: Trace the original requested CPUID function in kvm_cpuid()
     (git-fixes).
   - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is
     adjusted (git-fixes).
   - md: bcache: check the return value of kzalloc() in
     detached_dev_do_request() (git-fixes).
   - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
   - md: fix an incorrect NULL check in md_reload_sb (git-fixes).
   - md/raid0: Ignore RAID0 layout if the second zone has only one device
     (git-fixes).
   - mm: add vma_lookup(), update find_vma_intersection() comments
     (git-fixes).
   - net/mlx5: Avoid double free of root ns in the error flow path
     (git-fixes).
   - net/mlx5e: Replace reciprocal_scale in TX select queue function
     (git-fixes).
   - net/mlx5e: Switch to Toeplitz RSS hash by default (git-fixes).
   - net/mlx5: Fix auto group size calculation (git-fixes).
   - net: qed: Disable aRFS for NPAR and 100G (git-fixes).
   - net: qede: Disable aRFS for NPAR and 100G (git-fixes).
   - net: stmmac: update rx tail pointer register to fix rx dma hang issue
     (git-fixes).
   - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
   - NFS: Further fixes to the writeback error handling (git-fixes).
   - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3
     (git-fixes).
   - PCI: Tidy comments (git-fixes).
   - platform/chrome: cros_ec_proto: Send command again when timeout occurs
     (git-fixes).
   - powerpc/idle: Fix return value of __setup() handler (bsc#1065729).
   - powerpc/perf: Fix the threshold compare group constraint for power9
     (bsc#1065729).
   - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
     (bsc#1200343 ltc#198477).
   - qed: Enable automatic recovery on error condition (bsc#1196964).
   - raid5: introduce MD_BROKEN (git-fixes).
   - s390: fix detection of vector enhancements facility 1 vs. vector packed
     decimal facility (git-fixes).
   - s390: fix strrchr() implementation (git-fixes).
   - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).
   - s390/gmap: do not unconditionally call pte_unmap_unlock() in
     __gmap_zap() (git-fixes).
   - s390/gmap: validate VMA in __gmap_zap() (git-fixes).
   - s390/mm: fix VMA and page table handling code in storage key handling
     functions (git-fixes).
   - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes).
   - scsi: dc395x: Fix a missing check on list iterator (git-fixes).
   - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
     (git-fixes).
   - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
   - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
     (git-fixes).
   - target: remove an incorrect unmap zeroes data deduction (git-fixes).
   - tracing: Fix return value of trace_pid_write() (git-fixes).
   - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes).
   - USB: serial: option: add Quectel BG95 modem (git-fixes).
   - USB: storage: karma: fix rio_karma_init return (git-fixes).
   - usb: usbip: add missing device lock on tweak configuration cmd
     (git-fixes).
   - usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
   - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
     (bsc#1129770)
   - writeback: Avoid skipping inode writeback (bsc#1200813).
   - writeback: Fix inode->i_io_list not be protected by inode->i_lock error
     (bsc#1200821).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2377=1



Package List:

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-azure-4.12.14-16.103.1
      kernel-source-azure-4.12.14-16.103.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-azure-4.12.14-16.103.1
      kernel-azure-base-4.12.14-16.103.1
      kernel-azure-base-debuginfo-4.12.14-16.103.1
      kernel-azure-debuginfo-4.12.14-16.103.1
      kernel-azure-debugsource-4.12.14-16.103.1
      kernel-azure-devel-4.12.14-16.103.1
      kernel-syms-azure-4.12.14-16.103.1


References:

