SUSE: 2022:3265-1 important: the Linux Kernel | LinuxSecurity.com

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:3265-1
Rating:             important
References:         #1054914 #1065729 #1078216 #1093777 #1094120 
                    #1107937 #1120716 #1141488 #1179310 #1181862 
                    #1189904 #1190397 #1191881 #1194535 #1196616 
                    #1197158 #1198388 #1199617 #1199665 #1201019 
                    #1201264 #1201420 #1201442 #1201610 #1201705 
                    #1201726 #1201948 #1202017 #1202096 #1202154 
                    #1202346 #1202347 #1202393 #1202396 #1202528 
                    #1202577 #1202672 #1202830 #1202897 #1202898 
                    #1203013 #1203098 #1203126 
Cross-References:   CVE-2020-36516 CVE-2021-4203 CVE-2022-20368
                    CVE-2022-20369 CVE-2022-21385 CVE-2022-2588
                    CVE-2022-26373 CVE-2022-2639 CVE-2022-29581
                    CVE-2022-2977 CVE-2022-3028 CVE-2022-36879
                   
CVSS scores:
                    CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
                    CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
                    CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
                    CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
                    CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Desktop 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
                    SUSE Linux Enterprise High Performance Computing 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP Applications 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 31 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
     net/xfrm/xfrm_policy.c where a refcount could be dropped twice
     (bnc#1201948).
   - CVE-2022-3028: Fixed race condition that was found in the IP framework
     for transforming packets (XFRM subsystem) (bnc#1202898).
   - CVE-2022-2977: Fixed reference counting for struct tpm_chip
     (bsc#1202672).
   - CVE-2022-29581: Fixed improper update of reference count vulnerability
     in net/sched that allowed a local attacker to cause privilege escalation
     to root (bnc#1199665).
   - CVE-2022-2639: Fixed an integer coercion error that was found in the
     openvswitch kernel module (bnc#1202154).
   - CVE-2022-26373: Fixed non-transparent sharing of return predictor
     targets between contexts in some Intel Processors (bnc#1201726).
   - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
   - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed
     unprivileged local users to crash the machine (bnc#1202897).
   - CVE-2022-20369: Fixed possible out of bounds write due to improper input
     validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
   - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
     (bsc#1202346).
   - CVE-2021-4203: Fixed use-after-free read flaw that was found in
     sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
     SO_PEERGROUPS race with listen() (bnc#1194535).
   - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
     an attacker was able to inject data into or terminate a victim's TCP
     session (bnc#1196616).

   The following non-security bugs were fixed:

