SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2741-1
Rating:             important
References:         #1178134 #1198829 #1199364 #1199647 #1199665 
                    #1199670 #1200521 #1200598 #1200644 #1200651 
                    #1200762 #1200910 #1201196 #1201206 #1201251 
                    #1201381 #1201429 #1201458 #1201635 #1201636 
                    #1201644 #1201664 #1201672 #1201673 #1201676 
                    #1201846 #1201930 #1201940 #1201954 #1201956 
                    #1201958 SLE-24559 
Cross-References:   CVE-2020-36557 CVE-2020-36558 CVE-2021-33655
                    CVE-2021-33656 CVE-2022-1116 CVE-2022-1462
                    CVE-2022-20166 CVE-2022-21505 CVE-2022-2318
                    CVE-2022-26365 CVE-2022-29581 CVE-2022-32250
                    CVE-2022-33740 CVE-2022-33741 CVE-2022-33742
                    CVE-2022-36946
CVSS scores:
                    CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
                    CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
                    CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise High Performance Computing 15-SP3
                    SUSE Linux Enterprise Module for Public Cloud 15-SP3
                    SUSE Linux Enterprise Server 15-SP3
                    SUSE Linux Enterprise Server for SAP Applications 15-SP3
                    SUSE Linux Enterprise Storage 7.1
                    SUSE Manager Proxy 4.2
                    SUSE Manager Retail Branch Server 4.2
                    SUSE Manager Server 4.2
                    openSUSE Leap 15.3
______________________________________________________________________________

   An update that solves 16 vulnerabilities, contains one
   feature and has 15 fixes is now available.

Description:


   The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
   security bugfixes.

   The following security bugs were fixed:

   - CVE-2022-36946: Fixed an incorrect packet trucation operation which
     could lead to denial of service (bnc#1201940).
   - CVE-2022-29581: Fixed improper update of reference count in net/sched
     that could cause root privilege escalation (bnc#1199665).
   - CVE-2022-20166: Fixed several possible memory safety issues due to
     unsafe operations (bsc#1200598).
   - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could
     lead to a NULL pointer dereference and general protection fault
     (bnc#1200910).
   - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl
     and closing/opening of TTYs that could lead to a use-after-free
     (bnc#1201429).
   - CVE-2021-33655: Fixed an out of bounds write by ioctl cmd
     FBIOPUT_VSCREENINFO (bnc#1201635).
   - CVE-2021-33656: Fixed an out of bounds write related to ioctl cmd
     PIO_FONT (bnc#1201636).
   - CVE-2022-21505: Fixed a kernel lockdown bypass via IMA policy
     (bsc#1201458).
   - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem
     (bnc#1198829).
   - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring which
     allowed a local attacker to escalate privileges to root (bnc#1199647).-
     CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler
     in Rose subsystem that allowed unprivileged attackers to crash the
     system (bsc#1201251).
   - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed
     multiple potential data leaks with Block and Network devices when using
     untrusted backends (bsc#1200762).

   The following non-security bugs were fixed:

   - Fixed a system crash related to the recent RETBLEED mitigation
     (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
   - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651
     bsc#1200644 bsc#1201954 bsc#1201958).
   - kvm: emulate: do not adjust size of fastop and setcc subroutines
     (bsc#1201930).
   - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature
     (bsc#1199364).
   - bpf: enable BPF type format (BTF) (jsc#SLE-24559).
   - nfs: avoid NULL pointer dereference when there is unflushed data
     (bsc#1201196).
   - hv_netvsc: Add (more) validation for untrusted Hyper-V values
     (bsc#1199364).
   - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
   - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
   - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer
     (bsc#1199364).
   - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
   - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
   - lkdtm: Disable return thunks in rodata.c (bsc#1178134).
   - net, xdp: Introduce __xdp_build_skb_from_frame utility routine
     (bsc#1199364).
   - net, xdp: Introduce xdp_build_skb_from_frame utility routine
     (bsc#1199364).
   - nvme: consider also host_iface when checking ip options (bsc#1199670).
   - powerpc/mobility: wait for memory transfer to complete (bsc#1201846
     ltc#198761).
   - powerpc/pseries/mobility: set NMI watchdog factor during an LPM
     (bsc#1201846 ltc#198761).
   - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
     ltc#198761).
   - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
   - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
     (bsc#1201956).
   - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
     (bsc#1201956 bsc#1200521).
   - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE
     (bsc#1201956).
   - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb()
     (bsc#1201956).
   - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed
     user input (bsc#1201956).
   - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
     lpfc_sli_prep_abort_xri() (bsc#1201956).
   - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
   - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after
     VMID (bsc#1201956).
   - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration
     (bsc#1201956).
   - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb
     (bsc#1201956).
   - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
   - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
     (bsc#1201958).
   - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
   - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
   - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
   - scsi: qla2xxx: Fix response queue handler reading stale packets
     (bsc#1201958).
   - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
   - scsi: qla2xxx: Update manufacturer details (bsc#1201958).
   - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
   - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
   - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
   - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
   - x86/bugs: Remove apostrophe typo (bsc#1178134).
   - x86/entry: Remove skip_r11rcx (bsc#1201644).
   - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
   - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
     (bsc#1201381).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-2741=1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2741=1



