SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:4614-1
Rating:             important
References:         #1198702 #1199365 #1200845 #1201725 #1202686 
                    #1202700 #1203008 #1203066 #1203067 #1203322 
                    #1203391 #1203496 #1203514 #1203860 #1203960 
                    #1204017 #1204053 #1204168 #1204170 #1204354 
                    #1204355 #1204402 #1204414 #1204415 #1204417 
                    #1204424 #1204431 #1204432 #1204439 #1204446 
                    #1204470 #1204479 #1204486 #1204574 #1204575 
                    #1204576 #1204631 #1204635 #1204636 #1204637 
                    #1204646 #1204647 #1204653 #1204780 #1204850 
                    #1205128 #1205130 #1205220 #1205473 #1205514 
                    #1205617 #1205671 #1205700 #1205705 #1205709 
                    #1205711 #1205796 #1206207 #1206228 
Cross-References:   CVE-2021-4037 CVE-2022-2153 CVE-2022-2602
                    CVE-2022-28693 CVE-2022-28748 CVE-2022-2964
                    CVE-2022-2978 CVE-2022-3169 CVE-2022-3176
                    CVE-2022-3521 CVE-2022-3524 CVE-2022-3535
                    CVE-2022-3542 CVE-2022-3545 CVE-2022-3565
                    CVE-2022-3567 CVE-2022-3577 CVE-2022-3586
                    CVE-2022-3594 CVE-2022-3621 CVE-2022-3625
                    CVE-2022-3628 CVE-2022-3629 CVE-2022-3635
                    CVE-2022-3646 CVE-2022-3649 CVE-2022-3707
                    CVE-2022-3903 CVE-2022-39189 CVE-2022-40307
                    CVE-2022-40768 CVE-2022-4095 CVE-2022-4129
                    CVE-2022-4139 CVE-2022-41850 CVE-2022-41858
                    CVE-2022-42703 CVE-2022-42895 CVE-2022-42896
                    CVE-2022-43750 CVE-2022-4378 CVE-2022-43945
                    CVE-2022-45934
CVSS scores:
                    CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
                    CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
                    CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
                    CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________

   An update that solves 43 vulnerabilities and has 16 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
   - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file
     drivers/atm/idt77252.c (bsc#1204631).
   - CVE-2022-41850: Fixed a race condition in roccat_report_event() in
     drivers/hid/hid-roccat.c (bsc#1203960).
   - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
     l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
   - CVE-2022-3628: Fixed potential buffer overflow in
     brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
   - CVE-2022-3567: Fixed a to race condition in
     inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
   - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in
     drivers/net/slip (bsc#1205671).
   - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation
     (bsc#1205128).
   - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
   - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver
     USB driver (bsc#1205220).
   - CVE-2022-42895: Fixed an information leak in the
     net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
     leak kernel pointers remotely (bsc#1205705).
   - CVE-2022-42896: Fixed a use-after-free vulnerability in the
     net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()
     which may have allowed code execution and leaking kernel memory
     (respectively) remotely via Bluetooth (bsc#1205709).
   - CVE-2022-2602: Fixed a local privilege escalation vulnerability
     involving Unix socket Garbage Collection and io_uring (bsc#1204228).
   - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU
     to access any physical memory (bsc#1205700).
   - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling
     Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a
     race condition and NULL pointer dereference. (bsc#1205711)
   - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver
     (bsc#1204780).
   - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices
     (bsc#1202686).
   - CVE-2021-4037: Fixed function logic vulnerability that allowed local
     users to create files for the XFS file-system with an unintended group
     ownership and with group execution and SGID permission bits set
     (bsc#1198702).
   - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space
     client to corrupt the monitor's internal memory (bsc#1204653).
   - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in
     drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402).
   - CVE-2022-3629: Fixed memory leak in vsock_connect() in
     net/vmw_vsock/af_vsock.c (bsc#1204635).
   - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in
     fs/nilfs2/segment.c (bsc#1204646).
   - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in
     fs/nilfs2/inode.c (bsc#1204647).
   - CVE-2022-3621: Fixed null pointer dereference in
     nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574).
   - CVE-2022-3594: Fixed excessive data logging in intr_callback() in
     drivers/net/usb/r8152.c (bsc#1204479).
   - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could
     allow a local unprivileged user to cause a denial of service
     (bsc#1204439).
   - CVE-2022-3565: Fixed use-after-free in del_timer() in
     drivers/isdn/mISDN/l1oip_core.c (bsc#1204431).
   - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6
     handler (bsc#1204354).
   - CVE-2022-40768: Fixed information leak in the scsi driver which allowed
     local users to obtain sensitive information from kernel memory
     (bsc#1203514).
   - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf
     anon_vma double reuse (bsc#1204168).
   - CVE-2022-3169: Fixed an denial of service though request to
     NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).
   - CVE-2022-40307: Fixed a race condition that could had been exploited to
     trigger a use-after-free in the efi firmware capsule-loader.c
     (bsc#1203322).
   - CVE-2022-3176: Fixed a use-after-free in io_uring related to
     signalfd_poll() and binder_poll() (bsc#1203391).
   - CVE-2022-3625: Fixed a user-after-free vulnerability in
     devlink_param_set/devlink_param_get of the file net/core/devlink.c
     (bsc#1204637).
   - CVE-2022-3535: Fixed a memory leak in mvpp2_dbgfs_port_init of the file
     drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bsc#1204417).
   - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file
     drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).
   - CVE-2022-39189: Fixed an issue were an unprivileged guest users can
     compromise the guest kernel because TLB flush operations were mishandled
     in certain KVM_VCPU_PREEMPTED situations (bsc#1203066).
   - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of
     drivers/hid/hid-bigbenff.c (bsc#1204470).
   - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file
     net/kcm/kcmsock.c (bsc#1204355).
   - CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem,
     when attempting to set a SynIC IRQ (bsc#1200788).
   - CVE-2022-2978: Fixed a use-after-free in the NILFS file system
     (bsc#1202700).

   The following non-security bugs were fixed:

   - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
   - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus
     hardening (bsc#1204017).
   - Drivers: hv: vmbus: Allow cleanup of VMBUS_CONNECT_CPU if disconnected
     (bsc#1204017).
   - Drivers: hv: vmbus: Always handle the VMBus messages on CPU0
     (bsc#1204017).
   - Drivers: hv: vmbus: Do not bind the offer&rescind works to a specific
     CPU (bsc#1204017).
   - Drivers: hv: vmbus: Drop error message when 'No request id available'
     (bsc#1204017).
   - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero
     (bsc#1204017).
   - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
   - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
   - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
   - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
   - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017).
   - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
     (git-fixes).
   - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
     (bsc#1204017).
   - Drivers: hv: vmbus: Replace the per-CPU channel lists with a global
     array of channels (bsc#1204017).
   - Drivers: hv: vmbus: Use a spin lock for synchronizing channel scheduling
     vs. channel removal (bsc#1204017).
   - Drivers: hv: vmbus: fix double free in the error path of
     vmbus_add_channel_work() (git-fixes).
   - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
     (git-fixes).
   - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv()
     (bsc#1204446).
   - PCI: hv: Add hibernation support (bsc#1204446).
   - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017).
   - PCI: hv: Drop msi_controller structure (bsc#1204446).
   - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
     topology (bsc#1199365).
   - PCI: hv: Fix a race condition when removing the device (bsc#1204446).
   - PCI: hv: Fix hibernation in case interrupts are not re-created
     (bsc#1204446).
   - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
   - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
   - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
   - PCI: hv: Fix sleep while in non-sleep context when removing child
     devices from the bus (bsc#1204446).
   - PCI: hv: Fix synchronization between channel callback and
     hv_compose_msi_msg() (bsc#1204017, bsc#1203860).
   - PCI: hv: Fix synchronization between channel callback and
     hv_pci_bus_exit() (bsc#1204017).
   - PCI: hv: Fix the definition of vector in hv_compose_msi_msg()
     (bsc#1200845).
   - PCI: hv: Make the code arch neutral by adding arch specific interfaces
     (bsc#1200845).
   - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
   - PCI: hv: Prepare hv_compose_msi_msg() for the
     VMBus-channel-interrupt-to-vCPU reassignment functionality (bsc#1204017).
   - PCI: hv: Remove bus device removal unused refcount/functions
     (bsc#1204446).
   - PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
   - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
     (bsc#1200845).
   - PCI: hv: Support for create interrupt v3 (bsc#1204446).
   - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors     (bsc#1204446).
   - PCI: hv: Use struct_size() helper (bsc#1204446).
   - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus
     hardening (bsc#1204017).
   - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053
     bsc#1201725).
   - hv_netvsc: Add check for kvmalloc_array (git-fixes).
   - hv_netvsc: Add error handling while switching data path (bsc#1204850).
   - hv_netvsc: Add the support of hibernation (bsc#1204017).
   - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017).
   - hv_netvsc: Cache the current data path to avoid duplicate call and
     message (bsc#1204017).
   - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017).
   - hv_netvsc: Fix hibernation for mlx5 VF driver (bsc#1204850).
   - hv_netvsc: Fix potential dereference of NULL pointer (bsc#1204017).
   - hv_netvsc: Fix race between VF offering and VF association message from
     host (bsc#1204850).
   - hv_netvsc: Print value of invalid ID in
     netvsc_send_{completion,tx_complete}() (bsc#1204017).
   - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
   - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt
     (bsc#1204017).
   - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive()
     (bsc#1204017).
   - hv_netvsc: Switch the data path at the right time during hibernation
     (bsc#1204850).
   - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus
     hardening (bsc#1204017).
   - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
   - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
   - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
     (bsc#1204575).
   - net: hyperv: remove use of bpf_op_t (git-fixes).
   - net: mana: Add rmb after checking owner bits (git-fixes).
   - net: netvsc: remove break after return (git-fixes).
   - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
   - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer
     (bsc#1204017).
   - scsi: storvsc: Fix validation for unsolicited incoming packets
     (bsc#1204017).
   - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
   - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
   - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs
     (bsc#1204017).
   - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus
     hardening (bsc#1204017).
   - scsi: storvsc: Validate length of incoming packet in
     storvsc_on_channel_callback() (bsc#1204017).
   - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
   - x86/hyperv: Output host build info as normal Windows version number
     (git-fixes).
   - xfs: reserve data and rt quota at the same time (bsc#1203496).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP5:

