SUSE: 2022:3291-1 important: the Linux Kernel | LinuxSecurity.com

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:3291-1
Rating:             important
References:         #1169514 #1177440 #1188944 #1191881 #1194535 
                    #1196616 #1201019 #1201420 #1201705 #1201726 
                    #1201948 #1202096 #1202097 #1202154 #1202346 
                    #1202347 #1202393 #1202396 #1202672 #1202897 
                    #1202898 #1203098 #1203107 
Cross-References:   CVE-2020-36516 CVE-2021-4203 CVE-2022-20368
                    CVE-2022-20369 CVE-2022-21385 CVE-2022-2588
                    CVE-2022-26373 CVE-2022-2639 CVE-2022-2663
                    CVE-2022-2977 CVE-2022-3028 CVE-2022-36879
                    CVE-2022-39188
CVSS scores:
                    CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
                    CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
                    CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
                    CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
                    CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise High Availability 15
                    SUSE Linux Enterprise High Performance Computing 15
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise Module for Live Patching 15
                    SUSE Linux Enterprise Server 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server for SAP Applications 15
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has 10 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
     an attacker was able to inject data into or terminate a victim's TCP
     session (bnc#1196616).
   - CVE-2021-4203: Fixed use-after-free read flaw that was found in
     sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
     SO_PEERGROUPS race with listen() (bnc#1194535).
   - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
     (bsc#1202346).
   - CVE-2022-20369: Fixed possible out of bounds write due to improper input
     validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
   - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed
     unprivileged local users to crash the machine (bnc#1202897).
   - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
   - CVE-2022-26373: Fixed non-transparent sharing of return predictor
     targets between contexts in some Intel Processors (bnc#1201726).
   - CVE-2022-2639: Fixed an integer coercion error that was found in the
     openvswitch kernel module (bnc#1202154).
   - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where
     the message handling could be confused and incorrectly matches the
     message (bnc#1202097).
   - CVE-2022-2977: Fixed reference counting for struct tpm_chip
     (bsc#1202672).
   - CVE-2022-3028: Fixed race condition that was found in the IP framework
     for transforming packets (XFRM subsystem) (bnc#1202898).
   - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
     net/xfrm/xfrm_policy.c where a refcount could be dropped twice
     (bnc#1201948).
   - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
     a device driver can free a page while it still has stale TLB entries
     (bnc#1203107).

   The following non-security bugs were fixed:

   - cifs: fix error paths in cifs_tree_connect() (bsc#1177440).
   - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share
     (bsc#1188944).
   - cifs: report error instead of invalid when revalidating a dentry fails
     (bsc#1177440).
   - cifs: skip trailing separators of prefix paths (bsc#1188944).
   - kernel-obs-build: include qemu_fw_cfg (boo#1201705)
   - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
     ZDI-CAN-17325).
   - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes,
     bsc#1203098).
   - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
     (git-fixes, bsc#1203098).
   - net_sched: cls_route: disallow handle of 0 (bsc#1202393).
   - objtool: Add --backtrace support (bsc#1202396).
   - objtool: Add relocation check for alternative sections (bsc#1202396).
   - objtool: Add support for intra-function calls (bsc#1202396).
   - objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
   - objtool: Clean instruction state before each function validation
     (bsc#1169514).
   - objtool: Convert insn type to enum (bsc#1202396).
   - objtool: Do not use ignore flag for fake jumps (bsc#1202396).
   - objtool: Fix !CFI insn_state propagation (bsc#1202396).
   - objtool: Fix ORC vs alternatives (bsc#1202396).
   - objtool: Fix sibling call detection (bsc#1202396).
   - objtool: Fix switch table detection in .text.unlikely (bsc#1202396).
   - objtool: Ignore empty alternatives (bsc#1169514).
   - objtool: Make BP scratch register warning more robust (bsc#1202396).
   - objtool: Make handle_insn_ops() unconditional (bsc#1202396).
   - objtool: Remove INSN_STACK (bsc#1202396).
   - objtool: Remove check preventing branches within alternative
     (bsc#1202396).
   - objtool: Rename elf_open() to prevent conflict with libelf from
     elftoolchain (bsc#1202396).
   - objtool: Rename struct cfi_state (bsc#1202396).
   - objtool: Rework allocating stack_ops on decode (bsc#1202396).
   - objtool: Rewrite alt->skip_orig (bsc#1202396).
   - objtool: Set insn->func for alternatives (bsc#1202396).
   - objtool: Support conditional retpolines (bsc#1202396).
   - objtool: Support multiple stack_op per instruction (bsc#1202396).
   - objtool: Track original function across branches (bsc#1202396).
   - objtool: Uniquely identify alternative instruction groups (bsc#1202396).
   - objtool: Use Elf_Scn typedef instead of assuming struct name
     (bsc#1202396).
   - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3291=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3291=1