   https://www.suse.com/security/cve/CVE-2020-26541.html
   https://www.suse.com/security/cve/CVE-2021-4157.html
   https://www.suse.com/security/cve/CVE-2022-1012.html
   https://www.suse.com/security/cve/CVE-2022-1679.html
   https://www.suse.com/security/cve/CVE-2022-20132.html
   https://www.suse.com/security/cve/CVE-2022-20141.html
   https://www.suse.com/security/cve/CVE-2022-20154.html
   https://www.suse.com/security/cve/CVE-2022-2318.html
   https://www.suse.com/security/cve/CVE-2022-26365.html
   https://www.suse.com/security/cve/CVE-2022-29900.html
   https://www.suse.com/security/cve/CVE-2022-29901.html
   https://www.suse.com/security/cve/CVE-2022-33740.html
   https://www.suse.com/security/cve/CVE-2022-33741.html
   https://www.suse.com/security/cve/CVE-2022-33742.html
   https://www.suse.com/security/cve/CVE-2022-33981.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1129770
   https://bugzilla.suse.com/1177282
   https://bugzilla.suse.com/1194013
   https://bugzilla.suse.com/1196964
   https://bugzilla.suse.com/1197170
   https://bugzilla.suse.com/1199482
   https://bugzilla.suse.com/1199487
   https://bugzilla.suse.com/1199657
   https://bugzilla.suse.com/1200343
   https://bugzilla.suse.com/1200571
   https://bugzilla.suse.com/1200599
   https://bugzilla.suse.com/1200600
   https://bugzilla.suse.com/1200604
   https://bugzilla.suse.com/1200605
   https://bugzilla.suse.com/1200608
   https://bugzilla.suse.com/1200619
   https://bugzilla.suse.com/1200692
   https://bugzilla.suse.com/1200762
   https://bugzilla.suse.com/1200806
   https://bugzilla.suse.com/1200807
   https://bugzilla.suse.com/1200809
   https://bugzilla.suse.com/1200810
   https://bugzilla.suse.com/1200813
   https://bugzilla.suse.com/1200820
   https://bugzilla.suse.com/1200821
   https://bugzilla.suse.com/1200822
   https://bugzilla.suse.com/1200829
   https://bugzilla.suse.com/1200868
   https://bugzilla.suse.com/1200869
   https://bugzilla.suse.com/1200870
   https://bugzilla.suse.com/1200871
   https://bugzilla.suse.com/1200872
   https://bugzilla.suse.com/1200873
   https://bugzilla.suse.com/1200925
   https://bugzilla.suse.com/1201080
   https://bugzilla.suse.com/1201251

SUSE: 2022:2377-1 important: the Linux Kernel

July 12, 2022
An update that solves 15 vulnerabilities and has 22 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282) - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). The following non-security bugs were fixed: - audit: fix a race condition with the auditd tracking code (bsc#1197170). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - bnxt_en: Remove the setting of dev_port (git-fixes). - bonding: fix bond_neigh_init() (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable "count" signed (bsc#1200820). - fs-writeback: writeback_sb_inodes Recalculate 'wrote' according skipped pages (bsc#1200873). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - iomap: iomap_write_failed fix (bsc#1200829). - kvm: fix wrong exception emulation in check_rdtsc (git-fixes). - kvm: i8254: remove redundant assignment to pointer s (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: x86: Allocate new rmap and large page tracking when moving memslot (git-fixes). - KVM: x86: always stop emulation on page fault (git-fixes). - KVM: x86: clear stale x86_emulate_ctxt->intercept value (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: do not modify masked bits of shared MSRs (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform (git-fixes). - KVM: x86: Fix x86_decode_insn() return when fetching insn bytes fails (git-fixes). - KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails (git-fixes). - kvm: x86: Improve emulation of CPUID leaves 0BH and 1FH (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Manually calculate reserved bits when loading PDPTRS (git-fixes). - KVM: x86: Manually flush collapsible SPTEs only when toggling flags (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86/mmu: Treat invalid shadow pages as obsolete (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: Remove spurious clearing of async #PF MSR (git-fixes). - KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path (git-fixes). - KVM: x86: remove stale comment from struct x86_emulate_ctxt (git-fixes). - KVM: x86: set ctxt->have_exception in x86_decode_insn() (git-fixes). - kvm: x86: skip populating logical dest map if apic is not sw enabled (git-fixes). - KVM: x86: Trace the original requested CPUID function in kvm_cpuid() (git-fixes). - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - net/mlx5: Avoid double free of root ns in the error flow path (git-fixes). - net/mlx5e: Replace reciprocal_scale in TX select queue function (git-fixes). - net/mlx5e: Switch to Toeplitz RSS hash by default (git-fixes). - net/mlx5: Fix auto group size calculation (git-fixes). - net: qed: Disable aRFS for NPAR and 100G (git-fixes). - net: qede: Disable aRFS for NPAR and 100G (git-fixes). - net: stmmac: update rx tail pointer register to fix rx dma hang issue (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI: Tidy comments (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - qed: Enable automatic recovery on error condition (bsc#1196964). - raid5: introduce MD_BROKEN (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - target: remove an incorrect unmap zeroes data deduction (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - USB: serial: option: add Quectel BG95 modem (git-fixes). - USB: storage: karma: fix rio_karma_init return (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (bsc#1129770) - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821).

References

#1065729 #1129770 #1177282 #1194013 #1196964

#1197170 #1199482 #1199487 #1199657 #1200343

#1200571 #1200599 #1200600 #1200604 #1200605

#1200608 #1200619 #1200692 #1200762 #1200806

#1200807 #1200809 #1200810 #1200813 #1200820

#1200821 #1200822 #1200829 #1200868 #1200869

#1200870 #1200871 #1200872 #1200873 #1200925

#1201080 #1201251

Cross- CVE-2020-26541 CVE-2021-4157 CVE-2022-1012

CVE-2022-1679 CVE-2022-20132 CVE-2022-20141

CVE-2022-20154 CVE-2022-2318 CVE-2022-26365

CVE-2022-29900 CVE-2022-29901 CVE-2022-33740

CVE-2022-33741 CVE-2022-33742 CVE-2022-33981

CVSS scores:

CVE-2020-26541 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2022-29900 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Server 12-SP5

https://www.suse.com/security/cve/CVE-2020-26541.html

https://www.suse.com/security/cve/CVE-2021-4157.html

https://www.suse.com/security/cve/CVE-2022-1012.html

https://www.suse.com/security/cve/CVE-2022-1679.html

https://www.suse.com/security/cve/CVE-2022-20132.html

https://www.suse.com/security/cve/CVE-2022-20141.html

https://www.suse.com/security/cve/CVE-2022-20154.html

https://www.suse.com/security/cve/CVE-2022-2318.html

https://www.suse.com/security/cve/CVE-2022-26365.html

https://www.suse.com/security/cve/CVE-2022-29900.html

https://www.suse.com/security/cve/CVE-2022-29901.html

https://www.suse.com/security/cve/CVE-2022-33740.html

https://www.suse.com/security/cve/CVE-2022-33741.html

https://www.suse.com/security/cve/CVE-2022-33742.html

https://www.suse.com/security/cve/CVE-2022-33981.html

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1129770

https://bugzilla.suse.com/1177282

https://bugzilla.suse.com/1194013

https://bugzilla.suse.com/1196964

https://bugzilla.suse.com/1197170

https://bugzilla.suse.com/1199482

https://bugzilla.suse.com/1199487

https://bugzilla.suse.com/1199657

https://bugzilla.suse.com/1200343

https://bugzilla.suse.com/1200571

https://bugzilla.suse.com/1200599

https://bugzilla.suse.com/1200600

https://bugzilla.suse.com/1200604

https://bugzilla.suse.com/1200605

https://bugzilla.suse.com/1200608

https://bugzilla.suse.com/1200619

https://bugzilla.suse.com/1200692

https://bugzilla.suse.com/1200762

https://bugzilla.suse.com/1200806

https://bugzilla.suse.com/1200807

https://bugzilla.suse.com/1200809

https://bugzilla.suse.com/1200810

https://bugzilla.suse.com/1200813

https://bugzilla.suse.com/1200820

https://bugzilla.suse.com/1200821

https://bugzilla.suse.com/1200822

https://bugzilla.suse.com/1200829

https://bugzilla.suse.com/1200868

https://bugzilla.suse.com/1200869

https://bugzilla.suse.com/1200870

https://bugzilla.suse.com/1200871

https://bugzilla.suse.com/1200872

https://bugzilla.suse.com/1200873

https://bugzilla.suse.com/1200925

https://bugzilla.suse.com/1201080

https://bugzilla.suse.com/1201251

Severity
Announcement ID: SUSE-SU-2022:2377-1
Rating: important

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.