   - 9p: migrate from sync_inode to filemap_fdatawrite_wbc (bsc#1202528).
   - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
   - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
   - Fix releasing of old bundles in xfrm_bundle_lookup() (bsc#1201264
     bsc#1190397 bsc#1199617).
   - KABI: cgroup: Restore KABI of css_set (bsc#1201610).
   - KVM: PPC: Book3S HV: Context tracking exit guest context before enabling
     irqs (bsc#1065729).
   - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2
     (bsc#1201442)
   - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (bsc#1120716).
   - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
     (git-fixes).
   - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical
     #GP (git-fixes).
   - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
   - README, patch-tag-template, header.py: Abolish Novell and FATE
     (bsc#1189904).
   - SUNRPC: Fix READ_PLUS crasher (git-fixes).
   - SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
   - USB: new quirk for Dell Gen 2 devices (git-fixes).
   - USB: serial: io_ti: add Agilent E5805A support (git-fixes).
   - ata: libata: add qc->flags in ata_qc_complete_template tracepoint
     (git-fixes).
   - bs-upload-kernel: Workaround for vim syntax highlighting
   - bs-upload-kernel: build klp_symbols when supported. cherry-picked from
     kbuild
   - btrfs: Convert fs_info->free_chunk_space to atomic64_t (bsc#1202528).
   - btrfs: add a trace class for dumping the current ENOSPC state
     (bsc#1202528).
   - btrfs: add a trace point for reserve tickets (bsc#1202528).
   - btrfs: adjust the flush trace point to include the source (bsc#1202528).
   - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1202528).
   - btrfs: check worker before need_preemptive_reclaim (bsc#1202528).
   - btrfs: do not do preemptive flushing if the majority is global rsv
     (bsc#1202528).
   - btrfs: do not include the global rsv size in the preemptive used amount
     (bsc#1202528).
   - btrfs: enable a tracepoint when we fail tickets (bsc#1202528).
   - btrfs: handle preemptive delalloc flushing slightly differently
     (bsc#1202528).
   - btrfs: implement space clamping for preemptive flushing (bsc#1202528).
   - btrfs: improve preemptive background space flushing (bsc#1202528).
   - btrfs: include delalloc related info in dump space info tracepoint
     (bsc#1202528).
   - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1202528).
   - btrfs: make flush_space take a enum btrfs_flush_state instead of int
     (bsc#1202528).
   - btrfs: only clamp the first time we have to start flushing (bsc#1202528).
   - btrfs: only ignore delalloc if delalloc is much smaller than ordered
     (bsc#1202528).
   - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1202528).
   - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1202528).
   - btrfs: rename need_do_async_reclaim (bsc#1202528).
   - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1202528).
   - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1202528).
   - btrfs: rip out may_commit_transaction (bsc#1202528).
   - btrfs: rip the first_ticket_bytes logic from fail_all_tickets
     (bsc#1202528).
   - btrfs: simplify the logic in need_preemptive_flushing (bsc#1202528).
   - btrfs: take into account global rsv in need_preemptive_reclaim
     (bsc#1202528).
   - btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc
     (bsc#1202528).
   - btrfs: use percpu_read_positive instead of sum_positive for need_preempt
     (bsc#1202528).
   - btrfs: use the filemap_fdatawrite_wbc helper for delalloc shrinking
     (bsc#1202528).
   - btrfs: use the global rsv size in the preemptive thresh calculation
     (bsc#1202528).
   - btrfs: wait on async extents when flushing delalloc (bsc#1202528).
   - btrfs: wake up async_delalloc_pages waiters after submit (bsc#1202528).
   - ceph: do not truncate file in atomic_open (bsc#1202830).
   - cgroup: Use separate src/dst nodes when preloading css_sets for
     migration (bsc#1201610).
   - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes).
   - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
     (git-fixes).
   - cxgb4: fix endian conversions for L4 ports in filters (git-fixes).
   - cxgb4: move handling L2T ARP failures to caller (git-fixes).
   - cxgb4: parse TC-U32 key values and masks natively (git-fixes).
   - dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
   - drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX (git-fixes).
   - fs: add a filemap_fdatawrite_wbc helper (bsc#1202528).
   - fuse: limit nsec (bsc#1203126).
   - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
     (git-fixes).
   - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
   - kabi/severities: add mlx5 internal symbols
   - kernel-obs-build: include qemu_fw_cfg (boo#1201705)
   - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
     ZDI-CAN-17325).
   - md-raid: destroy the bitmap after destroying the thread (git-fixes).
   - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
   - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes,
     bsc#1203098).
   - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
     (git-fixes, bsc#1203098).
   - mvpp2: fix panic on module removal (git-fixes).
   - mvpp2: refactor the HW checksum setup (git-fixes).
   - net/mlx5: Clear LAG notifier pointer after unregister (git-fixes).
   - net/mlx5: Fix auto group size calculation (git-fixes).
   - net/mlx5: Imply MLXFW in mlx5_core (git-fixes).
   - net/mlx5e: Use the inner headers to determine tc/pedit offload
     limitation on decap flows (git-fixes).
   - net: dsa: mt7530: Change the LINK bit to reflect the link status
     (git-fixes).
   - net: emaclite: Simplify if-else statements (git-fixes).
   - net: ll_temac: Add more error handling of dma_map_single() calls
     (git-fixes).
   - net: ll_temac: Enable DMA when ready, not before (git-fixes).
   - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure
     (git-fixes).
   - net: ll_temac: Fix iommu/swiotlb leak (git-fixes).
   - net: ll_temac: Fix support for 64-bit platforms (git-fixes).
   - net: ll_temac: Fix support for little-endian platforms (git-fixes).
   - net: ll_temac: Fix typo bug for 32-bit (git-fixes).
   - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
     pointer (git-fixes).
   - net: stmmac: gmac4: bitrev32 returns u32 (git-fixes).
   - net: usb: lan78xx: Connect PHY before registering MAC (git-fixes).
   - net: xilinx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop
     profiles (git-fixes).
   - net_sched: cls_route: disallow handle of 0 (bsc#1202393).
   - objtool: Add --backtrace support (bsc#1202396).
   - objtool: Add support for intra-function calls (bsc#1202396).
   - objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
   - objtool: Convert insn type to enum (bsc#1202396).
   - objtool: Do not use ignore flag for fake jumps (bsc#1202396).
   - objtool: Fix !CFI insn_state propagation (bsc#1202396).
   - objtool: Fix ORC vs alternatives (bsc#1202396).
   - objtool: Fix sibling call detection (bsc#1202396).
   - objtool: Make handle_insn_ops() unconditional (bsc#1202396).
   - objtool: Remove INSN_STACK (bsc#1202396).
   - objtool: Remove check preventing branches within alternative
     (bsc#1202396).
   - objtool: Rename elf_open() to prevent conflict with libelf from
     elftoolchain (bsc#1202396).
   - objtool: Rename struct cfi_state (bsc#1202396).
   - objtool: Rework allocating stack_ops on decode (bsc#1202396).
   - objtool: Rewrite alt->skip_orig (bsc#1202396).
   - objtool: Set insn->func for alternatives (bsc#1202396).
   - objtool: Support conditional retpolines (bsc#1202396).
   - objtool: Support multiple stack_op per instruction (bsc#1202396).
   - objtool: Track original function across branches (bsc#1202396).
   - objtool: Uniquely identify alternative instruction groups (bsc#1202396).
   - objtool: Use Elf_Scn typedef instead of assuming struct name
     (bsc#1202396).
   - pNFS: Do not keep retrying if the server replied
     NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
   - phy: tegra: fix device-tree node lookups (git-fixes).
   - powerpc/perf: Add privileged access check for thread_imc (bsc#1054914,
     git-fixes).
   - powerpc/perf: Fix loop exit condition in nest_imc_event_init
     (bsc#1054914, git-fixes).
   - powerpc/perf: Return accordingly on invalid chip-id in (bsc#1054914,
     git-fixes).
   - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
   - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
   - powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
   - powerpc/powernv: Use darn instruction for get_random_seed() on Power9
     (bsc#1065729).
   - powerpc/powernv: delay rng platform device creation until later in boot
     (bsc#1065729).
   - powerpc/powernv: rename remaining rng powernv_ functions to pnv_
     (bsc#1065729).
   - powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
   - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
   - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
   - powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
   - powerpc: Use sizeof(*foo) rather than sizeof(struct foo) (bsc#1054914,
     git-fixes).
   - powerpc: define get_cycles macro for arch-override (bsc#1065729).
   - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
   - qed: Add EDPM mode type for user-fw compatibility (git-fixes).
   - qed: fix kABI in qed_rdma_create_qp_in_params (git-fixes).
   - run_oldconfig.sh: Only use dummy tools if they exist (bcs#1181862).
   - scripts/run_oldconfig.sh: Make dumy-tools executable (bcs#1181862).
   - scripts/run_oldconfig.sh: make use of scripts/dummy-tools (bcs#1181862).
   - scripts/run_oldconfig.sh: use pahole from dummy-tools if available
     (bsc#1198388).
   - scsi: smartpqi: set force_blk_mq=1.(bsc#1179310)
   - sequence-patch: just exist if there is no config.sh
   - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
     (git-fixes).
   - squashfs: add more sanity checks in id lookup (git-fixes).
   - squashfs: add more sanity checks in inode lookup (git-fixes).
   - squashfs: add more sanity checks in xattr id lookup (git-fixes).
   - squashfs: fix divide error in calculate_skip() (git-fixes).
   - squashfs: fix inode lookup sanity checks (bsc#1203013).
   - squashfs: fix xattr id and id lookup sanity checks (bsc#1203013).
   - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
     (git-fixes).
   - tracing/perf: Use strndup_user() instead of buggy open-coded version
     (git-fixes).
   - tracing/uprobes: Check the return value of kstrdup() for tu->filename
     (git-fixes).
   - tracing: Fix race in perf_trace_buf initialization (git-fixes).
   - usb: misc: fix improper handling of refcount in uss720_probe()
     (git-fixes).
   - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
   - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
   - xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
   - xfs: always free inline data before resetting inode fork during ifree
     (bsc#1202017).
   - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
   - xfs: fix NULL pointer dereference in xfs_getbmap() (git-fixes).
   - xprtrdma: Fix trace point use-after-free race (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3265=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3265=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3265=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3265=1