      zypper in -t patch SUSE-SLE-RT-12-SP5-2022-4614=1



Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):

      cluster-md-kmp-rt-4.12.14-10.109.1
      cluster-md-kmp-rt-debuginfo-4.12.14-10.109.1
      dlm-kmp-rt-4.12.14-10.109.1
      dlm-kmp-rt-debuginfo-4.12.14-10.109.1
      gfs2-kmp-rt-4.12.14-10.109.1
      gfs2-kmp-rt-debuginfo-4.12.14-10.109.1
      kernel-rt-4.12.14-10.109.1
      kernel-rt-base-4.12.14-10.109.1
      kernel-rt-base-debuginfo-4.12.14-10.109.1
      kernel-rt-debuginfo-4.12.14-10.109.1
      kernel-rt-debugsource-4.12.14-10.109.1
      kernel-rt-devel-4.12.14-10.109.1
      kernel-rt-devel-debuginfo-4.12.14-10.109.1
      kernel-rt_debug-4.12.14-10.109.1
      kernel-rt_debug-debuginfo-4.12.14-10.109.1
      kernel-rt_debug-debugsource-4.12.14-10.109.1
      kernel-rt_debug-devel-4.12.14-10.109.1
      kernel-rt_debug-devel-debuginfo-4.12.14-10.109.1
      kernel-syms-rt-4.12.14-10.109.1
      ocfs2-kmp-rt-4.12.14-10.109.1
      ocfs2-kmp-rt-debuginfo-4.12.14-10.109.1

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):

      kernel-devel-rt-4.12.14-10.109.1
      kernel-source-rt-4.12.14-10.109.1


References:

