Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
100
security advisorycritical fixinformation disclosureSUSE Linux Enterprise: 2022 Security Update Critical for RT Kernel
An update that solves 6 vulnerabilities and has 11 fixes is now available. . SUSE Security Update: Security update for the Linux RT Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0544-1 Rating: critical References: #1177599 #1183405 #1185377 #1187428 #1188605 #1193096 #1193506 #1193861 #1193864 #1193867 #1194048 #1194227 #1194880 #1195009 #1195065 #1195184 #1195254 Cross-References: CVE-2021-22600 CVE-2021-39648 CVE-2021-39657 CVE-2021-45095 CVE-2022-0330 CVE-2022-22942 CVSS scores: CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 11 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-45095: Fixedrefcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2022-544=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-544=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-73.1 cluster-md-kmp-rt-debuginfo-5.3.18-73.1 dlm-kmp-rt-5.3.18-73.1 dlm-kmp-rt-debuginfo-5.3.18-73.1 gfs2-kmp-rt-5.3.18-73.1 gfs2-kmp-rt-debuginfo-5.3.18-73.1 kernel-rt-5.3.18-73.1 kernel-rt-debuginfo-5.3.18-73.1 kernel-rt-debugsource-5.3.18-73.1 kernel-rt-devel-5.3.18-73.1 kernel-rt-devel-debuginfo-5.3.18-73.1 kernel-rt_debug-5.3.18-73.1 kernel-rt_debug-debuginfo-5.3.18-73.1 kernel-rt_debug-debugsource-5.3.18-73.1 kernel-rt_debug-devel-5.3.18-73.1 kernel-rt_debug-devel-debuginfo-5.3.18-73.1 kernel-syms-rt-5.3.18-73.1 ocfs2-kmp-rt-5.3.18-73.1 ocfs2-kmp-rt-debuginfo-5.3.18-73.1 - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-73.1 kernel-source-rt-5.3.18-73.1 - SUSE Linux Enterprise Micro 5.0 (x86_64): kernel-rt-5.3.18-73.1 kernel-rt-debuginfo-5.3.18-73.1 kernel-rt-debugsource-5.3.18-73.1 References: https://www.suse.com/security/cve/CVE-2021-22600.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-22942.html https://bugzilla.suse.com/1177599 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193506 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1195009 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195184 https://bugzilla.suse.com/1195254 . Critical update for SUSE Linux Enterprise RT Kernel resolves multiple security flaws necessitating system reboot for stability.. SUSE Linux Enterprise, RT Kernel, Critical Update, Security Issues, System Stability. . Severity: Critical. LinuxSecurity.com Team
Feb 21, 2022
•Critical
SuSE
100
security advisorycriticalrace conditionSUSE: 2022:0463-1 Critical: Linux Kernel Live Patch Improves Security
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0463-1 Rating: critical References: #1194460 #1194533 #1195308 Cross-References: CVE-2021-4083 CVE-2021-4202 CVE-2022-0435 CVSS scores: CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_24 fixes several issues. The following security issues were fixed: - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533). - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand canpotentially trigger a race condition (bnc#1194460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-461=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-462=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-463=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-464=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-460=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_10-default-9-150300.2.2 kernel-livepatch-5_3_18-59_10-default-debuginfo-9-150300.2.2 kernel-livepatch-5_3_18-59_24-default-5-150300.2.2 kernel-livepatch-5_3_18-59_24-default-debuginfo-5-150300.2.2 kernel-livepatch-5_3_18-59_27-default-5-150300.2.2 kernel-livepatch-5_3_18-59_27-default-debuginfo-5-150300.2.2 kernel-livepatch-5_3_18-59_5-default-9-150300.2.2 kernel-livepatch-5_3_18-59_5-default-debuginfo-9-150300.2.2 kernel-livepatch-SLE15-SP3_Update_1-debugsource-9-150300.2.2 kernel-livepatch-SLE15-SP3_Update_2-debugsource-9-150300.2.2 kernel-livepatch-SLE15-SP3_Update_6-debugsource-5-150300.2.2 kernel-livepatch-SLE15-SP3_Update_7-debugsource-5-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_52-default-14-2.2 kernel-livepatch-5_3_18-24_52-default-debuginfo-14-2.2 kernel-livepatch-SLE15-SP2_Update_11-debugsource-14-2.2 References: https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2022-0435.html https://bugzilla.suse.com/1194460 https://bugzilla.suse.com/1194533 https://bugzilla.suse.com/1195308 . Urgent Debian security patch rectifies major flaws in the Linux Kernel. Discover specifics on vulnerabilities and corrective measures.. Linux Kernel Patching, SUSE Security Update, Race Condition Fixes, Remote Overflow Vulnerabilities, Live Patching Methods. . Severity: Critical. LinuxSecurity.com Team
Feb 17, 2022
•Critical
SuSE
100
security advisorycriticalkernel patchSUSE 15 SP3: 2022:0456-1 Urgent Fix: Kernel Live Update