      Please note that this is the initial kernel livepatch without fixes
      itself, this livepatch package is later updated by seperate standalone
      livepatch updates.

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2022-3265=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.133.1
      kernel-default-debugsource-4.12.14-122.133.1
      kernel-default-extra-4.12.14-122.133.1
      kernel-default-extra-debuginfo-4.12.14-122.133.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.133.1
      kernel-obs-build-debugsource-4.12.14-122.133.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.133.2

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.133.1
      kernel-default-base-4.12.14-122.133.1
      kernel-default-base-debuginfo-4.12.14-122.133.1
      kernel-default-debuginfo-4.12.14-122.133.1
      kernel-default-debugsource-4.12.14-122.133.1
      kernel-default-devel-4.12.14-122.133.1
      kernel-syms-4.12.14-122.133.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.133.1
      kernel-macros-4.12.14-122.133.1
      kernel-source-4.12.14-122.133.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.133.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.133.1

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.133.1
      kernel-default-debugsource-4.12.14-122.133.1
      kernel-default-kgraft-4.12.14-122.133.1
      kernel-default-kgraft-devel-4.12.14-122.133.1
      kgraft-patch-4_12_14-122_133-default-1-8.3.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.133.1
      cluster-md-kmp-default-debuginfo-4.12.14-122.133.1
      dlm-kmp-default-4.12.14-122.133.1
      dlm-kmp-default-debuginfo-4.12.14-122.133.1
      gfs2-kmp-default-4.12.14-122.133.1
      gfs2-kmp-default-debuginfo-4.12.14-122.133.1
      kernel-default-debuginfo-4.12.14-122.133.1
      kernel-default-debugsource-4.12.14-122.133.1
      ocfs2-kmp-default-4.12.14-122.133.1
      ocfs2-kmp-default-debuginfo-4.12.14-122.133.1


References:

   https://www.suse.com/security/cve/CVE-2020-36516.html
   https://www.suse.com/security/cve/CVE-2021-4203.html
   https://www.suse.com/security/cve/CVE-2022-20368.html
   https://www.suse.com/security/cve/CVE-2022-20369.html
   https://www.suse.com/security/cve/CVE-2022-21385.html
   https://www.suse.com/security/cve/CVE-2022-2588.html
   https://www.suse.com/security/cve/CVE-2022-26373.html
   https://www.suse.com/security/cve/CVE-2022-2639.html
   https://www.suse.com/security/cve/CVE-2022-29581.html
   https://www.suse.com/security/cve/CVE-2022-2977.html
   https://www.suse.com/security/cve/CVE-2022-3028.html
   https://www.suse.com/security/cve/CVE-2022-36879.html
   https://bugzilla.suse.com/1054914
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1078216
   https://bugzilla.suse.com/1093777
   https://bugzilla.suse.com/1094120
   https://bugzilla.suse.com/1107937
   https://bugzilla.suse.com/1120716
   https://bugzilla.suse.com/1141488
   https://bugzilla.suse.com/1179310
   https://bugzilla.suse.com/1181862
   https://bugzilla.suse.com/1189904
   https://bugzilla.suse.com/1190397
   https://bugzilla.suse.com/1191881
   https://bugzilla.suse.com/1194535
   https://bugzilla.suse.com/1196616
   https://bugzilla.suse.com/1197158
   https://bugzilla.suse.com/1198388
   https://bugzilla.suse.com/1199617
   https://bugzilla.suse.com/1199665
   https://bugzilla.suse.com/1201019
   https://bugzilla.suse.com/1201264
   https://bugzilla.suse.com/1201420
   https://bugzilla.suse.com/1201442
   https://bugzilla.suse.com/1201610
   https://bugzilla.suse.com/1201705
   https://bugzilla.suse.com/1201726
   https://bugzilla.suse.com/1201948
   https://bugzilla.suse.com/1202017
   https://bugzilla.suse.com/1202096
   https://bugzilla.suse.com/1202154
   https://bugzilla.suse.com/1202346
   https://bugzilla.suse.com/1202347
   https://bugzilla.suse.com/1202393
   https://bugzilla.suse.com/1202396
   https://bugzilla.suse.com/1202528
   https://bugzilla.suse.com/1202577
   https://bugzilla.suse.com/1202672
   https://bugzilla.suse.com/1202830
   https://bugzilla.suse.com/1202897
   https://bugzilla.suse.com/1202898
   https://bugzilla.suse.com/1203013
   https://bugzilla.suse.com/1203098
   https://bugzilla.suse.com/1203126

SUSE: 2022:3265-1 important: the Linux Kernel

September 14, 2022
An update that solves 12 vulnerabilities and has 31 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-29581: Fixed improper update of reference count vulnerability in net/sched that allowed a local attacker to cause privilege escalation to root (bnc#1199665). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897). - CVE-2022-20369: Fixed possible out of bounds write due to improper input validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). The following non-security bugs were fixed: - 9p: migrate from sync_inode to filemap_fdatawrite_wbc (bsc#1202528). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - Fix releasing of old bundles in xfrm_bundle_lookup() (bsc#1201264 bsc#1190397 bsc#1199617). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (bsc#1120716). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - README, patch-tag-template, header.py: Abolish Novell and FATE (bsc#1189904). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - USB: new quirk for Dell Gen 2 devices (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - bs-upload-kernel: Workaround for vim syntax highlighting - bs-upload-kernel: build klp_symbols when supported. cherry-picked from kbuild - btrfs: Convert fs_info->free_chunk_space to atomic64_t (bsc#1202528). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1202528). - btrfs: add a trace point for reserve tickets (bsc#1202528). - btrfs: adjust the flush trace point to include the source (bsc#1202528). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1202528). - btrfs: check worker before need_preemptive_reclaim (bsc#1202528). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1202528). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1202528). - btrfs: enable a tracepoint when we fail tickets (bsc#1202528). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1202528). - btrfs: implement space clamping for preemptive flushing (bsc#1202528). - btrfs: improve preemptive background space flushing (bsc#1202528). - btrfs: include delalloc related info in dump space info tracepoint (bsc#1202528). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1202528). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1202528). - btrfs: only clamp the first time we have to start flushing (bsc#1202528). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1202528). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1202528). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1202528). - btrfs: rename need_do_async_reclaim (bsc#1202528). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1202528). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1202528). - btrfs: rip out may_commit_transaction (bsc#1202528). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1202528). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1202528). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1202528). - btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc (bsc#1202528). - btrfs: use percpu_read_positive instead of sum_positive for need_preempt (bsc#1202528). - btrfs: use the filemap_fdatawrite_wbc helper for delalloc shrinking (bsc#1202528). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1202528). - btrfs: wait on async extents when flushing delalloc (bsc#1202528). - btrfs: wake up async_delalloc_pages waiters after submit (bsc#1202528). - ceph: do not truncate file in atomic_open (bsc#1202830). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes). - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes). - cxgb4: fix endian conversions for L4 ports in filters (git-fixes). - cxgb4: move handling L2T ARP failures to caller (git-fixes). - cxgb4: parse TC-U32 key values and masks natively (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX (git-fixes). - fs: add a filemap_fdatawrite_wbc helper (bsc#1202528). - fuse: limit nsec (bsc#1203126). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - kabi/severities: add mlx5 internal symbols - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - md-raid: destroy the bitmap after destroying the thread (git-fixes). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mvpp2: fix panic on module removal (git-fixes). - mvpp2: refactor the HW checksum setup (git-fixes). - net/mlx5: Clear LAG notifier pointer after unregister (git-fixes). - net/mlx5: Fix auto group size calculation (git-fixes). - net/mlx5: Imply MLXFW in mlx5_core (git-fixes). - net/mlx5e: Use the inner headers to determine tc/pedit offload limitation on decap flows (git-fixes). - net: dsa: mt7530: Change the LINK bit to reflect the link status (git-fixes). - net: emaclite: Simplify if-else statements (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Enable DMA when ready, not before (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Fix iommu/swiotlb leak (git-fixes). - net: ll_temac: Fix support for 64-bit platforms (git-fixes). - net: ll_temac: Fix support for little-endian platforms (git-fixes). - net: ll_temac: Fix typo bug for 32-bit (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmmac: gmac4: bitrev32 returns u32 (git-fixes). - net: usb: lan78xx: Connect PHY before registering MAC (git-fixes). - net: xilinx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - objtool: Add --backtrace support (bsc#1202396). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Allow no-op CFI ops in alternatives (bsc#1202396). - objtool: Convert insn type to enum (bsc#1202396). - objtool: Do not use ignore flag for fake jumps (bsc#1202396). - objtool: Fix !CFI insn_state propagation (bsc#1202396). - objtool: Fix ORC vs alternatives (bsc#1202396). - objtool: Fix sibling call detection (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Remove check preventing branches within alternative (bsc#1202396). - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396). - objtool: Rename struct cfi_state (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Rewrite alt->skip_orig (bsc#1202396). - objtool: Set insn->func for alternatives (bsc#1202396). - objtool: Support conditional retpolines (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - objtool: Track original function across branches (bsc#1202396). - objtool: Uniquely identify alternative instruction groups (bsc#1202396). - objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - phy: tegra: fix device-tree node lookups (git-fixes). - powerpc/perf: Add privileged access check for thread_imc (bsc#1054914, git-fixes). - powerpc/perf: Fix loop exit condition in nest_imc_event_init (bsc#1054914, git-fixes). - powerpc/perf: Return accordingly on invalid chip-id in (bsc#1054914, git-fixes). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: Use darn instruction for get_random_seed() on Power9 (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: Use sizeof(*foo) rather than sizeof(struct foo) (bsc#1054914, git-fixes). - powerpc: define get_cycles macro for arch-override (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - qed: Add EDPM mode type for user-fw compatibility (git-fixes). - qed: fix kABI in qed_rdma_create_qp_in_params (git-fixes). - run_oldconfig.sh: Only use dummy tools if they exist (bcs#1181862). - scripts/run_oldconfig.sh: Make dumy-tools executable (bcs#1181862). - scripts/run_oldconfig.sh: make use of scripts/dummy-tools (bcs#1181862). - scripts/run_oldconfig.sh: use pahole from dummy-tools if available (bsc#1198388). - scsi: smartpqi: set force_blk_mq=1.(bsc#1179310) - sequence-patch: just exist if there is no config.sh - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - squashfs: add more sanity checks in id lookup (git-fixes). - squashfs: add more sanity checks in inode lookup (git-fixes). - squashfs: add more sanity checks in xattr id lookup (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1203013). - squashfs: fix xattr id and id lookup sanity checks (bsc#1203013). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing/perf: Use strndup_user() instead of buggy open-coded version (git-fixes). - tracing/uprobes: Check the return value of kstrdup() for tu->filename (git-fixes). - tracing: Fix race in perf_trace_buf initialization (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xfs: always free inline data before resetting inode fork during ifree (bsc#1202017). - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577). - xfs: fix NULL pointer dereference in xfs_getbmap() (git-fixes). - xprtrdma: Fix trace point use-after-free race (git-fixes).

References

#1054914 #1065729 #1078216 #1093777 #1094120

#1107937 #1120716 #1141488 #1179310 #1181862

#1189904 #1190397 #1191881 #1194535 #1196616

#1197158 #1198388 #1199617 #1199665 #1201019

#1201264 #1201420 #1201442 #1201610 #1201705

#1201726 #1201948 #1202017 #1202096 #1202154

#1202346 #1202347 #1202393 #1202396 #1202528

#1202577 #1202672 #1202830 #1202897 #1202898

#1203013 #1203098 #1203126

Cross- CVE-2020-36516 CVE-2021-4203 CVE-2022-20368

CVE-2022-20369 CVE-2022-21385 CVE-2022-2588

CVE-2022-26373 CVE-2022-2639 CVE-2022-29581

CVE-2022-2977 CVE-2022-3028 CVE-2022-36879

CVSS scores:

CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L

CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Desktop 12-SP5

SUSE Linux Enterprise High Availability 12-SP5

SUSE Linux Enterprise High Performance Computing 12-SP5

SUSE Linux Enterprise Live Patching 12-SP5

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP Applications 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Workstation Extension 12-SP5

https://www.suse.com/security/cve/CVE-2020-36516.html

https://www.suse.com/security/cve/CVE-2021-4203.html

https://www.suse.com/security/cve/CVE-2022-20368.html

https://www.suse.com/security/cve/CVE-2022-20369.html

https://www.suse.com/security/cve/CVE-2022-21385.html

https://www.suse.com/security/cve/CVE-2022-2588.html

https://www.suse.com/security/cve/CVE-2022-26373.html

https://www.suse.com/security/cve/CVE-2022-2639.html

https://www.suse.com/security/cve/CVE-2022-29581.html

https://www.suse.com/security/cve/CVE-2022-2977.html

https://www.suse.com/security/cve/CVE-2022-3028.html

https://www.suse.com/security/cve/CVE-2022-36879.html

https://bugzilla.suse.com/1054914

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1078216

https://bugzilla.suse.com/1093777

https://bugzilla.suse.com/1094120

https://bugzilla.suse.com/1107937

https://bugzilla.suse.com/1120716

https://bugzilla.suse.com/1141488

https://bugzilla.suse.com/1179310

https://bugzilla.suse.com/1181862

https://bugzilla.suse.com/1189904

https://bugzilla.suse.com/1190397

https://bugzilla.suse.com/1191881

https://bugzilla.suse.com/1194535

https://bugzilla.suse.com/1196616

https://bugzilla.suse.com/1197158

https://bugzilla.suse.com/1198388

https://bugzilla.suse.com/1199617

https://bugzilla.suse.com/1199665

https://bugzilla.suse.com/1201019

https://bugzilla.suse.com/1201264

https://bugzilla.suse.com/1201420

https://bugzilla.suse.com/1201442

https://bugzilla.suse.com/1201610

https://bugzilla.suse.com/1201705

https://bugzilla.suse.com/1201726

https://bugzilla.suse.com/1201948

https://bugzilla.suse.com/1202017

https://bugzilla.suse.com/1202096

https://bugzilla.suse.com/1202154

https://bugzilla.suse.com/1202346

https://bugzilla.suse.com/1202347

https://bugzilla.suse.com/1202393

https://bugzilla.suse.com/1202396

https://bugzilla.suse.com/1202528

https://bugzilla.suse.com/1202577

https://bugzilla.suse.com/1202672

https://bugzilla.suse.com/1202830

https://bugzilla.suse.com/1202897

https://bugzilla.suse.com/1202898

https://bugzilla.suse.com/1203013

https://bugzilla.suse.com/1203098

https://bugzilla.suse.com/1203126

Severity
Announcement ID: SUSE-SU-2022:3265-1
Rating: important

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.