SUSE: 2022:2411-1 important: the Linux Kernel

Advisories


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2411-1
Rating:             important
References:         #1194013 #1196901 #1199487 #1199657 #1200571 
                    #1200599 #1200604 #1200605 #1200608 #1200619 
                    #1200692 #1200762 #1201050 #1201080 #1201251 
                    
Cross-References:   CVE-2021-26341 CVE-2021-4157 CVE-2022-1679
                    CVE-2022-20132 CVE-2022-20141 CVE-2022-20154
                    CVE-2022-2318 CVE-2022-26365 CVE-2022-29900
                    CVE-2022-29901 CVE-2022-33740 CVE-2022-33741
                    CVE-2022-33742 CVE-2022-33981
CVSS scores:
                    CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
                    CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
                    CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE CaaS Platform 4.0
                    SUSE Enterprise Storage 6
                    SUSE Linux Enterprise High Availability 15-SP1
                    SUSE Linux Enterprise High Performance Computing 15-SP1
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise Module for Live Patching 15-SP1
                    SUSE Linux Enterprise Server 15-SP1
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server for SAP Applications 15-SP1
                    SUSE Linux Enterprise Storage 6
                    SUSE Manager Proxy 4.0
                    SUSE Manager Retail Branch Server 4.0
                    SUSE Manager Server 4.0
                    openSUSE Leap 15.3
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has one errata
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre
     like Branch Target Buffer attack, that can leak arbitrary kernel
     information (bsc#1199657).
   - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in
     the way a user forces the ath9k_htc_wait_for_target function to fail
     with some input messages (bsc#1199487).
   - CVE-2022-20132: Fixed out of bounds read due to improper input
     validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
   - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
   - CVE-2022-20141: Fixed a possible use after free due to improper locking
     in ip_check_mc_rcu() (bsc#1200604).
   - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS
     subsystem, related to the replication of files with NFS. A user could
     potentially crash the system or escalate privileges on the system
     (bsc#1194013).
   - CVE-2022-20154: Fixed a use after free due to a race condition in
     lock_sock_nested of sock.c. This could lead to local escalation of
     privilege with System execution privileges needed (bsc#1200599).
   - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer
     handler in net/rose/rose_timer.c that allow attackers to crash the
     system without any privileges (bsc#1201251).
   - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed
     multiple potential data leaks with Block and Network devices when using
     untrusted backends (bsc#1200762).
   - CVE-2021-26341: Some AMD CPUs may transiently execute beyond
     unconditional direct branches, which may potentially result in data
     leakage (bsc#1201050).

   The following non-security bugs were fixed:

   - exec: Force single empty string when argv is empty (bsc#1200571).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-2411=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-2411=1

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2411=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2411=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2411=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2411=1

      Please note that this is the initial kernel livepatch without fixes
      itself, this livepatch package is later updated by seperate standalone
      livepatch updates.   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2411=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2411=1

   - SUSE Linux Enterprise High Availability 15-SP1:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2411=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2022-2411=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

      kernel-default-base-debuginfo-4.12.14-150100.197.117.1
      kernel-vanilla-4.12.14-150100.197.117.1
      kernel-vanilla-base-4.12.14-150100.197.117.1
      kernel-vanilla-base-debuginfo-4.12.14-150100.197.117.1
      kernel-vanilla-debuginfo-4.12.14-150100.197.117.1
      kernel-vanilla-debugsource-4.12.14-150100.197.117.1
      kernel-vanilla-devel-4.12.14-150100.197.117.1
      kernel-vanilla-devel-debuginfo-4.12.14-150100.197.117.1
      kernel-vanilla-livepatch-devel-4.12.14-150100.197.117.1

   - openSUSE Leap 15.4 (ppc64le x86_64):

      kernel-debug-base-4.12.14-150100.197.117.1
      kernel-debug-base-debuginfo-4.12.14-150100.197.117.1

   - openSUSE Leap 15.4 (x86_64):

      kernel-kvmsmall-base-4.12.14-150100.197.117.1
      kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.117.1

   - openSUSE Leap 15.4 (s390x):

      kernel-default-man-4.12.14-150100.197.117.1
      kernel-zfcpdump-man-4.12.14-150100.197.117.1