Package List:

   - openSUSE Leap 15.3 (noarch):

      kernel-devel-azure-5.3.18-150300.38.75.1
      kernel-source-azure-5.3.18-150300.38.75.1

   - openSUSE Leap 15.3 (x86_64):

      cluster-md-kmp-azure-5.3.18-150300.38.75.1
      cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.75.1
      dlm-kmp-azure-5.3.18-150300.38.75.1
      dlm-kmp-azure-debuginfo-5.3.18-150300.38.75.1
      gfs2-kmp-azure-5.3.18-150300.38.75.1
      gfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
      kernel-azure-5.3.18-150300.38.75.1
      kernel-azure-debuginfo-5.3.18-150300.38.75.1
      kernel-azure-debugsource-5.3.18-150300.38.75.1
      kernel-azure-devel-5.3.18-150300.38.75.1
      kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
      kernel-azure-extra-5.3.18-150300.38.75.1
      kernel-azure-extra-debuginfo-5.3.18-150300.38.75.1
      kernel-azure-livepatch-devel-5.3.18-150300.38.75.1
      kernel-azure-optional-5.3.18-150300.38.75.1
      kernel-azure-optional-debuginfo-5.3.18-150300.38.75.1
      kernel-syms-azure-5.3.18-150300.38.75.1
      kselftests-kmp-azure-5.3.18-150300.38.75.1
      kselftests-kmp-azure-debuginfo-5.3.18-150300.38.75.1
      ocfs2-kmp-azure-5.3.18-150300.38.75.1
      ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
      reiserfs-kmp-azure-5.3.18-150300.38.75.1
      reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.75.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):

      kernel-azure-5.3.18-150300.38.75.1
      kernel-azure-debuginfo-5.3.18-150300.38.75.1
      kernel-azure-debugsource-5.3.18-150300.38.75.1
      kernel-azure-devel-5.3.18-150300.38.75.1
      kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
      kernel-syms-azure-5.3.18-150300.38.75.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):

      kernel-devel-azure-5.3.18-150300.38.75.1
      kernel-source-azure-5.3.18-150300.38.75.1


References:

   https://www.suse.com/security/cve/CVE-2020-36557.html
   https://www.suse.com/security/cve/CVE-2020-36558.html
   https://www.suse.com/security/cve/CVE-2021-33655.html
   https://www.suse.com/security/cve/CVE-2021-33656.html
   https://www.suse.com/security/cve/CVE-2022-1116.html
   https://www.suse.com/security/cve/CVE-2022-1462.html
   https://www.suse.com/security/cve/CVE-2022-20166.html
   https://www.suse.com/security/cve/CVE-2022-21505.html
   https://www.suse.com/security/cve/CVE-2022-2318.html
   https://www.suse.com/security/cve/CVE-2022-26365.html
   https://www.suse.com/security/cve/CVE-2022-29581.html
   https://www.suse.com/security/cve/CVE-2022-32250.html
   https://www.suse.com/security/cve/CVE-2022-33740.html
   https://www.suse.com/security/cve/CVE-2022-33741.html
   https://www.suse.com/security/cve/CVE-2022-33742.html
   https://www.suse.com/security/cve/CVE-2022-36946.html
   https://bugzilla.suse.com/1178134
   https://bugzilla.suse.com/1198829
   https://bugzilla.suse.com/1199364
   https://bugzilla.suse.com/1199647
   https://bugzilla.suse.com/1199665
   https://bugzilla.suse.com/1199670
   https://bugzilla.suse.com/1200521
   https://bugzilla.suse.com/1200598
   https://bugzilla.suse.com/1200644
   https://bugzilla.suse.com/1200651
   https://bugzilla.suse.com/1200762
   https://bugzilla.suse.com/1200910
   https://bugzilla.suse.com/1201196
   https://bugzilla.suse.com/1201206
   https://bugzilla.suse.com/1201251
   https://bugzilla.suse.com/1201381
   https://bugzilla.suse.com/1201429
   https://bugzilla.suse.com/1201458
   https://bugzilla.suse.com/1201635
   https://bugzilla.suse.com/1201636
   https://bugzilla.suse.com/1201644
   https://bugzilla.suse.com/1201664
   https://bugzilla.suse.com/1201672
   https://bugzilla.suse.com/1201673
   https://bugzilla.suse.com/1201676
   https://bugzilla.suse.com/1201846
   https://bugzilla.suse.com/1201930
   https://bugzilla.suse.com/1201940
   https://bugzilla.suse.com/1201954
   https://bugzilla.suse.com/1201956
   https://bugzilla.suse.com/1201958