   - SUSE Linux Enterprise Module for Live Patching 15:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3291=1

      Please note that this is the initial kernel livepatch without fixes
      itself, this livepatch package is later updated by seperate standalone
      livepatch updates.

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3291=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3291=1

   - SUSE Linux Enterprise High Availability 15:

      zypper in -t patch SUSE-SLE-Product-HA-15-2022-3291=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      kernel-default-4.12.14-150000.150.101.1
      kernel-default-base-4.12.14-150000.150.101.1
      kernel-default-debuginfo-4.12.14-150000.150.101.1
      kernel-default-debugsource-4.12.14-150000.150.101.1
      kernel-default-devel-4.12.14-150000.150.101.1
      kernel-default-devel-debuginfo-4.12.14-150000.150.101.1
      kernel-obs-build-4.12.14-150000.150.101.1
      kernel-obs-build-debugsource-4.12.14-150000.150.101.1
      kernel-syms-4.12.14-150000.150.101.1
      kernel-vanilla-base-4.12.14-150000.150.101.1
      kernel-vanilla-base-debuginfo-4.12.14-150000.150.101.1
      kernel-vanilla-debuginfo-4.12.14-150000.150.101.1
      kernel-vanilla-debugsource-4.12.14-150000.150.101.1
      reiserfs-kmp-default-4.12.14-150000.150.101.1
      reiserfs-kmp-default-debuginfo-4.12.14-150000.150.101.1

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      kernel-devel-4.12.14-150000.150.101.1
      kernel-docs-4.12.14-150000.150.101.1
      kernel-macros-4.12.14-150000.150.101.1
      kernel-source-4.12.14-150000.150.101.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      kernel-default-4.12.14-150000.150.101.1
      kernel-default-base-4.12.14-150000.150.101.1
      kernel-default-debuginfo-4.12.14-150000.150.101.1
      kernel-default-debugsource-4.12.14-150000.150.101.1
      kernel-default-devel-4.12.14-150000.150.101.1
      kernel-default-devel-debuginfo-4.12.14-150000.150.101.1
      kernel-obs-build-4.12.14-150000.150.101.1
      kernel-obs-build-debugsource-4.12.14-150000.150.101.1
      kernel-syms-4.12.14-150000.150.101.1
      kernel-vanilla-base-4.12.14-150000.150.101.1
      kernel-vanilla-base-debuginfo-4.12.14-150000.150.101.1
      kernel-vanilla-debuginfo-4.12.14-150000.150.101.1
      kernel-vanilla-debugsource-4.12.14-150000.150.101.1
      reiserfs-kmp-default-4.12.14-150000.150.101.1
      reiserfs-kmp-default-debuginfo-4.12.14-150000.150.101.1

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      kernel-devel-4.12.14-150000.150.101.1
      kernel-docs-4.12.14-150000.150.101.1
      kernel-macros-4.12.14-150000.150.101.1
      kernel-source-4.12.14-150000.150.101.1

   - SUSE Linux Enterprise Server 15-LTSS (s390x):

      kernel-default-man-4.12.14-150000.150.101.1
      kernel-zfcpdump-debuginfo-4.12.14-150000.150.101.1
      kernel-zfcpdump-debugsource-4.12.14-150000.150.101.1

   - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-150000.150.101.1
      kernel-default-debugsource-4.12.14-150000.150.101.1
      kernel-default-livepatch-4.12.14-150000.150.101.1
      kernel-livepatch-4_12_14-150000_150_101-default-1-150000.1.3.1
      kernel-livepatch-4_12_14-150000_150_101-default-debuginfo-1-150000.1.3.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      kernel-default-4.12.14-150000.150.101.1
      kernel-default-base-4.12.14-150000.150.101.1
      kernel-default-debuginfo-4.12.14-150000.150.101.1
      kernel-default-debugsource-4.12.14-150000.150.101.1
      kernel-default-devel-4.12.14-150000.150.101.1
      kernel-default-devel-debuginfo-4.12.14-150000.150.101.1
      kernel-obs-build-4.12.14-150000.150.101.1
      kernel-obs-build-debugsource-4.12.14-150000.150.101.1
      kernel-syms-4.12.14-150000.150.101.1
      kernel-vanilla-base-4.12.14-150000.150.101.1
      kernel-vanilla-base-debuginfo-4.12.14-150000.150.101.1
      kernel-vanilla-debuginfo-4.12.14-150000.150.101.1
      kernel-vanilla-debugsource-4.12.14-150000.150.101.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      kernel-devel-4.12.14-150000.150.101.1
      kernel-docs-4.12.14-150000.150.101.1
      kernel-macros-4.12.14-150000.150.101.1
      kernel-source-4.12.14-150000.150.101.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      kernel-default-4.12.14-150000.150.101.1
      kernel-default-base-4.12.14-150000.150.101.1
      kernel-default-debuginfo-4.12.14-150000.150.101.1
      kernel-default-debugsource-4.12.14-150000.150.101.1
      kernel-default-devel-4.12.14-150000.150.101.1
      kernel-default-devel-debuginfo-4.12.14-150000.150.101.1
      kernel-obs-build-4.12.14-150000.150.101.1
      kernel-obs-build-debugsource-4.12.14-150000.150.101.1
      kernel-syms-4.12.14-150000.150.101.1
      kernel-vanilla-base-4.12.14-150000.150.101.1
      kernel-vanilla-base-debuginfo-4.12.14-150000.150.101.1
      kernel-vanilla-debuginfo-4.12.14-150000.150.101.1
      kernel-vanilla-debugsource-4.12.14-150000.150.101.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      kernel-devel-4.12.14-150000.150.101.1
      kernel-docs-4.12.14-150000.150.101.1
      kernel-macros-4.12.14-150000.150.101.1
      kernel-source-4.12.14-150000.150.101.1

   - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-150000.150.101.1
      cluster-md-kmp-default-debuginfo-4.12.14-150000.150.101.1
      dlm-kmp-default-4.12.14-150000.150.101.1
      dlm-kmp-default-debuginfo-4.12.14-150000.150.101.1
      gfs2-kmp-default-4.12.14-150000.150.101.1
      gfs2-kmp-default-debuginfo-4.12.14-150000.150.101.1
      kernel-default-debuginfo-4.12.14-150000.150.101.1
      kernel-default-debugsource-4.12.14-150000.150.101.1
      ocfs2-kmp-default-4.12.14-150000.150.101.1
      ocfs2-kmp-default-debuginfo-4.12.14-150000.150.101.1


References:

   https://www.suse.com/security/cve/CVE-2020-36516.html
   https://www.suse.com/security/cve/CVE-2021-4203.html
   https://www.suse.com/security/cve/CVE-2022-20368.html
   https://www.suse.com/security/cve/CVE-2022-20369.html
   https://www.suse.com/security/cve/CVE-2022-21385.html
   https://www.suse.com/security/cve/CVE-2022-2588.html
   https://www.suse.com/security/cve/CVE-2022-26373.html
   https://www.suse.com/security/cve/CVE-2022-2639.html
   https://www.suse.com/security/cve/CVE-2022-2663.html
   https://www.suse.com/security/cve/CVE-2022-2977.html
   https://www.suse.com/security/cve/CVE-2022-3028.html
   https://www.suse.com/security/cve/CVE-2022-36879.html
   https://www.suse.com/security/cve/CVE-2022-39188.html
   https://bugzilla.suse.com/1169514
   https://bugzilla.suse.com/1177440
   https://bugzilla.suse.com/1188944
   https://bugzilla.suse.com/1191881
   https://bugzilla.suse.com/1194535
   https://bugzilla.suse.com/1196616
   https://bugzilla.suse.com/1201019
   https://bugzilla.suse.com/1201420
   https://bugzilla.suse.com/1201705
   https://bugzilla.suse.com/1201726
   https://bugzilla.suse.com/1201948
   https://bugzilla.suse.com/1202096
   https://bugzilla.suse.com/1202097
   https://bugzilla.suse.com/1202154
   https://bugzilla.suse.com/1202346
   https://bugzilla.suse.com/1202347
   https://bugzilla.suse.com/1202393
   https://bugzilla.suse.com/1202396
   https://bugzilla.suse.com/1202672
   https://bugzilla.suse.com/1202897
   https://bugzilla.suse.com/1202898
   https://bugzilla.suse.com/1203098
   https://bugzilla.suse.com/1203107

SUSE: 2022:3291-1 important: the Linux Kernel

September 16, 2022
An update that solves 13 vulnerabilities and has 10 fixes is now available

Summary

The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed possible out of bounds write due to improper input validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). The following non-security bugs were fixed: - cifs: fix error paths in cifs_tree_connect() (bsc#1177440). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: skip trailing separators of prefix paths (bsc#1188944). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - objtool: Add --backtrace support (bsc#1202396). - objtool: Add relocation check for alternative sections (bsc#1202396). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Allow no-op CFI ops in alternatives (bsc#1202396). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Convert insn type to enum (bsc#1202396). - objtool: Do not use ignore flag for fake jumps (bsc#1202396). - objtool: Fix !CFI insn_state propagation (bsc#1202396). - objtool: Fix ORC vs alternatives (bsc#1202396). - objtool: Fix sibling call detection (bsc#1202396). - objtool: Fix switch table detection in .text.unlikely (bsc#1202396). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Remove check preventing branches within alternative (bsc#1202396). - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396). - objtool: Rename struct cfi_state (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Rewrite alt->skip_orig (bsc#1202396). - objtool: Set insn->func for alternatives (bsc#1202396). - objtool: Support conditional retpolines (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - objtool: Track original function across branches (bsc#1202396). - objtool: Uniquely identify alternative instruction groups (bsc#1202396). - objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396). - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).

References

#1169514 #1177440 #1188944 #1191881 #1194535

#1196616 #1201019 #1201420 #1201705 #1201726

#1201948 #1202096 #1202097 #1202154 #1202346

#1202347 #1202393 #1202396 #1202672 #1202897

#1202898 #1203098 #1203107

Cross- CVE-2020-36516 CVE-2021-4203 CVE-2022-20368

CVE-2022-20369 CVE-2022-21385 CVE-2022-2588

CVE-2022-26373 CVE-2022-2639 CVE-2022-2663

CVE-2022-2977 CVE-2022-3028 CVE-2022-36879

CVE-2022-39188

CVSS scores:

CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L

CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise High Availability 15

SUSE Linux Enterprise High Performance Computing 15

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Module for Live Patching 15

SUSE Linux Enterprise Server 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server for SAP Applications 15

https://www.suse.com/security/cve/CVE-2020-36516.html

https://www.suse.com/security/cve/CVE-2021-4203.html

https://www.suse.com/security/cve/CVE-2022-20368.html

https://www.suse.com/security/cve/CVE-2022-20369.html

https://www.suse.com/security/cve/CVE-2022-21385.html

https://www.suse.com/security/cve/CVE-2022-2588.html

https://www.suse.com/security/cve/CVE-2022-26373.html

https://www.suse.com/security/cve/CVE-2022-2639.html

https://www.suse.com/security/cve/CVE-2022-2663.html

https://www.suse.com/security/cve/CVE-2022-2977.html

https://www.suse.com/security/cve/CVE-2022-3028.html

https://www.suse.com/security/cve/CVE-2022-36879.html

https://www.suse.com/security/cve/CVE-2022-39188.html

https://bugzilla.suse.com/1169514

https://bugzilla.suse.com/1177440

https://bugzilla.suse.com/1188944

https://bugzilla.suse.com/1191881

https://bugzilla.suse.com/1194535

https://bugzilla.suse.com/1196616

https://bugzilla.suse.com/1201019

https://bugzilla.suse.com/1201420

https://bugzilla.suse.com/1201705

https://bugzilla.suse.com/1201726

https://bugzilla.suse.com/1201948

https://bugzilla.suse.com/1202096

https://bugzilla.suse.com/1202097

https://bugzilla.suse.com/1202154

https://bugzilla.suse.com/1202346

https://bugzilla.suse.com/1202347

https://bugzilla.suse.com/1202393

https://bugzilla.suse.com/1202396

https://bugzilla.suse.com/1202672

https://bugzilla.suse.com/1202897

https://bugzilla.suse.com/1202898

https://bugzilla.suse.com/1203098

https://bugzilla.suse.com/1203107

Severity
Announcement ID: SUSE-SU-2022:3291-1
Rating: important

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.