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0436-1 Rating: critical References: #1194460 #1195308 Cross-References: CVE-2021-4083 CVE-2022-0435 CVSS scores: CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_40 fixes several issues. The following security issues were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-436=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390xx86_64): kernel-livepatch-5_3_18-59_40-default-3-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-3-150300.2.2 References: https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2022-0435.html https://bugzilla.suse.com/1194460 https://bugzilla.suse.com/1195308 . Red Hat Security Update resolves significant vulnerabilities in the Linux Kernel for RHEL 8 with essential patches issued immediately.. Linux Kernel Update,SUSE Security Patch,Live Patching,Remote Overflow Fix. . Severity: Critical. LinuxSecurity.com Team
Feb 16, 2022
•Critical
SuSE
100
security advisorycriticalrace conditionSUSE: 2022:0418-1 Critical: Live Kernel Patch for Security Issues
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0418-1 Rating: critical References: #1194460 #1194533 #1195308 Cross-References: CVE-2021-4083 CVE-2021-4202 CVE-2022-0435 CVSS scores: CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_103 fixes several issues. The following security issues were fixed: - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533). - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-430=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-431=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-432=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-433=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-434=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-435=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-418=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-419=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-420=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-421=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-422=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-423=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-424=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-425=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-426=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-427=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-428=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -tpatch SUSE-SLE-Module-Live-Patching-15-SP1-2022-412=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-413=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-414=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-415=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-416=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-417=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-407=1 SUSE-SLE-Module-Live-Patching-15-2022-408=1 SUSE-SLE-Module-Live-Patching-15-2022-409=1 SUSE-SLE-Module-Live-Patching-15-2022-410=1 SUSE-SLE-Module-Live-Patching-15-2022-411=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-395=1 SUSE-SLE-Live-Patching-12-SP5-2022-396=1 SUSE-SLE-Live-Patching-12-SP5-2022-397=1 SUSE-SLE-Live-Patching-12-SP5-2022-398=1 SUSE-SLE-Live-Patching-12-SP5-2022-399=1 SUSE-SLE-Live-Patching-12-SP5-2022-400=1 SUSE-SLE-Live-Patching-12-SP5-2022-401=1 SUSE-SLE-Live-Patching-12-SP5-2022-402=1 SUSE-SLE-Live-Patching-12-SP5-2022-403=1 SUSE-SLE-Live-Patching-12-SP5-2022-404=1 SUSE-SLE-Live-Patching-12-SP5-2022-405=1 SUSE-SLE-Live-Patching-12-SP5-2022-406=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-389=1 SUSE-SLE-Live-Patching-12-SP4-2022-390=1 SUSE-SLE-Live-Patching-12-SP4-2022-391=1 SUSE-SLE-Live-Patching-12-SP4-2022-392=1 SUSE-SLE-Live-Patching-12-SP4-2022-393=1 SUSE-SLE-Live-Patching-12-SP4-2022-394=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-57-default-11-3.2 kernel-livepatch-5_3_18-57-default-debuginfo-11-3.2 kernel-livepatch-5_3_18-59_13-default-9-150300.2.2 kernel-livepatch-5_3_18-59_13-default-debuginfo-9-150300.2.2 kernel-livepatch-5_3_18-59_16-default-8-150300.2.2 kernel-livepatch-5_3_18-59_16-default-debuginfo-8-150300.2.2 kernel-livepatch-5_3_18-59_19-default-7-150300.2.2 kernel-livepatch-5_3_18-59_19-default-debuginfo-7-150300.2.2 kernel-livepatch-5_3_18-59_34-default-4-150300.2.2 kernel-livepatch-5_3_18-59_34-default-debuginfo-4-150300.2.2 kernel-livepatch-5_3_18-59_37-default-3-150300.2.2 kernel-livepatch-5_3_18-59_37-default-debuginfo-3-150300.2.2 kernel-livepatch-SLE15-SP3_Update_0-debugsource-11-3.2 kernel-livepatch-SLE15-SP3_Update_10-debugsource-3-150300.2.2 kernel-livepatch-SLE15-SP3_Update_3-debugsource-9-150300.2.2 kernel-livepatch-SLE15-SP3_Update_4-debugsource-8-150300.2.2 kernel-livepatch-SLE15-SP3_Update_5-debugsource-7-150300.2.2 kernel-livepatch-SLE15-SP3_Update_9-debugsource-4-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_53_4-default-9-2.2 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-9-2.2 kernel-livepatch-5_3_18-24_61-default-11-2.2 kernel-livepatch-5_3_18-24_61-default-debuginfo-11-2.2 kernel-livepatch-5_3_18-24_64-default-11-2.2 kernel-livepatch-5_3_18-24_64-default-debuginfo-11-2.2 kernel-livepatch-5_3_18-24_67-default-9-2.2 kernel-livepatch-5_3_18-24_67-default-debuginfo-9-2.2 kernel-livepatch-5_3_18-24_70-default-9-2.2 kernel-livepatch-5_3_18-24_70-default-debuginfo-9-2.2 kernel-livepatch-5_3_18-24_75-default-8-2.2 kernel-livepatch-5_3_18-24_75-default-debuginfo-8-2.2 kernel-livepatch-5_3_18-24_78-default-7-2.2 kernel-livepatch-5_3_18-24_78-default-debuginfo-7-2.2 kernel-livepatch-5_3_18-24_83-default-5-2.2 kernel-livepatch-5_3_18-24_83-default-debuginfo-5-2.2 kernel-livepatch-5_3_18-24_86-default-5-2.2 kernel-livepatch-5_3_18-24_86-default-debuginfo-5-2.2 kernel-livepatch-5_3_18-24_93-default-4-2.2 kernel-livepatch-5_3_18-24_93-default-debuginfo-4-2.2 kernel-livepatch-5_3_18-24_96-default-3-2.2 kernel-livepatch-5_3_18-24_96-default-debuginfo-3-2.2 kernel-livepatch-SLE15-SP2_Update_12-debugsource-11-2.2 kernel-livepatch-SLE15-SP2_Update_13-debugsource-11-2.2 kernel-livepatch-SLE15-SP2_Update_14-debugsource-9-2.2 kernel-livepatch-SLE15-SP2_Update_15-debugsource-9-2.2 kernel-livepatch-SLE15-SP2_Update_16-debugsource-9-2.2 kernel-livepatch-SLE15-SP2_Update_17-debugsource-8-2.2 kernel-livepatch-SLE15-SP2_Update_18-debugsource-7-2.2 kernel-livepatch-SLE15-SP2_Update_19-debugsource-5-2.2 kernel-livepatch-SLE15-SP2_Update_20-debugsource-5-2.2 kernel-livepatch-SLE15-SP2_Update_21-debugsource-4-2.2 kernel-livepatch-SLE15-SP2_Update_22-debugsource-3-2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_102-default-3-2.2 kernel-livepatch-4_12_14-197_83-default-15-2.2 kernel-livepatch-4_12_14-197_86-default-14-2.2 kernel-livepatch-4_12_14-197_89-default-11-2.2 kernel-livepatch-4_12_14-197_92-default-10-2.2 kernel-livepatch-4_12_14-197_99-default-8-2.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_66-default-15-2.2 kernel-livepatch-4_12_14-150_66-default-debuginfo-15-2.2 kernel-livepatch-4_12_14-150_69-default-14-2.2 kernel-livepatch-4_12_14-150_69-default-debuginfo-14-2.2 kernel-livepatch-4_12_14-150_72-default-11-2.2 kernel-livepatch-4_12_14-150_72-default-debuginfo-11-2.2 kernel-livepatch-4_12_14-150_75-default-8-2.2 kernel-livepatch-4_12_14-150_75-default-debuginfo-8-2.2 kernel-livepatch-4_12_14-150_78-default-3-2.2 kernel-livepatch-4_12_14-150_78-default-debuginfo-3-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-3-2.2 kgraft-patch-4_12_14-122_106-default-2-2.2 kgraft-patch-4_12_14-122_63-default-14-2.2 kgraft-patch-4_12_14-122_66-default-12-2.2 kgraft-patch-4_12_14-122_71-default-11-2.2 kgraft-patch-4_12_14-122_74-default-9-2.2 kgraft-patch-4_12_14-122_77-default-9-2.2 kgraft-patch-4_12_14-122_80-default-8-2.2 kgraft-patch-4_12_14-122_83-default-7-2.2 kgraft-patch-4_12_14-122_88-default-5-2.2 kgraft-patch-4_12_14-122_91-default-5-2.2 kgraft-patch-4_12_14-122_98-default-3-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_68-default-15-2.2 kgraft-patch-4_12_14-95_71-default-14-2.2 kgraft-patch-4_12_14-95_74-default-11-2.2 kgraft-patch-4_12_14-95_77-default-10-2.2 kgraft-patch-4_12_14-95_80-default-8-2.2 kgraft-patch-4_12_14-95_83-default-3-2.2 References: https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2022-0435.html https://bugzilla.suse.com/1194460 https://bugzilla.suse.com/1194533 https://bugzilla.suse.com/1195308 . Urgent patch for the Linux Core resolves various vulnerabilities. Implement updates to boost protection immediately.. Linux Kernel Update, SUSE Security Fixes, Live Patching, Critical Fix. . Severity: Critical. LinuxSecurity.com Team
Feb 16, 2022
•Critical
SuSE
100
security advisorycriticalSUSE LinuxSUSE: 2022:0429-1 Critical: Linux Kernel Live Patch Remote Overflow
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0429-1 Rating: critical References: #1195308 Cross-References: CVE-2022-0435 CVSS scores: CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_46 fixes one issue. The following security issue was fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-437=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-438=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patchSUSE-SLE-Module-Live-Patching-15-SP2-2022-429=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-2-150300.2.2 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-2-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-2-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-2-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_99-default-2-2.2 kernel-livepatch-5_3_18-24_99-default-debuginfo-2-2.2 kernel-livepatch-SLE15-SP2_Update_23-debugsource-2-2.2 References: https://www.suse.com/security/cve/CVE-2022-0435.html https://bugzilla.suse.com/1195308 . Important SUSE Security Patch for Linux Kernel addresses a remote buffer overflow vulnerability in Live Patch 13 for SLE 15 SP3.. SUSE Linux Kernel, Live Patching, Remote Overflow, Security Update, Critical Severity. . Severity: Critical. LinuxSecurity.com Team
Feb 16, 2022
•Critical
SuSE
100
security advisorykernel updatememory corruptionSUSE: SUSE-SU-2022:0372-1 Critical Note: Kernel Update Threat