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      kernel-default-base-debuginfo-4.12.14-150100.197.117.1
      kernel-vanilla-4.12.14-150100.197.117.1
      kernel-vanilla-base-4.12.14-150100.197.117.1
      kernel-vanilla-base-debuginfo-4.12.14-150100.197.117.1
      kernel-vanilla-debuginfo-4.12.14-150100.197.117.1
      kernel-vanilla-debugsource-4.12.14-150100.197.117.1
      kernel-vanilla-devel-4.12.14-150100.197.117.1
      kernel-vanilla-devel-debuginfo-4.12.14-150100.197.117.1
      kernel-vanilla-livepatch-devel-4.12.14-150100.197.117.1

   - openSUSE Leap 15.3 (ppc64le x86_64):

      kernel-debug-base-4.12.14-150100.197.117.1
      kernel-debug-base-debuginfo-4.12.14-150100.197.117.1

   - openSUSE Leap 15.3 (x86_64):

      kernel-kvmsmall-base-4.12.14-150100.197.117.1
      kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.117.1

   - openSUSE Leap 15.3 (s390x):

      kernel-default-man-4.12.14-150100.197.117.1
      kernel-zfcpdump-man-4.12.14-150100.197.117.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      kernel-default-4.12.14-150100.197.117.1
      kernel-default-base-4.12.14-150100.197.117.1
      kernel-default-base-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debugsource-4.12.14-150100.197.117.1
      kernel-default-devel-4.12.14-150100.197.117.1
      kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
      kernel-obs-build-4.12.14-150100.197.117.1
      kernel-obs-build-debugsource-4.12.14-150100.197.117.1
      kernel-syms-4.12.14-150100.197.117.1
      reiserfs-kmp-default-4.12.14-150100.197.117.1
      reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):

      kernel-devel-4.12.14-150100.197.117.1
      kernel-docs-4.12.14-150100.197.117.1
      kernel-macros-4.12.14-150100.197.117.1
      kernel-source-4.12.14-150100.197.117.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-150100.197.117.1
      kernel-default-base-4.12.14-150100.197.117.1
      kernel-default-base-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debugsource-4.12.14-150100.197.117.1
      kernel-default-devel-4.12.14-150100.197.117.1
      kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
      kernel-obs-build-4.12.14-150100.197.117.1
      kernel-obs-build-debugsource-4.12.14-150100.197.117.1
      kernel-syms-4.12.14-150100.197.117.1
      reiserfs-kmp-default-4.12.14-150100.197.117.1
      reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):

      kernel-devel-4.12.14-150100.197.117.1
      kernel-docs-4.12.14-150100.197.117.1
      kernel-macros-4.12.14-150100.197.117.1
      kernel-source-4.12.14-150100.197.117.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):

      kernel-default-man-4.12.14-150100.197.117.1
      kernel-zfcpdump-debuginfo-4.12.14-150100.197.117.1
      kernel-zfcpdump-debugsource-4.12.14-150100.197.117.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (noarch):

      kernel-devel-4.12.14-150100.197.117.1
      kernel-docs-4.12.14-150100.197.117.1
      kernel-macros-4.12.14-150100.197.117.1
      kernel-source-4.12.14-150100.197.117.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      kernel-default-4.12.14-150100.197.117.1
      kernel-default-base-4.12.14-150100.197.117.1
      kernel-default-base-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debugsource-4.12.14-150100.197.117.1
      kernel-default-devel-4.12.14-150100.197.117.1
      kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
      kernel-obs-build-4.12.14-150100.197.117.1
      kernel-obs-build-debugsource-4.12.14-150100.197.117.1
      kernel-syms-4.12.14-150100.197.117.1
      reiserfs-kmp-default-4.12.14-150100.197.117.1
      reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debugsource-4.12.14-150100.197.117.1
      kernel-default-livepatch-4.12.14-150100.197.117.1
      kernel-default-livepatch-devel-4.12.14-150100.197.117.1
      kernel-livepatch-4_12_14-150100_197_117-default-1-150100.3.3.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      kernel-default-4.12.14-150100.197.117.1
      kernel-default-base-4.12.14-150100.197.117.1
      kernel-default-base-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debugsource-4.12.14-150100.197.117.1
      kernel-default-devel-4.12.14-150100.197.117.1
      kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
      kernel-obs-build-4.12.14-150100.197.117.1
      kernel-obs-build-debugsource-4.12.14-150100.197.117.1
      kernel-syms-4.12.14-150100.197.117.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

      kernel-devel-4.12.14-150100.197.117.1
      kernel-docs-4.12.14-150100.197.117.1
      kernel-macros-4.12.14-150100.197.117.1
      kernel-source-4.12.14-150100.197.117.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      kernel-default-4.12.14-150100.197.117.1
      kernel-default-base-4.12.14-150100.197.117.1
      kernel-default-base-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debugsource-4.12.14-150100.197.117.1
      kernel-default-devel-4.12.14-150100.197.117.1
      kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
      kernel-obs-build-4.12.14-150100.197.117.1
      kernel-obs-build-debugsource-4.12.14-150100.197.117.1
      kernel-syms-4.12.14-150100.197.117.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

      kernel-devel-4.12.14-150100.197.117.1
      kernel-docs-4.12.14-150100.197.117.1
      kernel-macros-4.12.14-150100.197.117.1
      kernel-source-4.12.14-150100.197.117.1

   - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-150100.197.117.1
      cluster-md-kmp-default-debuginfo-4.12.14-150100.197.117.1
      dlm-kmp-default-4.12.14-150100.197.117.1
      dlm-kmp-default-debuginfo-4.12.14-150100.197.117.1
      gfs2-kmp-default-4.12.14-150100.197.117.1
      gfs2-kmp-default-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debugsource-4.12.14-150100.197.117.1
      ocfs2-kmp-default-4.12.14-150100.197.117.1
      ocfs2-kmp-default-debuginfo-4.12.14-150100.197.117.1

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      kernel-default-4.12.14-150100.197.117.1
      kernel-default-base-4.12.14-150100.197.117.1
      kernel-default-base-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debugsource-4.12.14-150100.197.117.1
      kernel-default-devel-4.12.14-150100.197.117.1
      kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
      kernel-obs-build-4.12.14-150100.197.117.1
      kernel-obs-build-debugsource-4.12.14-150100.197.117.1
      kernel-syms-4.12.14-150100.197.117.1
      reiserfs-kmp-default-4.12.14-150100.197.117.1
      reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1

   - SUSE Enterprise Storage 6 (noarch):

      kernel-devel-4.12.14-150100.197.117.1
      kernel-docs-4.12.14-150100.197.117.1
      kernel-macros-4.12.14-150100.197.117.1
      kernel-source-4.12.14-150100.197.117.1

   - SUSE CaaS Platform 4.0 (x86_64):

      kernel-default-4.12.14-150100.197.117.1
      kernel-default-base-4.12.14-150100.197.117.1
      kernel-default-base-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debuginfo-4.12.14-150100.197.117.1
      kernel-default-debugsource-4.12.14-150100.197.117.1
      kernel-default-devel-4.12.14-150100.197.117.1
      kernel-default-devel-debuginfo-4.12.14-150100.197.117.1
      kernel-obs-build-4.12.14-150100.197.117.1
      kernel-obs-build-debugsource-4.12.14-150100.197.117.1
      kernel-syms-4.12.14-150100.197.117.1
      reiserfs-kmp-default-4.12.14-150100.197.117.1
      reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1

   - SUSE CaaS Platform 4.0 (noarch):

      kernel-devel-4.12.14-150100.197.117.1
      kernel-docs-4.12.14-150100.197.117.1
      kernel-macros-4.12.14-150100.197.117.1
      kernel-source-4.12.14-150100.197.117.1


References:

   https://www.suse.com/security/cve/CVE-2021-26341.html
   https://www.suse.com/security/cve/CVE-2021-4157.html
   https://www.suse.com/security/cve/CVE-2022-1679.html
   https://www.suse.com/security/cve/CVE-2022-20132.html
   https://www.suse.com/security/cve/CVE-2022-20141.html
   https://www.suse.com/security/cve/CVE-2022-20154.html
   https://www.suse.com/security/cve/CVE-2022-2318.html
   https://www.suse.com/security/cve/CVE-2022-26365.html
   https://www.suse.com/security/cve/CVE-2022-29900.html
   https://www.suse.com/security/cve/CVE-2022-29901.html
   https://www.suse.com/security/cve/CVE-2022-33740.html
   https://www.suse.com/security/cve/CVE-2022-33741.html
   https://www.suse.com/security/cve/CVE-2022-33742.html
   https://www.suse.com/security/cve/CVE-2022-33981.html
   https://bugzilla.suse.com/1194013
   https://bugzilla.suse.com/1196901
   https://bugzilla.suse.com/1199487
   https://bugzilla.suse.com/1199657
   https://bugzilla.suse.com/1200571
   https://bugzilla.suse.com/1200599
   https://bugzilla.suse.com/1200604
   https://bugzilla.suse.com/1200605
   https://bugzilla.suse.com/1200608
   https://bugzilla.suse.com/1200619
   https://bugzilla.suse.com/1200692
   https://bugzilla.suse.com/1200762
   https://bugzilla.suse.com/1201050
   https://bugzilla.suse.com/1201080
   https://bugzilla.suse.com/1201251

SUSE: 2022:2411-1 important: the Linux Kernel

July 15, 2022
An update that solves 14 vulnerabilities and has one errata is now available

Summary

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - exec: Force single empty string when argv is empty (bsc#1200571).

References

#1194013 #1196901 #1199487 #1199657 #1200571

#1200599 #1200604 #1200605 #1200608 #1200619

#1200692 #1200762 #1201050 #1201080 #1201251

Cross- CVE-2021-26341 CVE-2021-4157 CVE-2022-1679

CVE-2022-20132 CVE-2022-20141 CVE-2022-20154

CVE-2022-2318 CVE-2022-26365 CVE-2022-29900

CVE-2022-29901 CVE-2022-33740 CVE-2022-33741

CVE-2022-33742 CVE-2022-33981

CVSS scores:

CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE CaaS Platform 4.0

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Availability 15-SP1

SUSE Linux Enterprise High Performance Computing 15-SP1

SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS

SUSE Linux Enterprise Module for Live Patching 15-SP1

SUSE Linux Enterprise Server 15-SP1

SUSE Linux Enterprise Server 15-SP1-BCL

SUSE Linux Enterprise Server 15-SP1-LTSS

SUSE Linux Enterprise Server for SAP 15-SP1

SUSE Linux Enterprise Server for SAP Applications 15-SP1

SUSE Linux Enterprise Storage 6

SUSE Manager Proxy 4.0

SUSE Manager Retail Branch Server 4.0

SUSE Manager Server 4.0

openSUSE Leap 15.3

openSUSE Leap 15.4

https://www.suse.com/security/cve/CVE-2021-26341.html

https://www.suse.com/security/cve/CVE-2021-4157.html

https://www.suse.com/security/cve/CVE-2022-1679.html

https://www.suse.com/security/cve/CVE-2022-20132.html

https://www.suse.com/security/cve/CVE-2022-20141.html

https://www.suse.com/security/cve/CVE-2022-20154.html

https://www.suse.com/security/cve/CVE-2022-2318.html

https://www.suse.com/security/cve/CVE-2022-26365.html

https://www.suse.com/security/cve/CVE-2022-29900.html

https://www.suse.com/security/cve/CVE-2022-29901.html

https://www.suse.com/security/cve/CVE-2022-33740.html

https://www.suse.com/security/cve/CVE-2022-33741.html

https://www.suse.com/security/cve/CVE-2022-33742.html

https://www.suse.com/security/cve/CVE-2022-33981.html

https://bugzilla.suse.com/1194013

https://bugzilla.suse.com/1196901

https://bugzilla.suse.com/1199487

https://bugzilla.suse.com/1199657

https://bugzilla.suse.com/1200571

https://bugzilla.suse.com/1200599

https://bugzilla.suse.com/1200604

https://bugzilla.suse.com/1200605

https://bugzilla.suse.com/1200608

https://bugzilla.suse.com/1200619

https://bugzilla.suse.com/1200692

https://bugzilla.suse.com/1200762

https://bugzilla.suse.com/1201050

https://bugzilla.suse.com/1201080

https://bugzilla.suse.com/1201251

Severity
Announcement ID: SUSE-SU-2022:2411-1
Rating: important

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.