   https://www.suse.com/security/cve/CVE-2021-4037.html
   https://www.suse.com/security/cve/CVE-2022-2153.html
   https://www.suse.com/security/cve/CVE-2022-2602.html
   https://www.suse.com/security/cve/CVE-2022-28693.html
   https://www.suse.com/security/cve/CVE-2022-28748.html
   https://www.suse.com/security/cve/CVE-2022-2964.html
   https://www.suse.com/security/cve/CVE-2022-2978.html
   https://www.suse.com/security/cve/CVE-2022-3169.html
   https://www.suse.com/security/cve/CVE-2022-3176.html
   https://www.suse.com/security/cve/CVE-2022-3521.html
   https://www.suse.com/security/cve/CVE-2022-3524.html
   https://www.suse.com/security/cve/CVE-2022-3535.html
   https://www.suse.com/security/cve/CVE-2022-3542.html
   https://www.suse.com/security/cve/CVE-2022-3545.html
   https://www.suse.com/security/cve/CVE-2022-3565.html
   https://www.suse.com/security/cve/CVE-2022-3567.html
   https://www.suse.com/security/cve/CVE-2022-3577.html
   https://www.suse.com/security/cve/CVE-2022-3586.html
   https://www.suse.com/security/cve/CVE-2022-3594.html
   https://www.suse.com/security/cve/CVE-2022-3621.html
   https://www.suse.com/security/cve/CVE-2022-3625.html
   https://www.suse.com/security/cve/CVE-2022-3628.html
   https://www.suse.com/security/cve/CVE-2022-3629.html
   https://www.suse.com/security/cve/CVE-2022-3635.html
   https://www.suse.com/security/cve/CVE-2022-3646.html
   https://www.suse.com/security/cve/CVE-2022-3649.html
   https://www.suse.com/security/cve/CVE-2022-3707.html
   https://www.suse.com/security/cve/CVE-2022-3903.html
   https://www.suse.com/security/cve/CVE-2022-39189.html
   https://www.suse.com/security/cve/CVE-2022-40307.html
   https://www.suse.com/security/cve/CVE-2022-40768.html
   https://www.suse.com/security/cve/CVE-2022-4095.html
   https://www.suse.com/security/cve/CVE-2022-4129.html
   https://www.suse.com/security/cve/CVE-2022-4139.html
   https://www.suse.com/security/cve/CVE-2022-41850.html
   https://www.suse.com/security/cve/CVE-2022-41858.html
   https://www.suse.com/security/cve/CVE-2022-42703.html
   https://www.suse.com/security/cve/CVE-2022-42895.html
   https://www.suse.com/security/cve/CVE-2022-42896.html
   https://www.suse.com/security/cve/CVE-2022-43750.html
   https://www.suse.com/security/cve/CVE-2022-4378.html
   https://www.suse.com/security/cve/CVE-2022-43945.html
   https://www.suse.com/security/cve/CVE-2022-45934.html
   https://bugzilla.suse.com/1198702
   https://bugzilla.suse.com/1199365
   https://bugzilla.suse.com/1200845
   https://bugzilla.suse.com/1201725
   https://bugzilla.suse.com/1202686
   https://bugzilla.suse.com/1202700
   https://bugzilla.suse.com/1203008
   https://bugzilla.suse.com/1203066
   https://bugzilla.suse.com/1203067
   https://bugzilla.suse.com/1203322
   https://bugzilla.suse.com/1203391
   https://bugzilla.suse.com/1203496
   https://bugzilla.suse.com/1203514
   https://bugzilla.suse.com/1203860
   https://bugzilla.suse.com/1203960
   https://bugzilla.suse.com/1204017
   https://bugzilla.suse.com/1204053
   https://bugzilla.suse.com/1204168
   https://bugzilla.suse.com/1204170
   https://bugzilla.suse.com/1204354
   https://bugzilla.suse.com/1204355
   https://bugzilla.suse.com/1204402
   https://bugzilla.suse.com/1204414
   https://bugzilla.suse.com/1204415
   https://bugzilla.suse.com/1204417
   https://bugzilla.suse.com/1204424
   https://bugzilla.suse.com/1204431
   https://bugzilla.suse.com/1204432
   https://bugzilla.suse.com/1204439
   https://bugzilla.suse.com/1204446
   https://bugzilla.suse.com/1204470
   https://bugzilla.suse.com/1204479
   https://bugzilla.suse.com/1204486
   https://bugzilla.suse.com/1204574
   https://bugzilla.suse.com/1204575
   https://bugzilla.suse.com/1204576
   https://bugzilla.suse.com/1204631
   https://bugzilla.suse.com/1204635
   https://bugzilla.suse.com/1204636
   https://bugzilla.suse.com/1204637
   https://bugzilla.suse.com/1204646
   https://bugzilla.suse.com/1204647
   https://bugzilla.suse.com/1204653
   https://bugzilla.suse.com/1204780
   https://bugzilla.suse.com/1204850
   https://bugzilla.suse.com/1205128
   https://bugzilla.suse.com/1205130
   https://bugzilla.suse.com/1205220
   https://bugzilla.suse.com/1205473
   https://bugzilla.suse.com/1205514
   https://bugzilla.suse.com/1205617
   https://bugzilla.suse.com/1205671
   https://bugzilla.suse.com/1205700
   https://bugzilla.suse.com/1205705
   https://bugzilla.suse.com/1205709
   https://bugzilla.suse.com/1205711
   https://bugzilla.suse.com/1205796
   https://bugzilla.suse.com/1206207
   https://bugzilla.suse.com/1206228