An update that solves 13 vulnerabilities and has 28 fixes is now available. . SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0372-1 Rating: critical References: #1065729 #1071995 #1082555 #1163405 #1177599 #1183405 #1184209 #1186207 #1186222 #1187428 #1187723 #1188605 #1190973 #1192729 #1193096 #1193234 #1193235 #1193242 #1193507 #1193660 #1193727 #1193767 #1193861 #1193864 #1193927 #1194027 #1194227 #1194302 #1194410 #1194493 #1194516 #1194529 #1194814 #1194880 #1194888 #1194965 #1194985 #1195065 #1195073 #1195254 #1195272 Cross-References: CVE-2020-28097 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4083 CVE-2021-4135 CVE-2021-4197 CVE-2021-4202 CVE-2021-44733 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 CVSS scores: CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-4202 (SUSE): 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2022-0322 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 28 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985). - CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new map's value in function nsim_bpf_map_alloc (bsc#1193927). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler ofufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). The following non-security bugs were fixed: - KVM: remember position in kvm-> vcpus array (bsc#1190973). - KVM: s390: index kvm-> arch.idle_mask by vcpu_idx (bsc#1190973). - SUNRPC: Add basic load balancing to the transport switch - kabi fix. (bnc#1192729). - SUNRPC: Add basic load balancing to the transport switch. (bnc#1192729) - SUNRPC: Fix initialisation of struct rpc_xprt_switch (bnc#1192729). - SUNRPC: Optimise transport balancing code (bnc#1192729). - SUNRPC: Replace division by multiplication in calculation of queue length (bnc#1192729). - SUNRPC: Skip zero-refcount transports (bnc#1192729). - USB: serial: option: add Telit FN990 compositions (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195272). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - hv_netvsc: Set needed_headroomaccording to VF (bsc#1193507). - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init -> running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused -> wait_capability (bsc#1195073 ltc#195713). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190973). - kabi: mask new member "empty" of struct Qdisc (bsc#1183405). - kabi: revert drop of Qdisc::atomic_qlen (bsc#1183405). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - mm/hwpoison: do not lock page again when me_huge_page() successfully recovers (bsc#1194814). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193507). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193507). - net/sched: annotate lockless accesses to qdisc-> empty (bsc#1183405). - net/sched: fix race between deactivation and dequeue for NOLOCK qdisc (bsc#1183405). - net/sched: pfifo_fast: fix wrong dereference in pfifo_fast_enqueue (bsc#1183405). - net/sched: pfifo_fast: fix wrong dereference when qdisc is reset (bsc#1183405). - net: Using proper atomic helper (bsc#1186222). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: caif: avoid using qdisc_qlen() (bsc#1183405). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: dev: introduce support for sch BYPASS for lockless qdisc (bsc#1183405). - net: mana: Add RX fencing (bsc#1193507). - net: mana: Add XDP support (bsc#1193507). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: Avoid using yield() in a busy waiting loop (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). -net: sched: add empty status flag for NOLOCK qdisc (bsc#1183405). - net: sched: always do stats accounting according to TCQ_F_CPUSTATS (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: prefer qdisc_is_empty() over direct qlen access (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sched: when clearing NOLOCK, clear TCQ_F_CPUSTATS, too (bsc#1183405). - net: tipc: validate domain record count on input (bsc#1195254). - net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nfs: do not dirty kernel pages read by direct-io (bsc#1194410). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: return BLK_STS_TRANSPORT unless DNR for NVME_SC_NS_NOT_READY (bsc#1163405). - of: Add cpu node iterator for_each_of_cpu_node() (bsc#1065729). - of: Add device_type access helper functions (bsc#1065729). - of: Fix cpu node iterator to not ignore disabled cpu nodes (bsc#1065729). - of: Fix property name in of_node_get_device_type (bsc#1065729). - of: add node name compare helper functions (bsc#1065729). - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729). - powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729). - powerpc/pseries/cpuhp: cache node corrections (bsc#1065729). - powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729). - powerpc/pseries/mobility: ignoreibm, platform-facilities updates (bsc#1065729). - powerpc/traps: do not enable irqs in _exception (bsc#1065729). - powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729). - s390/cio: make ccw_device_dma_* more robust (bsc#1193242). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193234). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194965). - select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027). - tpm: Check for integer overflow in tpm2_map_response_body() (bsc#1082555). - tpm: add request_locality before write TPM_INT_ENABLE (bsc#1082555). - tpm: fix potential NULL pointer access in tpm_del_char_device (bsc#1184209 ltc#190917 git-fixes bsc#1193660 ltc#195634). - tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes). - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - usb: core: config: fix validation of wMaxPacketValue entries (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - virtio: write back F_VERSION_1 before validate (bsc#1193235). - x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-372=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.88.1 kernel-azure-base-4.12.14-16.88.1 kernel-azure-base-debuginfo-4.12.14-16.88.1 kernel-azure-debuginfo-4.12.14-16.88.1 kernel-azure-debugsource-4.12.14-16.88.1 kernel-azure-devel-4.12.14-16.88.1 kernel-syms-azure-4.12.14-16.88.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.88.1 kernel-source-azure-4.12.14-16.88.1 References: https://www.suse.com/security/cve/CVE-2020-28097.html https://www.suse.com/security/cve/CVE-2021-3564.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4135.html https://www.suse.com/security/cve/CVE-2021-4197.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2022-0322.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-0435.html https://www.suse.com/security/cve/CVE-2022-22942.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1163405 https://bugzilla.suse.com/1177599 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1184209 https://bugzilla.suse.com/1186207 https://bugzilla.suse.com/1186222 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1187723 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1190973 https://bugzilla.suse.com/1192729 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193234 https://bugzilla.suse.com/1193235 https://bugzilla.suse.com/1193242 https://bugzilla.suse.com/1193507 https://bugzilla.suse.com/1193660 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193927 https://bugzilla.suse.com/1194027 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194302 https://bugzilla.suse.com/1194410 https://bugzilla.suse.com/1194493 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194529 https://bugzilla.suse.com/1194814 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1194888 https://bugzilla.suse.com/1194965 https://bugzilla.suse.com/1194985 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195073 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195272 . Essential patches address several security flaws in the SUSE Linux Kernel. Make sure to implement these updates for maintaining system stability.. SUSE Linux Kernel Update, Security Patch, Critical Kernel Fix, Critical Fixes, Vulnerability Resolutions. . Severity: Critical. LinuxSecurity.com Team
Feb 11, 2022
•Critical
SuSE
100
security advisoryinformation leakcriticalSUSE Linux 15-SP3: 2022:0370-1 Critical: Kernel Security Update
An update that solves 11 vulnerabilities and has 29 fixes is now available. . SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0370-1 Rating: critical References: #1154353 #1154488 #1156395 #1160634 #1176447 #1177599 #1183405 #1185377 #1187428 #1187723 #1188605 #1191881 #1193096 #1193506 #1193767 #1193802 #1193861 #1193864 #1193867 #1194048 #1194227 #1194291 #1194880 #1195009 #1195062 #1195065 #1195073 #1195183 #1195184 #1195254 #1195267 #1195293 #1195371 #1195476 #1195477 #1195478 #1195479 #1195480 #1195481 #1195482 Cross-References: CVE-2020-28097 CVE-2021-22600 CVE-2021-39648 CVE-2021-39657 CVE-2021-39685 CVE-2021-44733 CVE-2021-45095 CVE-2022-0286 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 CVSS scores: CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-39685 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0286 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0286 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 29 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to localdenial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad "Not Charging" quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upperlimit of processed events (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) -RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: fix an use-after-freeissue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init -> running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused -> wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize withFW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). -net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: refactor ns-> ctrl by request (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fixpotential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: Add support for Brainboxes UC cards (git-fixes). - tty:n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-370=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-370=1 - SUSE Linux Enterprise Module for LegacySoftware 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-370=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-370=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-370=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-370=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-370=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 kernel-default-extra-5.3.18-150300.59.49.1 kernel-default-extra-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-debugsource-5.3.18-150300.59.49.1 kernel-preempt-extra-5.3.18-150300.59.49.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 kernel-default-livepatch-5.3.18-150300.59.49.1 kernel-default-livepatch-devel-5.3.18-150300.59.49.1 kernel-livepatch-5_3_18-150300_59_49-default-1-150300.7.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 reiserfs-kmp-default-5.3.18-150300.59.49.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.49.1 kernel-obs-build-debugsource-5.3.18-150300.59.49.1 kernel-syms-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Modulefor Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-debugsource-5.3.18-150300.59.49.1 kernel-preempt-devel-5.3.18-150300.59.49.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.49.1 kernel-source-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.49.1 kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1 kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 kernel-default-devel-5.3.18-150300.59.49.1 kernel-default-devel-debuginfo-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.49.1 kernel-preempt-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-debugsource-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.49.1 kernel-64kb-debuginfo-5.3.18-150300.59.49.1 kernel-64kb-debugsource-5.3.18-150300.59.49.1 kernel-64kb-devel-5.3.18-150300.59.49.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.49.1 kernel-macros-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.49.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.49.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.49.1 kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1 kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 - SUSE LinuxEnterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.49.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.49.1 dlm-kmp-default-5.3.18-150300.59.49.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.49.1 gfs2-kmp-default-5.3.18-150300.59.49.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 ocfs2-kmp-default-5.3.18-150300.59.49.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.49.1 References: https://www.suse.com/security/cve/CVE-2020-28097.html https://www.suse.com/security/cve/CVE-2021-22600.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-39685.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2022-0286.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-0435.html https://www.suse.com/security/cve/CVE-2022-22942.html https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154488 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1177599 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1187723 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1191881 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193506 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193802 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194291 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1195009 https://bugzilla.suse.com/1195062 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195073 https://bugzilla.suse.com/1195183 https://bugzilla.suse.com/1195184 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195267 https://bugzilla.suse.com/1195293 https://bugzilla.suse.com/1195371 https://bugzilla.suse.com/1195476 https://bugzilla.suse.com/1195477 https://bugzilla.suse.com/1195478 https://bugzilla.suse.com/1195479 https://bugzilla.suse.com/1195480 https://bugzilla.suse.com/1195481 https://bugzilla.suse.com/1195482 . Recent SUSE security patch mitigates severe weaknesses within the Linux Kernel. A system reboot is required after installation.. SUSE Linux Kernel Security, Critical Patch Update, Security Flaw Resolution. . Severity: Critical. LinuxSecurity.com Team
Feb 11, 2022
•Critical
SuSE
197
security advisorydenial of serviceinformation leakDebian 10: DLA-3178-2 Critical: NetworkManager Remote Buffer Issues
A remote information leak vulnerability and a remote buffer overflow vulnerability were discovered in ConnMan, a network manager for embedded devices, which could result in denial of service or the execution of . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2552-1
Feb 09, 2021
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!