SUSE: 2022:2741-1 important: the Linux Kernel

August 10, 2022
An update that solves 16 vulnerabilities, contains one feature and has 15 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940). - CVE-2022-29581: Fixed improper update of reference count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs that could lead to a use-after-free (bnc#1201429). - CVE-2021-33655: Fixed an out of bounds write by ioctl cmd FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed an out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636). - CVE-2022-21505: Fixed a kernel lockdown bypass via IMA policy (bsc#1201458). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829). - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring which allowed a local attacker to escalate privileges to root (bnc#1199647).- CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). The following non-security bugs were fixed: - Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: enable BPF type format (BTF) (jsc#SLE-24559). - nfs: avoid NULL pointer dereference when there is unflushed data (bsc#1201196). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - nvme: consider also host_iface when checking ip options (bsc#1199670). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/entry: Remove skip_r11rcx (bsc#1201644). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381).

References

#1178134 #1198829 #1199364 #1199647 #1199665

#1199670 #1200521 #1200598 #1200644 #1200651

#1200762 #1200910 #1201196 #1201206 #1201251

#1201381 #1201429 #1201458 #1201635 #1201636

#1201644 #1201664 #1201672 #1201673 #1201676

#1201846 #1201930 #1201940 #1201954 #1201956

#1201958 SLE-24559

Cross- CVE-2020-36557 CVE-2020-36558 CVE-2021-33655

CVE-2021-33656 CVE-2022-1116 CVE-2022-1462

CVE-2022-20166 CVE-2022-21505 CVE-2022-2318

CVE-2022-26365 CVE-2022-29581 CVE-2022-32250

CVE-2022-33740 CVE-2022-33741 CVE-2022-33742

CVE-2022-36946

CVSS scores:

CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise High Performance Computing 15-SP3

SUSE Linux Enterprise Module for Public Cloud 15-SP3

SUSE Linux Enterprise Server 15-SP3

SUSE Linux Enterprise Server for SAP Applications 15-SP3

SUSE Linux Enterprise Storage 7.1

SUSE Manager Proxy 4.2

SUSE Manager Retail Branch Server 4.2

SUSE Manager Server 4.2

openSUSE Leap 15.3

https://www.suse.com/security/cve/CVE-2020-36557.html

https://www.suse.com/security/cve/CVE-2020-36558.html

https://www.suse.com/security/cve/CVE-2021-33655.html

https://www.suse.com/security/cve/CVE-2021-33656.html

https://www.suse.com/security/cve/CVE-2022-1116.html

https://www.suse.com/security/cve/CVE-2022-1462.html

https://www.suse.com/security/cve/CVE-2022-20166.html

https://www.suse.com/security/cve/CVE-2022-21505.html

https://www.suse.com/security/cve/CVE-2022-2318.html

https://www.suse.com/security/cve/CVE-2022-26365.html

https://www.suse.com/security/cve/CVE-2022-29581.html

https://www.suse.com/security/cve/CVE-2022-32250.html

https://www.suse.com/security/cve/CVE-2022-33740.html

https://www.suse.com/security/cve/CVE-2022-33741.html

https://www.suse.com/security/cve/CVE-2022-33742.html

https://www.suse.com/security/cve/CVE-2022-36946.html

https://bugzilla.suse.com/1178134

https://bugzilla.suse.com/1198829

https://bugzilla.suse.com/1199364

https://bugzilla.suse.com/1199647

https://bugzilla.suse.com/1199665

https://bugzilla.suse.com/1199670

https://bugzilla.suse.com/1200521

https://bugzilla.suse.com/1200598

https://bugzilla.suse.com/1200644

https://bugzilla.suse.com/1200651

https://bugzilla.suse.com/1200762

https://bugzilla.suse.com/1200910

https://bugzilla.suse.com/1201196

https://bugzilla.suse.com/1201206

https://bugzilla.suse.com/1201251

https://bugzilla.suse.com/1201381

https://bugzilla.suse.com/1201429

https://bugzilla.suse.com/1201458

https://bugzilla.suse.com/1201635

https://bugzilla.suse.com/1201636

https://bugzilla.suse.com/1201644

https://bugzilla.suse.com/1201664

https://bugzilla.suse.com/1201672

https://bugzilla.suse.com/1201673

https://bugzilla.suse.com/1201676

https://bugzilla.suse.com/1201846

https://bugzilla.suse.com/1201930

https://bugzilla.suse.com/1201940

https://bugzilla.suse.com/1201954

https://bugzilla.suse.com/1201956

https://bugzilla.suse.com/1201958

Severity
Announcement ID: SUSE-SU-2022:2741-1
Rating: important

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved