SUSE: 2022:4566-1 important: the Linux Kernel | LinuxSecurity.com

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:4566-1
Rating:             important
References:         #1065729 #1071995 #1106594 #1156395 #1164051 
                    #1184350 #1199365 #1200845 #1201455 #1203183 
                    #1203746 #1203860 #1203960 #1204017 #1204142 
                    #1204414 #1204446 #1204631 #1204636 #1204810 
                    #1204850 #1204868 #1204963 #1205006 #1205128 
                    #1205130 #1205220 #1205234 #1205264 #1205473 
                    #1205514 #1205617 #1205671 #1205705 #1205709 
                    #1205796 #1205901 #1205902 #1205903 #1205904 
                    #1205905 #1205906 #1205907 #1205908 #1206032 
                    #1206037 #1206113 #1206114 #1206117 #1206118 
                    #1206119 #1206120 #1206207 #1206213 
Cross-References:   CVE-2022-28693 CVE-2022-3567 CVE-2022-3628
                    CVE-2022-3635 CVE-2022-3643 CVE-2022-3903
                    CVE-2022-4095 CVE-2022-41850 CVE-2022-41858
                    CVE-2022-42328 CVE-2022-42329 CVE-2022-42895
                    CVE-2022-42896 CVE-2022-4378 CVE-2022-43945
                    CVE-2022-45934
CVSS scores:
                    CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
                    CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
                    CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
                    CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise Desktop 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
                    SUSE Linux Enterprise High Performance Computing 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP Applications 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________

   An update that solves 16 vulnerabilities and has 38 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:


   - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
   - CVE-2022-42328: Guests could trigger denial of service via the netback
     driver (bsc#1206114).
   - CVE-2022-42329: Guests could trigger denial of service via the netback
     driver (bsc#1206113).
   - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via
     netback driver (bsc#1206113).
   - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file
     drivers/atm/idt77252.c (bsc#1204631).
   - CVE-2022-41850: Fixed a race condition in roccat_report_event() in
     drivers/hid/hid-roccat.c (bsc#1203960).
   - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
     l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
   - CVE-2022-3628: Fixed potential buffer overflow in
     brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
   - CVE-2022-3567: Fixed a to race condition in
     inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
   - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in
     drivers/net/slip (bsc#1205671).
   - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation
     (bsc#1205128).
   - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
   - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver
     USB driver (bsc#1205220).
   - CVE-2022-42895: Fixed an information leak in the
     net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
     leak kernel pointers remotely (bsc#1205705).
   - CVE-2022-42896: Fixed a use-after-free vulnerability in the
     net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()
     which may have allowed code execution and leaking kernel memory
     (respectively) remotely via Bluetooth (bsc#1205709).

   The following non-security bugs were fixed:

   - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
   - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus
     hardening (bsc#1204017, bsc#1205617).
   - Drivers: hv: vmbus: Drop error message when 'No request id available'
     (bsc#1204017).
   - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero
     (bsc#1204017).
   - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
   - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017,
     bsc#1205617).
   - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017,
     bsc#1205617).
   - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017,
     bsc#1205617).
   - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017).
   - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
     (git-fixes).
   - Drivers: hv: vmbus: fix double free in the error path of
     vmbus_add_channel_work() (git-fixes).
   - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
     (git-fixes).
   - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
     (git-fixes).
   - FDDI: defxx: Make MMIO the configuration default except for EISA
     (git-fixes).
   - KVM: s390: Add a routine for setting userspace CPU state (git-fixes).
   - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
   - KVM: s390: Fix handle_sske page fault handling (git-fixes).
   - KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
   - KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
     (git-fixes).
   - KVM: s390: reduce number of IO pins to 1 (git-fixes).
   - KVM: s390: split kvm_s390_logical_to_effective (git-fixes).
   - KVM: s390: split kvm_s390_real_to_abs (git-fixes).
   - KVM: s390x: fix SCK locking (git-fixes).
   - NIU: fix incorrect error return, missed in previous revert (git-fixes).
   - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv()
     (bsc#1204446).
   - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017).
   - PCI: hv: Drop msi_controller structure (bsc#1204446).
   - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
     topology (bsc#1199365).
   - PCI: hv: Fix a race condition when removing the device (bsc#1204446).
   - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
   - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
   - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
   - PCI: hv: Fix sleep while in non-sleep context when removing child
     devices from the bus (bsc#1204446).
   - PCI: hv: Fix synchronization between channel callback and
     hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617).
   - PCI: hv: Fix synchronization between channel callback and
     hv_pci_bus_exit() (bsc#1204017, bsc#1205617).
   - PCI: hv: Fix the definition of vector in hv_compose_msi_msg()
     (bsc#1200845).
   - PCI: hv: Make the code arch neutral by adding arch specific interfaces
     (bsc#1200845).
   - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
   - PCI: hv: Remove bus device removal unused refcount/functions
     (bsc#1204446).
   - PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
   - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
     (bsc#1200845).
   - PCI: hv: Support for create interrupt v3 (git-fixes).
   - PCI: hv: Use struct_size() helper (bsc#1204446).
   - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus
     hardening (bsc#1204017).
   - PM: hibernate: fix sparse warnings (git-fixes).
   - Xen/gntdev: do not ignore kernel unmapping error (git-fixes).
   - add missing bug reference to a hv_netvsc patch file (bsc#1204850).
   - always clear the X2APIC_ENABLE bit for PV guest (git-fixes).
   - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes).
   - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
   - bfq: Update cgroup information before merging bio (git-fixes).
   - blk-mq: add callback of .cleanup_rq (git-fixes).
   - blktrace: Trace remapped requests correctly (git-fixes).
   - block/bfq: fix ifdef for CONFIG_BFQ_GROUP_IOSCHED=y (git-fixes).
   - block: Add a helper to validate the block size (git-fixes).
   - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for
     nowait (git-fixes).
   - block: do not delete queue kobject before its children (git-fixes).
   - block: respect queue limit of max discard segment (git-fixes).
   - block: rsxx: select CONFIG_CRC32 (git-fixes).
   - block: use "unsigned long" for blk_validate_block_size() (git-fixes).
   - bnxt_en: Clean up completion ring page arrays completely (git-fixes).
   - bnxt_en: Do not use static arrays for completion ring pages (git-fixes).
   - bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S
     (git-fixes).
   - bnxt_en: Fix TX timeout when TX ring size is set to the smallest
     (git-fixes).
   - bnxt_en: Free context memory after disabling PCI in probe error path
     (git-fixes).
   - bnxt_en: Increase maximum RX ring size if jumbo ring is not used
     (git-fixes).
   - brd: re-enable __GFP_HIGHMEM in brd_insert_page() (git-fixes).
   - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
   - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
     state notification (git-fixes).
   - can: rcar_can: fix suspend/resume (git-fixes).
   - ceph: check availability of mds cluster on mount after wait timeout
     (bsc#1205903).
   - ceph: do not skip updating wanted caps when cap is stale (bsc#1205905).
   - ceph: fix fscache invalidation (bsc#1205907).
   - ceph: fix potential race in ceph_check_caps (bsc#1205906).
   - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205908).
   - ceph: return -EINVAL if given fsc mount option on kernel w/o support
     (bsc#1205902).
   - ceph: return -ERANGE if virtual xattr value didn't fit in buffer
     (bsc#1205901).
   - ceph: return ceph_mdsc_do_request() errors from __get_parent()
     (bsc#1205904).
   - cuse: prevent clone (bsc#1206120).
   - cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
   - dm era: commit metadata in postsuspend after worker stops (git-fixes).
   - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
   - dm mpath: remove harmful bio-based optimization (git-fixes).
   - dm raid: fix accesses beyond end of raid member array (git-fixes).
   - dm raid: fix address sanitizer warning in raid_resume (git-fixes).
   - dm raid: fix address sanitizer warning in raid_status (git-fixes).
   - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
     (git-fixes).
   - dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
   - e100: fix buffer overrun in e100_get_regs (git-fixes).
   - e100: fix length calculation in e100_get_regs_len (git-fixes).
   - floppy: Fix hang in watchdog when disk is ejected (git-fixes).
   - ftrace: Fix char print issue in print_ip_ins() (git-fixes).
   - ftrace: Fix the possible incorrect kernel message (git-fixes).
   - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
   - ftrace: Optimize the allocation for mcount entries (git-fixes).
   - fuse: do not check refcount after stealing page (bsc#1206119).
   - fuse: retrieve: cap requested size to negotiated max_write (bsc#1206118).
   - fuse: use READ_ONCE on congestion_threshold and max_background
     (bsc#1206117).
   - gianfar: Disable EEE autoneg by default (git-fixes).
   - hv_netvsc: Add check for kvmalloc_array (git-fixes).
   - hv_netvsc: Add error handling while switching data path (bsc#1204850).
   - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017).
   - hv_netvsc: Cache the current data path to avoid duplicate call and
     message (bsc#1204017).
   - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017).
   - hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes).
   - hv_netvsc: Fix race between VF offering and VF association message from
     host (git-fixes).
   - hv_netvsc: Print value of invalid ID in
     netvsc_send_{completion,tx_complete}() (bsc#1204017).
   - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
   - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt
     (bsc#1204017).
   - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive()
     (bsc#1204017).
   - hv_netvsc: Sync offloading features to VF NIC (git-fixes).
   - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus
     hardening (bsc#1204017).
   - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
   - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
   - i40e: Fix kernel crash during module removal (git-fixes).
   - i40e: Fix reset path while removing the driver (git-fixes).
   - i40e: fix endless loop under rtnl (git-fixes).
   - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
   - ice: Increase control queue timeout (git-fixes).
   - igb: Fix position of assignment to *ring (git-fixes).
   - igc: Fix use-after-free error during reset (git-fixes).
   - igc: change default return of igc_read_phy_reg() (git-fixes).
   - ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
   - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes).
   - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
   - kprobes/x86/xen: blacklist non-attachable xen interrupt functions
     (git-fixes).
   - livepatch: Add a missing newline character in klp_module_coming()
     (bsc#1071995).
   - livepatch: fix race between fork and KLP transition (bsc#1071995).
   - macsec: check return value of skb_to_sgvec always (git-fixes).
   - macsec: fix memory leaks when skb_to_sgvec fails (git-fixes).
   - md/raid5: Ensure stripe_fill happens on non-read IO with journal
     (git-fixes).
   - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
   - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
     (git-fixes).
   - media: ite-cir: IR receiver stop working after receive overflow
     (git-fixes).
   - media: mceusb: RX -EPIPE (urb status = -32) lockup failure fix
     (git-fixes).
   - media: mceusb: TX -EPIPE (urb status = -32) lockup fix (git-fixes).
   - media: mceusb: do not read data parameters unless required (git-fixes).
   - media: mceusb: fix inaccurate debug buffer dumps, and misleading debug
     messages (git-fixes).
   - media: mceusb: sanity check for prescaler value (git-fixes).
   - media: mceusb: sporadic RX truncation corruption fix (git-fixes).
   - mm, swap, frontswap: fix THP swap if frontswap enabled (git-fixes).
   - module: change to print useful messages from elf_validity_check()
     (git-fixes).
   - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
   - module: harden ELF info handling (git-fixes).
   - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes).
   - nbd: do not update block size after device is started (git-fixes).
   - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode
     (git-fixes).
   - net/mlx5: Fix flow table chaining (git-fixes).
   - net/mlx5e: Fix endianness handling in pedit mask (git-fixes).
   - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
   - net: aquantia: Fix actual speed capabilities reporting (git-fixes).
   - net: bcmgenet: Ensure all TX/RX queues DMAs are disabled (git-fixes).
   - net: ethernet: arc: fix error handling in emac_rockchip_probe
     (git-fixes).
   - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and
     allmulti disabled (git-fixes).
   - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit (git-fixes).
   - net: hns3: add limit ets dwrr bandwidth cannot be 0 (git-fixes).
   - net: hns3: check vlan id before using it (git-fixes).
   - net: hns3: disable sriov before unload hclge layer (git-fixes).
   - net: hns3: do not allow call hns3_nic_net_open repeatedly (git-fixes).
   - net: hns3: fix change RSS 'hfunc' ineffective issue (git-fixes).
   - net: hns3: fix kernel crash when unload VF while it is being reset
     (git-fixes).
   - net: hns3: reset DWRR of unused tc to zero (git-fixes).
   - net: hyperv: remove use of bpf_op_t (git-fixes).
   - net: ieee802154: adf7242: Fix bug if defined DEBUG (git-fixes).
   - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
   - net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
   - net: mdiobus: Fix memory leak in __mdiobus_register (git-fixes).
   - net: moxa: fix UAF in moxart_mac_probe (git-fixes).
   - net: natsemi: Fix missing pci_disable_device() in probe and remove
     (git-fixes).
   - net: netvsc: remove break after return (git-fixes).
   - net: nxp: lpc_eth.c: avoid hang when bringing interface down (git-fixes).
   - net: qcom/emac: fix UAF in emac_remove (git-fixes).
   - net: smsc911x: Fix unload crash when link is up (git-fixes).
   - net: ti: fix UAF in tlan_remove_one (git-fixes).
   - net: xen-netback: fix return type of ndo_start_xmit function (git-fixes).
   - nfsd: set the server_scope during service startup (bsc#1203746).
   - null_blk: Fix the null_add_dev() error path (git-fixes).
   - null_blk: fix ida error handling in null_add_dev() (git-fixes).
   - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes).
   - panic, kexec: make __crash_kexec() NMI safe (git-fixes).
   - phy: mdio: fix memory leak (git-fixes).
   - ptp: dp83640: do not define PAGE0 (git-fixes).
   - qed: Fix missing error code in qed_slowpath_start() (git-fixes).
   - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
   - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
   - ring-buffer: Allow splice to read previous partially read pages
     (git-fixes).
   - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()
     (git-fixes).
   - ring-buffer: Check pending waiters when doing wake ups as well
     (git-fixes).
   - ring-buffer: Fix race between reset page and reading page (git-fixes).
   - ring_buffer: Do not deactivate non-existant pages (git-fixes).
   - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
   - s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes).
   - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
   - s390/cpcmd: fix inline assembly register clobbering (git-fixes).
   - s390/crash: fix incorrect number of bytes to copy to user space
     (git-fixes).
   - s390/crash: make copy_oldmem_page() return number of bytes copied
     (git-fixes).
   - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
   - s390/ctcm: fix potential memory leak (git-fixes).
   - s390/ctcm: fix variable dereferenced before check (git-fixes).
   - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
     (git-fixes).
   - s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
     (git-fixes).
   - s390/lcs: fix variable dereferenced before check (git-fixes).
   - s390/mcck: fix invalid KVM guest condition check (git-fixes).
   - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag
     (git-fixes).
   - s390/mm: use non-quiescing sske for KVM switch to keyed guest
     (git-fixes).
   - s390/module: fix loading modules with a lot of relocations (git-fixes).
   - s390/nmi: handle guarded storage validity failures for KVM guests
     (git-fixes).
   - s390/nmi: handle vector validity failures for KVM guests (git-fixes).
   - s390/pci: add missing EX_TABLE entries to
     __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
   - s390/pkey: fix paes selftest failure with paes and pkey static build
     (git-fixes).
   - s390/pv: fix the forcing of the swiotlb (git-fixes).
   - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
   - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
   - s390/qeth: Fix deadlock in remove_discipline (bsc#1206213 LTC#200742).
   - s390/qeth: Fix error handling during VNICC initialization (git-fixes).
   - s390/qeth: Fix initialization of vnicc cmd masks during set online
     (git-fixes).
   - s390/qeth: Fix vnicc_is_in_use if rx_bcast not set (git-fixes).
   - s390/qeth: do not defer close_dev work during recovery (bsc#1206213
     LTC#200742).
   - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
   - s390/qeth: fix deadlock during failing recovery (bsc#1206213 LTC#200742).
   - s390/qeth: fix false reporting of VNIC CHAR config failure (git-fixes).
   - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
   - s390/qeth: fix notification for pending buffers during teardown
     (git-fixes).
   - s390/qeth: remove driver-wide workqueue (bsc#1206213 LTC#200742).
   - s390/qeth: vnicc Fix EOPNOTSUPP precedence (git-fixes).
   - s390/qeth: vnicc Fix init to default (git-fixes).
   - s390/uaccess: add missing EX_TABLE entries to __clear_user(),
     copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and
     __strnlen_user() (git-fixes).
   - s390/zcore: fix race when reading from hardware system area (git-fixes).
   - s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
   - s390: appldata depends on PROC_SYSCTL (git-fixes).
   - s390: define get_cycles macro for arch-override (git-fixes).
   - s390: fix nospec table alignments (git-fixes).
   - sbitmap: fix possible io hung due to lost wakeup (git-fixes).
   - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes).
   - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729).
   - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
   - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
     (git-fixes).
   - scsi: lpfc: Rework MIB Rx Monitor debug info logic (git-fixes).
   - scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
   - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
   - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds
     (bsc#1204963).
   - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
   - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer
     (bsc#1204017).
   - scsi: storvsc: Fix validation for unsolicited incoming packets
     (bsc#1204017).
   - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
   - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
   - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs
     (bsc#1204017).
   - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus
     hardening (bsc#1204017).
   - scsi: storvsc: Validate length of incoming packet in
     storvsc_on_channel_callback() (bsc#1204017).
   - scsi: zfcp: Fix double free of FSF request when qdio send fails
     (git-fixes).
   - scsi: zfcp: Fix missing auto port scan and thus missing target ports
     (git-fixes).
   - selftests/livepatch: better synchronize test_klp_callbacks_busy
     (bsc#1071995).
   - sfp: fix RX_LOS signal handling (git-fixes).
   - sis900: Fix missing pci_disable_device() in probe and remove (git-fixes).
   - sunrpc: Re-purpose trace_svc_process (bsc#1205006).
   - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
   - tracing: Disable interrupt or preemption before acquiring
     arch_spinlock_t (git-fixes).
   - tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
   - tracing: Simplify conditional compilation code in tracing_set_tracer()
     (git-fixes).
   - tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
   - tracing: Wake up waiters when tracing is disabled (git-fixes).
   - tulip: windbond-840: Fix missing pci_disable_device() in probe and
     remove (git-fixes).
   - usb: chipidea: udc: check request status before setting device address
     (git-fixes).
   - usb: musb: Fix suspend with devices connected for a64 (git-fixes).
   - vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
   - vfio: ccw: fix error return in vfio_ccw_sch_event (git-fixes).
   - virtio-blk: Use blk_validate_block_size() to validate block size
     (git-fixes).
   - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
   - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes).
   - virtio_net: move tx vq operation under tx queue lock (git-fixes).
   - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes).
   - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from
     S3 (bsc#1206037).
   - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
   - x86/hyperv: Output host build info as normal Windows version number
     (git-fixes).
   - x86/hyperv: Set pv_info.name to "Hyper-V" (git-fixes).
   - x86/microcode/AMD: Apply the patch early on every logical thread
     (bsc#1205264).
   - x86/xen: Distribute switch variables for initialization (git-fixes).
   - x86/xen: Return from panic notifier (git-fixes).
   - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes).
   - xen-blkback: prevent premature module unload (git-fixes).
   - xen-netback: correct success/error reporting for the SKB-with-fraglist
     case (git-fixes).
   - xen-netfront: remove warning when unloading module (git-fixes).
   - xen/balloon: fix balloon initialization for PVH Dom0 (git-fixes).
   - xen/balloon: fix balloon kthread freezing (git-fixes).
   - xen/balloon: fix ballooned page accounting without hotplug enabled
     (git-fixes).
   - xen/balloon: fix cancelled balloon action (git-fixes).
   - xen/balloon: use a kernel thread instead a workqueue (git-fixes).
   - xen/blkback: fix memory leaks (git-fixes).
   - xen/efi: Set nonblocking callbacks (git-fixes).
   - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
   - xen/gntdev: Fix off-by-one error when unmapping with holes (git-fixes).
   - xen/gntdev: Fix partial gntdev_mmap() cleanup (git-fixes).
   - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
   - xen/gntdev: Prevent leaking grants (git-fixes).
   - xen/grant-table: Use put_page instead of free_page (git-fixes).
   - xen/pciback: Check dev_data before using it (git-fixes).
   - xen/pciback: remove set but not used variable 'old_state' (git-fixes).
   - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
   - xen/scsiback: add error handling for xenbus_printf (git-fixes).
   - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
   - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
     (git-fixes).
   - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
   - xen: Fix event channel callback via INTX/GSI (git-fixes).
   - xen: XEN_ACPI_PROCESSOR is Dom0-only (git-fixes).
   - xen: add error handling for xenbus_printf (git-fixes).
   - xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
   - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
     (git-fixes).
   - xen: xenbus: use put_device() instead of kfree() (git-fixes).
   - xenbus: req->body should be updated before req->state (git-fixes).
   - xenbus: req->err should be updated before req->state (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2022-4566=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4566=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4566=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4566=1

      Please note that this is the initial kernel livepatch without fixes
      itself, this livepatch package is later updated by seperate standalone
      livepatch updates.

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2022-4566=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.144.1
      kernel-default-debugsource-4.12.14-122.144.1
      kernel-default-extra-4.12.14-122.144.1
      kernel-default-extra-debuginfo-4.12.14-122.144.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.144.1
      kernel-obs-build-debugsource-4.12.14-122.144.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.144.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.144.1
      kernel-default-base-4.12.14-122.144.1
      kernel-default-base-debuginfo-4.12.14-122.144.1
      kernel-default-debuginfo-4.12.14-122.144.1
      kernel-default-debugsource-4.12.14-122.144.1
      kernel-default-devel-4.12.14-122.144.1
      kernel-syms-4.12.14-122.144.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.144.1
      kernel-macros-4.12.14-122.144.1
      kernel-source-4.12.14-122.144.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.144.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.144.1

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.144.1
      kernel-default-debugsource-4.12.14-122.144.1
      kernel-default-kgraft-4.12.14-122.144.1
      kernel-default-kgraft-devel-4.12.14-122.144.1
      kgraft-patch-4_12_14-122_144-default-1-8.5.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.144.1
      cluster-md-kmp-default-debuginfo-4.12.14-122.144.1
      dlm-kmp-default-4.12.14-122.144.1
      dlm-kmp-default-debuginfo-4.12.14-122.144.1
      gfs2-kmp-default-4.12.14-122.144.1
      gfs2-kmp-default-debuginfo-4.12.14-122.144.1
      kernel-default-debuginfo-4.12.14-122.144.1
      kernel-default-debugsource-4.12.14-122.144.1
      ocfs2-kmp-default-4.12.14-122.144.1
      ocfs2-kmp-default-debuginfo-4.12.14-122.144.1


References:

   https://www.suse.com/security/cve/CVE-2022-28693.html
   https://www.suse.com/security/cve/CVE-2022-3567.html
   https://www.suse.com/security/cve/CVE-2022-3628.html
   https://www.suse.com/security/cve/CVE-2022-3635.html
   https://www.suse.com/security/cve/CVE-2022-3643.html
   https://www.suse.com/security/cve/CVE-2022-3903.html
   https://www.suse.com/security/cve/CVE-2022-4095.html
   https://www.suse.com/security/cve/CVE-2022-41850.html
   https://www.suse.com/security/cve/CVE-2022-41858.html
   https://www.suse.com/security/cve/CVE-2022-42328.html
   https://www.suse.com/security/cve/CVE-2022-42329.html
   https://www.suse.com/security/cve/CVE-2022-42895.html
   https://www.suse.com/security/cve/CVE-2022-42896.html
   https://www.suse.com/security/cve/CVE-2022-4378.html
   https://www.suse.com/security/cve/CVE-2022-43945.html
   https://www.suse.com/security/cve/CVE-2022-45934.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1106594
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1164051
   https://bugzilla.suse.com/1184350
   https://bugzilla.suse.com/1199365
   https://bugzilla.suse.com/1200845
   https://bugzilla.suse.com/1201455
   https://bugzilla.suse.com/1203183
   https://bugzilla.suse.com/1203746
   https://bugzilla.suse.com/1203860
   https://bugzilla.suse.com/1203960
   https://bugzilla.suse.com/1204017
   https://bugzilla.suse.com/1204142
   https://bugzilla.suse.com/1204414
   https://bugzilla.suse.com/1204446
   https://bugzilla.suse.com/1204631
   https://bugzilla.suse.com/1204636
   https://bugzilla.suse.com/1204810
   https://bugzilla.suse.com/1204850
   https://bugzilla.suse.com/1204868
   https://bugzilla.suse.com/1204963
   https://bugzilla.suse.com/1205006
   https://bugzilla.suse.com/1205128
   https://bugzilla.suse.com/1205130
   https://bugzilla.suse.com/1205220
   https://bugzilla.suse.com/1205234
   https://bugzilla.suse.com/1205264
   https://bugzilla.suse.com/1205473
   https://bugzilla.suse.com/1205514
   https://bugzilla.suse.com/1205617
   https://bugzilla.suse.com/1205671
   https://bugzilla.suse.com/1205705
   https://bugzilla.suse.com/1205709
   https://bugzilla.suse.com/1205796
   https://bugzilla.suse.com/1205901
   https://bugzilla.suse.com/1205902
   https://bugzilla.suse.com/1205903
   https://bugzilla.suse.com/1205904
   https://bugzilla.suse.com/1205905
   https://bugzilla.suse.com/1205906
   https://bugzilla.suse.com/1205907
   https://bugzilla.suse.com/1205908
   https://bugzilla.suse.com/1206032
   https://bugzilla.suse.com/1206037
   https://bugzilla.suse.com/1206113
   https://bugzilla.suse.com/1206114
   https://bugzilla.suse.com/1206117
   https://bugzilla.suse.com/1206118
   https://bugzilla.suse.com/1206119
   https://bugzilla.suse.com/1206120
   https://bugzilla.suse.com/1206207
   https://bugzilla.suse.com/1206213

SUSE: 2022:4566-1 important: the Linux Kernel

December 19, 2022
An update that solves 16 vulnerabilities and has 38 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). The following non-security bugs were fixed: - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - KVM: s390: split kvm_s390_logical_to_effective (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - NIU: fix incorrect error return, missed in previous revert (git-fixes). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: hv: Support for create interrupt v3 (git-fixes). - PCI: hv: Use struct_size() helper (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - PM: hibernate: fix sparse warnings (git-fixes). - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add missing bug reference to a hv_netvsc patch file (bsc#1204850). - always clear the X2APIC_ENABLE bit for PV guest (git-fixes). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - bfq: Update cgroup information before merging bio (git-fixes). - blk-mq: add callback of .cleanup_rq (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/bfq: fix ifdef for CONFIG_BFQ_GROUP_IOSCHED=y (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: do not delete queue kobject before its children (git-fixes). - block: respect queue limit of max discard segment (git-fixes). - block: rsxx: select CONFIG_CRC32 (git-fixes). - block: use "unsigned long" for blk_validate_block_size() (git-fixes). - bnxt_en: Clean up completion ring page arrays completely (git-fixes). - bnxt_en: Do not use static arrays for completion ring pages (git-fixes). - bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S (git-fixes). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bnxt_en: Free context memory after disabling PCI in probe error path (git-fixes). - bnxt_en: Increase maximum RX ring size if jumbo ring is not used (git-fixes). - brd: re-enable __GFP_HIGHMEM in brd_insert_page() (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - ceph: check availability of mds cluster on mount after wait timeout (bsc#1205903). - ceph: do not skip updating wanted caps when cap is stale (bsc#1205905). - ceph: fix fscache invalidation (bsc#1205907). - ceph: fix potential race in ceph_check_caps (bsc#1205906). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205908). - ceph: return -EINVAL if given fsc mount option on kernel w/o support (bsc#1205902). - ceph: return -ERANGE if virtual xattr value didn't fit in buffer (bsc#1205901). - ceph: return ceph_mdsc_do_request() errors from __get_parent() (bsc#1205904). - cuse: prevent clone (bsc#1206120). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: remove harmful bio-based optimization (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - floppy: Fix hang in watchdog when disk is ejected (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206119). - fuse: retrieve: cap requested size to negotiated max_write (bsc#1206118). - fuse: use READ_ONCE on congestion_threshold and max_background (bsc#1206117). - gianfar: Disable EEE autoneg by default (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017). - hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017). - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017). - hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (git-fixes). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017). - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017). - hv_netvsc: Sync offloading features to VF NIC (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - i40e: Fix kernel crash during module removal (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ice: Increase control queue timeout (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kprobes/x86/xen: blacklist non-attachable xen interrupt functions (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - macsec: check return value of skb_to_sgvec always (git-fixes). - macsec: fix memory leaks when skb_to_sgvec fails (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mceusb: RX -EPIPE (urb status = -32) lockup failure fix (git-fixes). - media: mceusb: TX -EPIPE (urb status = -32) lockup fix (git-fixes). - media: mceusb: do not read data parameters unless required (git-fixes). - media: mceusb: fix inaccurate debug buffer dumps, and misleading debug messages (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: mceusb: sporadic RX truncation corruption fix (git-fixes). - mm, swap, frontswap: fix THP swap if frontswap enabled (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - module: harden ELF info handling (git-fixes). - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - nbd: do not update block size after device is started (git-fixes). - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5e: Fix endianness handling in pedit mask (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net: aquantia: Fix actual speed capabilities reporting (git-fixes). - net: bcmgenet: Ensure all TX/RX queues DMAs are disabled (git-fixes). - net: ethernet: arc: fix error handling in emac_rockchip_probe (git-fixes). - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes). - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit (git-fixes). - net: hns3: add limit ets dwrr bandwidth cannot be 0 (git-fixes). - net: hns3: check vlan id before using it (git-fixes). - net: hns3: disable sriov before unload hclge layer (git-fixes). - net: hns3: do not allow call hns3_nic_net_open repeatedly (git-fixes). - net: hns3: fix change RSS 'hfunc' ineffective issue (git-fixes). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: hns3: reset DWRR of unused tc to zero (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: ieee802154: adf7242: Fix bug if defined DEBUG (git-fixes). - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: mdiobus: Fix memory leak in __mdiobus_register (git-fixes). - net: moxa: fix UAF in moxart_mac_probe (git-fixes). - net: natsemi: Fix missing pci_disable_device() in probe and remove (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: nxp: lpc_eth.c: avoid hang when bringing interface down (git-fixes). - net: qcom/emac: fix UAF in emac_remove (git-fixes). - net: smsc911x: Fix unload crash when link is up (git-fixes). - net: ti: fix UAF in tlan_remove_one (git-fixes). - net: xen-netback: fix return type of ndo_start_xmit function (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fix the null_add_dev() error path (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - phy: mdio: fix memory leak (git-fixes). - ptp: dp83640: do not define PAGE0 (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (bsc#1206213 LTC#200742). - s390/qeth: Fix error handling during VNICC initialization (git-fixes). - s390/qeth: Fix initialization of vnicc cmd masks during set online (git-fixes). - s390/qeth: Fix vnicc_is_in_use if rx_bcast not set (git-fixes). - s390/qeth: do not defer close_dev work during recovery (bsc#1206213 LTC#200742). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/qeth: fix deadlock during failing recovery (bsc#1206213 LTC#200742). - s390/qeth: fix false reporting of VNIC CHAR config failure (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: remove driver-wide workqueue (bsc#1206213 LTC#200742). - s390/qeth: vnicc Fix EOPNOTSUPP precedence (git-fixes). - s390/qeth: vnicc Fix init to default (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: appldata depends on PROC_SYSCTL (git-fixes). - s390: define get_cycles macro for arch-override (git-fixes). - s390: fix nospec table alignments (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (git-fixes). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - sfp: fix RX_LOS signal handling (git-fixes). - sis900: Fix missing pci_disable_device() in probe and remove (git-fixes). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: musb: Fix suspend with devices connected for a64 (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - vfio: ccw: fix error return in vfio_ccw_sch_event (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to "Hyper-V" (git-fixes). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: Return from panic notifier (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen-netfront: remove warning when unloading module (git-fixes). - xen/balloon: fix balloon initialization for PVH Dom0 (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/blkback: fix memory leaks (git-fixes). - xen/efi: Set nonblocking callbacks (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Fix off-by-one error when unmapping with holes (git-fixes). - xen/gntdev: Fix partial gntdev_mmap() cleanup (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/grant-table: Use put_page instead of free_page (git-fixes). - xen/pciback: Check dev_data before using it (git-fixes). - xen/pciback: remove set but not used variable 'old_state' (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/scsiback: add error handling for xenbus_printf (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: XEN_ACPI_PROCESSOR is Dom0-only (git-fixes). - xen: add error handling for xenbus_printf (git-fixes). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (git-fixes). - xen: xenbus: use put_device() instead of kfree() (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes).

References

#1065729 #1071995 #1106594 #1156395 #1164051

#1184350 #1199365 #1200845 #1201455 #1203183

#1203746 #1203860 #1203960 #1204017 #1204142

#1204414 #1204446 #1204631 #1204636 #1204810

#1204850 #1204868 #1204963 #1205006 #1205128

#1205130 #1205220 #1205234 #1205264 #1205473

#1205514 #1205617 #1205671 #1205705 #1205709

#1205796 #1205901 #1205902 #1205903 #1205904

#1205905 #1205906 #1205907 #1205908 #1206032

#1206037 #1206113 #1206114 #1206117 #1206118

#1206119 #1206120 #1206207 #1206213

Cross- CVE-2022-28693 CVE-2022-3567 CVE-2022-3628

CVE-2022-3635 CVE-2022-3643 CVE-2022-3903

CVE-2022-4095 CVE-2022-41850 CVE-2022-41858

CVE-2022-42328 CVE-2022-42329 CVE-2022-42895

CVE-2022-42896 CVE-2022-4378 CVE-2022-43945

CVE-2022-45934

CVSS scores:

CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

SUSE Linux Enterprise Desktop 12-SP5

SUSE Linux Enterprise High Availability 12-SP5

SUSE Linux Enterprise High Performance Computing 12-SP5

SUSE Linux Enterprise Live Patching 12-SP5

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP Applications 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Workstation Extension 12-SP5

https://www.suse.com/security/cve/CVE-2022-28693.html

https://www.suse.com/security/cve/CVE-2022-3567.html

https://www.suse.com/security/cve/CVE-2022-3628.html

https://www.suse.com/security/cve/CVE-2022-3635.html

https://www.suse.com/security/cve/CVE-2022-3643.html

https://www.suse.com/security/cve/CVE-2022-3903.html

https://www.suse.com/security/cve/CVE-2022-4095.html

https://www.suse.com/security/cve/CVE-2022-41850.html

https://www.suse.com/security/cve/CVE-2022-41858.html

https://www.suse.com/security/cve/CVE-2022-42328.html

https://www.suse.com/security/cve/CVE-2022-42329.html

https://www.suse.com/security/cve/CVE-2022-42895.html

https://www.suse.com/security/cve/CVE-2022-42896.html

https://www.suse.com/security/cve/CVE-2022-4378.html

https://www.suse.com/security/cve/CVE-2022-43945.html

https://www.suse.com/security/cve/CVE-2022-45934.html

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1106594

https://bugzilla.suse.com/1156395

https://bugzilla.suse.com/1164051

https://bugzilla.suse.com/1184350

https://bugzilla.suse.com/1199365

https://bugzilla.suse.com/1200845

https://bugzilla.suse.com/1201455

https://bugzilla.suse.com/1203183

https://bugzilla.suse.com/1203746

https://bugzilla.suse.com/1203860

https://bugzilla.suse.com/1203960

https://bugzilla.suse.com/1204017

https://bugzilla.suse.com/1204142

https://bugzilla.suse.com/1204414

https://bugzilla.suse.com/1204446

https://bugzilla.suse.com/1204631

https://bugzilla.suse.com/1204636

https://bugzilla.suse.com/1204810

https://bugzilla.suse.com/1204850

https://bugzilla.suse.com/1204868

https://bugzilla.suse.com/1204963

https://bugzilla.suse.com/1205006

https://bugzilla.suse.com/1205128

https://bugzilla.suse.com/1205130

https://bugzilla.suse.com/1205220

https://bugzilla.suse.com/1205234

https://bugzilla.suse.com/1205264

https://bugzilla.suse.com/1205473

https://bugzilla.suse.com/1205514

https://bugzilla.suse.com/1205617

https://bugzilla.suse.com/1205671

https://bugzilla.suse.com/1205705

https://bugzilla.suse.com/1205709

https://bugzilla.suse.com/1205796

https://bugzilla.suse.com/1205901

https://bugzilla.suse.com/1205902

https://bugzilla.suse.com/1205903

https://bugzilla.suse.com/1205904

https://bugzilla.suse.com/1205905

https://bugzilla.suse.com/1205906

https://bugzilla.suse.com/1205907

https://bugzilla.suse.com/1205908

https://bugzilla.suse.com/1206032

https://bugzilla.suse.com/1206037

https://bugzilla.suse.com/1206113

https://bugzilla.suse.com/1206114

https://bugzilla.suse.com/1206117

https://bugzilla.suse.com/1206118

https://bugzilla.suse.com/1206119

https://bugzilla.suse.com/1206120

https://bugzilla.suse.com/1206207

https://bugzilla.suse.com/1206213

Severity
Announcement ID: SUSE-SU-2022:4566-1
Rating: important

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.