SUSE: 2022:4614-1 important: the Linux Kernel

December 23, 2022
An update that solves 43 vulnerabilities and has 16 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3625: Fixed a user-after-free vulnerability in devlink_param_set/devlink_param_get of the file net/core/devlink.c (bsc#1204637). - CVE-2022-3535: Fixed a memory leak in mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bsc#1204417). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-39189: Fixed an issue were an unprivileged guest users can compromise the guest kernel because TLB flush operations were mishandled in certain KVM_VCPU_PREEMPTED situations (bsc#1203066). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-2978: Fixed a use-after-free in the NILFS file system (bsc#1202700). The following non-security bugs were fixed: - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Allow cleanup of VMBUS_CONNECT_CPU if disconnected (bsc#1204017). - Drivers: hv: vmbus: Always handle the VMBus messages on CPU0 (bsc#1204017). - Drivers: hv: vmbus: Do not bind the offer&rescind works to a specific CPU (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1204017). - Drivers: hv: vmbus: Replace the per-CPU channel lists with a global array of channels (bsc#1204017). - Drivers: hv: vmbus: Use a spin lock for synchronizing channel scheduling vs. channel removal (bsc#1204017). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add hibernation support (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix hibernation in case interrupts are not re-created (bsc#1204446). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Prepare hv_compose_msi_msg() for the VMBus-channel-interrupt-to-vCPU reassignment functionality (bsc#1204017). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use struct_size() helper (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Add the support of hibernation (bsc#1204017). - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017). - hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017). - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017). - hv_netvsc: Fix hibernation for mlx5 VF driver (bsc#1204850). - hv_netvsc: Fix potential dereference of NULL pointer (bsc#1204017). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017). - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017). - hv_netvsc: Switch the data path at the right time during hibernation (bsc#1204850). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: netvsc: remove break after return (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496).

References

#1198702 #1199365 #1200845 #1201725 #1202686

#1202700 #1203008 #1203066 #1203067 #1203322

#1203391 #1203496 #1203514 #1203860 #1203960

#1204017 #1204053 #1204168 #1204170 #1204354

#1204355 #1204402 #1204414 #1204415 #1204417

#1204424 #1204431 #1204432 #1204439 #1204446

#1204470 #1204479 #1204486 #1204574 #1204575

#1204576 #1204631 #1204635 #1204636 #1204637

#1204646 #1204647 #1204653 #1204780 #1204850

#1205128 #1205130 #1205220 #1205473 #1205514

#1205617 #1205671 #1205700 #1205705 #1205709

#1205711 #1205796 #1206207 #1206228

Cross- CVE-2021-4037 CVE-2022-2153 CVE-2022-2602

CVE-2022-28693 CVE-2022-28748 CVE-2022-2964

CVE-2022-2978 CVE-2022-3169 CVE-2022-3176

CVE-2022-3521 CVE-2022-3524 CVE-2022-3535

CVE-2022-3542 CVE-2022-3545 CVE-2022-3565

CVE-2022-3567 CVE-2022-3577 CVE-2022-3586

CVE-2022-3594 CVE-2022-3621 CVE-2022-3625

CVE-2022-3628 CVE-2022-3629 CVE-2022-3635

CVE-2022-3646 CVE-2022-3649 CVE-2022-3707

CVE-2022-3903 CVE-2022-39189 CVE-2022-40307

CVE-2022-40768 CVE-2022-4095 CVE-2022-4129

CVE-2022-4139 CVE-2022-41850 CVE-2022-41858

CVE-2022-42703 CVE-2022-42895 CVE-2022-42896

CVE-2022-43750 CVE-2022-4378 CVE-2022-43945

CVE-2022-45934

CVSS scores:

CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

SUSE Linux Enterprise Real Time Extension 12-SP5

https://www.suse.com/security/cve/CVE-2021-4037.html

https://www.suse.com/security/cve/CVE-2022-2153.html

https://www.suse.com/security/cve/CVE-2022-2602.html

https://www.suse.com/security/cve/CVE-2022-28693.html

https://www.suse.com/security/cve/CVE-2022-28748.html

https://www.suse.com/security/cve/CVE-2022-2964.html

https://www.suse.com/security/cve/CVE-2022-2978.html

https://www.suse.com/security/cve/CVE-2022-3169.html

https://www.suse.com/security/cve/CVE-2022-3176.html

https://www.suse.com/security/cve/CVE-2022-3521.html

https://www.suse.com/security/cve/CVE-2022-3524.html

https://www.suse.com/security/cve/CVE-2022-3535.html

https://www.suse.com/security/cve/CVE-2022-3542.html

https://www.suse.com/security/cve/CVE-2022-3545.html

https://www.suse.com/security/cve/CVE-2022-3565.html

https://www.suse.com/security/cve/CVE-2022-3567.html

https://www.suse.com/security/cve/CVE-2022-3577.html

https://www.suse.com/security/cve/CVE-2022-3586.html

https://www.suse.com/security/cve/CVE-2022-3594.html

https://www.suse.com/security/cve/CVE-2022-3621.html

https://www.suse.com/security/cve/CVE-2022-3625.html

https://www.suse.com/security/cve/CVE-2022-3628.html

https://www.suse.com/security/cve/CVE-2022-3629.html

https://www.suse.com/security/cve/CVE-2022-3635.html

https://www.suse.com/security/cve/CVE-2022-3646.html

https://www.suse.com/security/cve/CVE-2022-3649.html

https://www.suse.com/security/cve/CVE-2022-3707.html

https://www.suse.com/security/cve/CVE-2022-3903.html

https://www.suse.com/security/cve/CVE-2022-39189.html

https://www.suse.com/security/cve/CVE-2022-40307.html

https://www.suse.com/security/cve/CVE-2022-40768.html

https://www.suse.com/security/cve/CVE-2022-4095.html

https://www.suse.com/security/cve/CVE-2022-4129.html

https://www.suse.com/security/cve/CVE-2022-4139.html

https://www.suse.com/security/cve/CVE-2022-41850.html

https://www.suse.com/security/cve/CVE-2022-41858.html

https://www.suse.com/security/cve/CVE-2022-42703.html

https://www.suse.com/security/cve/CVE-2022-42895.html

https://www.suse.com/security/cve/CVE-2022-42896.html

https://www.suse.com/security/cve/CVE-2022-43750.html

https://www.suse.com/security/cve/CVE-2022-4378.html

https://www.suse.com/security/cve/CVE-2022-43945.html

https://www.suse.com/security/cve/CVE-2022-45934.html

https://bugzilla.suse.com/1198702

https://bugzilla.suse.com/1199365

https://bugzilla.suse.com/1200845

https://bugzilla.suse.com/1201725

https://bugzilla.suse.com/1202686

https://bugzilla.suse.com/1202700

https://bugzilla.suse.com/1203008

https://bugzilla.suse.com/1203066

https://bugzilla.suse.com/1203067

https://bugzilla.suse.com/1203322

https://bugzilla.suse.com/1203391

https://bugzilla.suse.com/1203496

https://bugzilla.suse.com/1203514

https://bugzilla.suse.com/1203860

https://bugzilla.suse.com/1203960

https://bugzilla.suse.com/1204017

https://bugzilla.suse.com/1204053

https://bugzilla.suse.com/1204168

https://bugzilla.suse.com/1204170

https://bugzilla.suse.com/1204354

https://bugzilla.suse.com/1204355

https://bugzilla.suse.com/1204402

https://bugzilla.suse.com/1204414

https://bugzilla.suse.com/1204415

https://bugzilla.suse.com/1204417

https://bugzilla.suse.com/1204424

https://bugzilla.suse.com/1204431

https://bugzilla.suse.com/1204432

https://bugzilla.suse.com/1204439

https://bugzilla.suse.com/1204446

https://bugzilla.suse.com/1204470

https://bugzilla.suse.com/1204479

https://bugzilla.suse.com/1204486

https://bugzilla.suse.com/1204574

https://bugzilla.suse.com/1204575

https://bugzilla.suse.com/1204576

https://bugzilla.suse.com/1204631

https://bugzilla.suse.com/1204635

https://bugzilla.suse.com/1204636

https://bugzilla.suse.com/1204637

https://bugzilla.suse.com/1204646

https://bugzilla.suse.com/1204647

https://bugzilla.suse.com/1204653

https://bugzilla.suse.com/1204780

https://bugzilla.suse.com/1204850

https://bugzilla.suse.com/1205128

https://bugzilla.suse.com/1205130

https://bugzilla.suse.com/1205220

https://bugzilla.suse.com/1205473

https://bugzilla.suse.com/1205514

https://bugzilla.suse.com/1205617

https://bugzilla.suse.com/1205671

https://bugzilla.suse.com/1205700

https://bugzilla.suse.com/1205705

https://bugzilla.suse.com/1205709

https://bugzilla.suse.com/1205711

https://bugzilla.suse.com/1205796

https://bugzilla.suse.com/1206207

https://bugzilla.suse.com/1206228

Severity
Announcement ID: SUSE-SU-2022:4614-1
Rating: important

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved