SUSE-SU-2022:1407-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Apr 26 16:19:38 UTC 2022


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:1407-1
Rating:             important
References:         #1065729 #1156395 #1175667 #1177028 #1178134 
                    #1179639 #1180153 #1189562 #1194625 #1194649 
                    #1195640 #1195926 #1196018 #1196196 #1196478 
                    #1196761 #1196823 #1197227 #1197243 #1197300 
                    #1197302 #1197331 #1197343 #1197366 #1197389 
                    #1197462 #1197501 #1197534 #1197661 #1197675 
                    #1197677 #1197702 #1197811 #1197812 #1197815 
                    #1197817 #1197819 #1197820 #1197888 #1197889 
                    #1197894 #1198027 #1198028 #1198029 #1198030 
                    #1198031 #1198032 #1198033 #1198077 
Cross-References:   CVE-2021-45868 CVE-2022-0850 CVE-2022-0854
                    CVE-2022-1011 CVE-2022-1016 CVE-2022-1048
                    CVE-2022-1055 CVE-2022-1195 CVE-2022-1198
                    CVE-2022-1199 CVE-2022-1205 CVE-2022-27666
                    CVE-2022-28388 CVE-2022-28389 CVE-2022-28390
                   
CVSS scores:
                    CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
                    CVE-2022-0854 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-0854 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1195 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1198 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1199 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1205 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
                    CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
                    CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
                    CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected Products:
                    SUSE Linux Enterprise Micro 5.1
                    SUSE Linux Enterprise Micro 5.2
                    SUSE Linux Enterprise Module for Realtime 15-SP3
                    SUSE Linux Enterprise Real Time 15-SP3
______________________________________________________________________________

   An update that solves 15 vulnerabilities and has 34 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 15 SP3 kernel was updated.

   The following security bugs were fixed:

   - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels
     DMA subsystem. This flaw allowed a local user to read random memory from
     the kernel space. (bnc#1196823)
   - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the
     netfilter subsystem. This vulnerability gives an attacker a powerful
     primitive that can be used to both read from and write to relative stack
     data, which can lead to arbitrary code execution. (bsc#1197227)
   - CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities
     that allow an attacker to crash the linux kernel by simulating Amateur
     Radio. (bsc#1198028)
   - CVE-2022-1205: Fixed null pointer dereference and use-after-free
     vulnerabilities that allow an attacker to crash the linux kernel by
     simulating Amateur Radio. (bsc#1198027)
   - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an
     attacker to crash the linux kernel by simulating Amateur Radio
     (bsc#1198030).
   - CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a
     local attacker with a user privilege to execute a denial of service.
     (bsc#1198029)
   - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c
     vulnerability in the Linux kernel. (bnc#1198031)
   - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c
     vulnerability in the Linux kernel. (bnc#1198032)
   - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c
     vulnerability in the Linux kernel. (bnc#1198033)
   - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to
     use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock.
     (bsc#1197331)
   - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow
     a local attacker to gain privilege escalation. (bnc#1197702)
   - CVE-2022-0850: Fixed a kernel information leak vulnerability in
     iov_iter.c. (bsc#1196761)
   - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP
     transformation code. This flaw allowed a local attacker with a normal
     user privilege to overwrite kernel heap objects and may cause a local
     privilege escalation. (bnc#1197462)
   - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c
     which could lead to an use-after-free if there is a corrupted quota
     file. (bnc#1197366)
   - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a
     local attacker to retireve (partial) /etc/shadow hashes or any other
     data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)

   The following non-security bugs were fixed:

   - ACPI: APEI: fix return value of __setup handlers (git-fixes).
   - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
     (git-fixes).
   - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
     (git-fixes).
   - ACPI: docs: enumeration: Discourage to use custom _DSM methods
     (git-fixes).
   - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes).
   - ACPI: docs: enumeration: Update UART serial bus resource documentation
     (git-fixes).
   - ACPI: properties: Consistently return -ENOENT if there are no more
     references (git-fixes).
   - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
     (git-fixes).
   - ACPI: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes).
   - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
   - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
     (git-fixes).
   - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
     (git-fixes).
   - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
   - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
   - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
     (git-fixes).
   - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes).
   - ALSA: spi: Add check for clk_enable() (git-fixes).
   - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
     (git-fixes).
   - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
   - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
     (git-fixes).
   - ASoC: codecs: wcd934x: Add missing of_node_put() in
     wcd934x_codec_parse_data (git-fixes).
   - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put
     (git-fixes).
   - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
     (git-fixes).
   - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
   - ASoC: fsi: Add check for clk_enable (git-fixes).
   - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
   - ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
     (git-fixes).
   - ASoC: msm8916-wcd-analog: Fix error handling in
     pm8916_wcd_analog_spmi_probe (git-fixes).
   - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in
     msm8916_wcd_digital_probe (git-fixes).
   - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
   - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
   - ASoC: rt5663: check the return value of devm_kzalloc() in
     rt5663_parse_dp() (git-fixes).
   - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
   - ASoC: SOF: topology: remove redundant code (git-fixes).
   - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes).
   - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
   - ASoC: topology: Allow TLV control to be either read or write (git-fixes).
   - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior
     (git-fixes).
   - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
   - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes).
   - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
     (bsc#1196018).
   - block: update io_ticks when io hang (bsc#1197817).
   - block/wbt: fix negative inflight counter when remove scsi device
     (bsc#1197819).
   - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes).
   - bpf: Remove config check to enable bpf support for branch records
     (git-fixes bsc#1177028).
   - btrfs: avoid unnecessary lock and leaf splits when updating inode in the
     log (bsc#1194649).
   - btrfs: avoid unnecessary log mutex contention when syncing log
     (bsc#1194649).
   - btrfs: avoid unnecessary logging of xattrs during fast fsyncs
     (bsc#1194649).
   - btrfs: check error value from btrfs_update_inode in tree log
     (bsc#1194649).
   - btrfs: check if a log root exists before locking the log_mutex on unlink
     (bsc#1194649).
   - btrfs: check if a log tree exists at inode_logged() (bsc#1194649).
   - btrfs: do not commit delayed inode when logging a file in full sync mode
     (bsc#1194649).
   - btrfs: do not log new dentries when logging that a new name exists
     (bsc#1194649).
   - btrfs: eliminate some false positives when checking if inode was logged
     (bsc#1194649).
   - btrfs: fix race leading to unnecessary transaction commit when logging
     inode (bsc#1194649).
   - btrfs: fix race that causes unnecessary logging of ancestor inodes
     (bsc#1194649).
   - btrfs: fix race that makes inode logging fallback to transaction commit
     (bsc#1194649).
   - btrfs: fix race that results in logging old extents during a fast fsync
     (bsc#1194649).
   - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649).
   - btrfs: remove no longer needed full sync flag check at inode_logged()
     (bsc#1194649).
   - btrfs: Remove unnecessary check from join_running_log_trans
     (bsc#1194649).
   - btrfs: remove unnecessary directory inode item update when deleting dir
     entry (bsc#1194649).
   - btrfs: remove unnecessary list head initialization when syncing log
     (bsc#1194649).
   - btrfs: skip unnecessary searches for xattrs when logging an inode
     (bsc#1194649).
   - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error
     path (git-fixes).
   - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error
     path (git-fixes).
   - can: mcba_usb: properly check endpoint type (git-fixes).
   - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device
     when fully ready (git-fixes).
   - cifs: do not skip link targets when an I/O fails (bsc#1194625).
   - cifs: use the correct max-length for dentry_path_raw() (bsc1196196).
   - clk: actions: Terminate clk_div_table with sentinel element (git-fixes).
   - clk: bcm2835: Remove unused variable (git-fixes).
   - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes).
   - clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
   - clk: Initialize orphan req_rate (git-fixes).
   - clk: loongson1: Terminate clk_div_table with sentinel element
     (git-fixes).
   - clk: nxp: Remove unused variable (git-fixes).
   - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
     (git-fixes).
   - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes).
   - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
   - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
   - clk: tegra: tegra124-emc: Fix missing put_device() call in
     emc_ensure_emc_driver (git-fixes).
   - clk: uniphier: Fix fixed-rate initialization (git-fixes).
   - clocksource: acpi_pm: fix return value of __setup handler (git-fixes).
   - clocksource/drivers/timer-of: Check return value of of_iomap in
     timer_of_base_init() (git-fixes).
   - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
   - crypto: authenc - Fix sleep in atomic context in decrypt_tail
     (git-fixes).
   - crypto: cavium/nitrox - do not cast parameter in bit operations
     (git-fixes).
   - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes).
   - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes).
   - crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
   - crypto: qat - do not cast parameter in bit operations (git-fixes).
   - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
     (git-fixes).
   - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
     (git-fixes).
   - crypto: rsa-pkcs1pad - restore signature length check (git-fixes).
   - crypto: vmx - add missing dependencies (git-fixes).
   - dma/pool: create dma atomic pool only if dma zone has managed pages
     (bsc#1197501).
   - driver core: dd: fix return value of __setup handler (git-fixes).
   - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
   - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
     (git-fixes).
   - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq
     function (git-fixes).
   - drm/bridge: dw-hdmi: use safe format when first in bridge chain
     (git-fixes).
   - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe
     (git-fixes).
   - drm/doc: overview before functions for drm_writeback.c (git-fixes).
   - drm/i915: Fix dbuf slice config lookup (git-fixes).
   - drm/i915/gem: add missing boundary check in vm_access (git-fixes).
   - drm/imx: parallel-display: Remove bus flags check in
     imx_pd_bridge_atomic_check() (git-fixes).
   - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes).
   - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops
     (git-fixes).
   - drm/msm/dpu: add DSPP blocks teardown (git-fixes).
   - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl()
     (git-fixes).
   - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes).
   - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
   - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling
     (git-fixes).
   - drm/vrr: Set VRR capable prop only if it is attached to connector
     (git-fixes).
   - ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
   - ecryptfs: Fix typo in message (bsc#1197811).
   - ext2: correct max file size computing (bsc#1197820).
   - firmware: google: Properly state IOMEM dependency (git-fixes).
   - firmware: qcom: scm: Remove reassignment to desc following initializer
     (git-fixes).
   - fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815).
   - HID: multitouch: fix Dell Precision 7550 and 7750 button type
     (bsc#1197243).
   - hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
   - hwmon: (pmbus) Add Vin unit off handling (git-fixes).
   - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
     (git-fixes).
   - hwrng: atmel - disable trng on failure path (git-fixes).
   - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
   - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259).
   - iio: accel: mma8452: use the correct logic to get mma8452_data
     (git-fixes).
   - iio: adc: Add check for devm_request_threaded_irq (git-fixes).
   - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes).
   - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes).
   - iio: inkern: apply consumer scale when no channel scale is available
     (git-fixes).
   - iio: inkern: make a best effort on offset calculation (git-fixes).
   - Input: aiptek - properly check endpoint type (git-fixes).
   - iwlwifi: do not advertise TWT support (git-fixes).
   - KVM: SVM: Do not flush cache if hardware enforces cache coherency across
     encryption domains (bsc#1178134).
   - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
   - mac80211: fix potential double free on mesh join (git-fixes).
   - mac80211: refuse aggregations sessions before authorized (git-fixes).
   - media: aspeed: Correct value for h-total-pixels (git-fixes).
   - media: bttv: fix WARNING regression on tunerless devices (git-fixes).
   - media: coda: Fix missing put_device() call in coda_get_vdoa_data
     (git-fixes).
   - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
   - media: em28xx: initialize refcount before kref_get (git-fixes).
   - media: hantro: Fix overfill bottom register field name (git-fixes).
   - media: Revert "media: em28xx: add missing em28xx_close_extension"
     (git-fixes).
   - media: stk1160: If start stream fails, return buffers with
     VB2_BUF_STATE_QUEUED (git-fixes).
   - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes).
   - media: video/hdmi: handle short reads of hdmi info frame (git-fixes).
   - membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
   - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
   - memory: emif: Add check for setup_interrupts (git-fixes).
   - memory: emif: check the pointer temp in get_device_details() (git-fixes).
   - misc: alcor_pci: Fix an error handling path (git-fixes).
   - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes).
   - mm_zone: add function to check if managed dma zone exists (bsc#1197501).
   - mm: add vma_lookup(), update find_vma_intersection() comments
     (git-fixes).
   - mm/page_alloc.c: do not warn allocation failure on zone DMA if no
     managed pages (bsc#1197501).
   - mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
   - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add
     (git-fixes).
   - net: enetc: initialize the RFS and RSS memories (git-fixes).
   - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx()
     (git-fixes).
   - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
   - net: phy: marvell: Fix invalid comparison in the resume and suspend
     functions (git-fixes).
   - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes).
   - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
     (bsc#1196018).
   - net: watchdog: hold device global xmit lock during tx disable
     (git-fixes).
   - net/smc: Fix loop in smc_listen (git-fixes).
   - net/smc: fix using of uninitialized completions (git-fixes).
   - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes).
   - net/smc: Make sure the link_id is unique (git-fixes).
   - net/smc: Reset conn->lgr when link group registration fails (git-fixes).
   - netfilter: conntrack: do not refresh sctp entries in closed state
     (bsc#1197389).
   - netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
   - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
   - NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
   - NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
   - NFS: Do not skip directory entries when doing uncached readdir
     (git-fixes).
   - NFS: Ensure the server had an up to date ctime before hardlinking
     (git-fixes).
   - NFS: Fix another issue with a list iterator pointing to the head
     (git-fixes).
   - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
   - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
   - NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client
     (git-fixes).
   - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
   - NFS: Use of mapping_set_error() results in spurious errors (git-fixes).
   - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes).
   - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
     (git-fixes).
   - pinctrl: mediatek: paris: Fix "argument" argument type for
     mtk_pinconf_get() (git-fixes).
   - pinctrl: mediatek: paris: Fix pingroup pin config state readback
     (git-fixes).
   - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
     (git-fixes).
   - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes).
   - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE()
     (git-fixes).
   - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes).
   - pinctrl: samsung: drop pin banks references on error paths (git-fixes).
   - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
     (git-fixes).
   - PM: hibernate: fix __setup handler error handling (git-fixes).
   - PM: suspend: fix return value of __setup handler (git-fixes).
   - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
   - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
   - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties()
     (bsc#1179639 ltc#189002 git-fixes).
   - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395).
   - powerpc/perf: Expose Performance Monitor Counter SPR's as part of
     extended regs (bsc#1198077 ltc#197299).
   - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct
     (bsc#1198077 ltc#197299).
   - powerpc/pseries: Fix use after free in remove_phb_dynamic()
     (bsc#1065729).
   - powerpc/sysdev: fix incorrect use to determine if list is empty
     (bsc#1065729).
   - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
   - powerpc/xive: fix return value of __setup handler (bsc#1065729).
   - printk: Add panic_in_progress helper (bsc#1197894).
   - printk: disable optimistic spin during panic (bsc#1197894).
   - pwm: lpc18xx-sct: Initialize driver data and hardware before
     pwmchip_add() (git-fixes).
   - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes).
   - remoteproc: qcom_wcnss: Add missing of_node_put() in
     wcnss_alloc_memory_region (git-fixes).
   - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region
     (git-fixes).
   - s390/bpf: Perform r1 range checking before accessing jit->seen_reg
     (git-fixes).
   - s390/gmap: do not unconditionally call pte_unmap_unlock() in
     __gmap_zap() (git-fixes).
   - s390/gmap: validate VMA in __gmap_zap() (git-fixes).
   - s390/hypfs: include z/VM guests with access control group set
     (bsc#1195640 LTC#196352).
   - s390/kexec_file: fix error handling when applying relocations
     (git-fixes).
   - s390/kexec: fix memory leak of ipl report buffer (git-fixes).
   - s390/kexec: fix return code handling (git-fixes).
   - s390/mm: fix VMA and page table handling code in storage key handling
     functions (git-fixes).
   - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes).
   - s390/module: fix loading modules with a lot of relocations (git-fixes).
   - s390/pci_mmio: fully validate the VMA before calling follow_pte()
     (git-fixes).
   - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677
     LTC#197378).
   - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).
   - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
   - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
   - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).
   - scsi: lpfc: Fix queue failures when recovering from PCI parity error
     (bsc#1197675 bsc#1196478).
   - scsi: lpfc: Fix typos in comments (bsc#1197675).
   - scsi: lpfc: Fix unload hang after back to back PCI EEH faults
     (bsc#1197675 bsc#1196478).
   - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675
     bsc#1196478).
   - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
   - scsi: lpfc: Reduce log messages seen after firmware download
     (bsc#1197675).
   - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
   - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
     (bsc#1197675).
   - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).
   - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path
     (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4
     (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths
     (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths
     (bsc#1197675).
   - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
   - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
   - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
   - scsi: lpfc: Use fc_block_rport() (bsc#1197675).
   - scsi: lpfc: Use kcalloc() (bsc#1197675).
   - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped()
     (bsc#1197675).
   - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).
   - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).
   - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
   - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
   - scsi: qla2xxx: Fix incorrect reporting of task management failure
     (bsc#1197661).
   - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).
   - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test
     (bsc#1197661).
   - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).
   - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
   - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
   - scsi: qla2xxx: Fix typos in comments (bsc#1197661).
   - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).
   - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
   - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
   - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
   - scsi: qla2xxx: Use correct feature type field during RFF_ID processing
     (bsc#1197661).
   - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).
   - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).
   - serial: 8250_lpss: Balance reference count for PCI DMA device
     (git-fixes).
   - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes).
   - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes).
   - serial: core: Fix the definition name in the comment of UPF_* flags
     (git-fixes).
   - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
   - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes).
   - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes).
   - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes).
   - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes).
   - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes).
   - staging:iio:adc:ad7280a: Fix handing of device address bit reversing
     (git-fixes).
   - tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
   - tcp: change source port randomizarion at connect() time (bsc#1180153).
   - team: protect features update by RCU to avoid deadlock (git-fixes).
   - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes).
   - thermal: int340x: Increase bitmap size (git-fixes).
   - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
     (git-fixes).
   - usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
   - usb: bdc: Fix a resource leak in the error handling path of
     'bdc_probe()' (git-fixes).
   - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
   - usb: bdc: remove duplicated error message (git-fixes).
   - usb: bdc: Use devm_clk_get_optional() (git-fixes).
   - usb: bdc: use devm_platform_ioremap_resource() to simplify code
     (git-fixes).
   - usb: dwc3: gadget: Use list_replace_init() before traversing lists
     (git-fixes).
   - usb: dwc3: qcom: add IRQ check (git-fixes).
   - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes).
   - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
     (git-fixes).
   - usb: gadget: rndis: prevent integer overflow in rndis_set_response()
     (git-fixes).
   - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes).
   - VFS: filename_create(): fix incorrect intent (bsc#1197534).
   - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
     (git-fixes).
   - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
   - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes).
   - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to
     avoid black screen (git-fixes).
   - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to
     avoid black screen (git-fixes).
   - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
     (git-fixes).
   - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes).
   - VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
   - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
   - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes).
   - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes).
   - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes).
   - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes).
   - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature
     (bsc#1178134).
   - x86/mm/pat: Do not flush cache if hardware enforces cache coherency
     across encryption domnains (bsc#1178134).
   - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
     (bsc#1178134).
   - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134).
   - xhci: fix garbage USBSTS being logged in some cases (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Realtime 15-SP3:

      zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-1407=1

   - SUSE Linux Enterprise Micro 5.2:

      zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1407=1

   - SUSE Linux Enterprise Micro 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1407=1



Package List:

   - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch):

      kernel-devel-rt-5.3.18-150300.85.1
      kernel-source-rt-5.3.18-150300.85.1

   - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64):

      cluster-md-kmp-rt-5.3.18-150300.85.1
      cluster-md-kmp-rt-debuginfo-5.3.18-150300.85.1
      dlm-kmp-rt-5.3.18-150300.85.1
      dlm-kmp-rt-debuginfo-5.3.18-150300.85.1
      gfs2-kmp-rt-5.3.18-150300.85.1
      gfs2-kmp-rt-debuginfo-5.3.18-150300.85.1
      kernel-rt-5.3.18-150300.85.1
      kernel-rt-debuginfo-5.3.18-150300.85.1
      kernel-rt-debugsource-5.3.18-150300.85.1
      kernel-rt-devel-5.3.18-150300.85.1
      kernel-rt-devel-debuginfo-5.3.18-150300.85.1
      kernel-rt_debug-debuginfo-5.3.18-150300.85.1
      kernel-rt_debug-debugsource-5.3.18-150300.85.1
      kernel-rt_debug-devel-5.3.18-150300.85.1
      kernel-rt_debug-devel-debuginfo-5.3.18-150300.85.1
      kernel-syms-rt-5.3.18-150300.85.1
      ocfs2-kmp-rt-5.3.18-150300.85.1
      ocfs2-kmp-rt-debuginfo-5.3.18-150300.85.1

   - SUSE Linux Enterprise Micro 5.2 (x86_64):

      kernel-rt-5.3.18-150300.85.1
      kernel-rt-debuginfo-5.3.18-150300.85.1
      kernel-rt-debugsource-5.3.18-150300.85.1

   - SUSE Linux Enterprise Micro 5.1 (x86_64):

      kernel-rt-5.3.18-150300.85.1
      kernel-rt-debuginfo-5.3.18-150300.85.1
      kernel-rt-debugsource-5.3.18-150300.85.1


References:

   https://www.suse.com/security/cve/CVE-2021-45868.html
   https://www.suse.com/security/cve/CVE-2022-0850.html
   https://www.suse.com/security/cve/CVE-2022-0854.html
   https://www.suse.com/security/cve/CVE-2022-1011.html
   https://www.suse.com/security/cve/CVE-2022-1016.html
   https://www.suse.com/security/cve/CVE-2022-1048.html
   https://www.suse.com/security/cve/CVE-2022-1055.html
   https://www.suse.com/security/cve/CVE-2022-1195.html
   https://www.suse.com/security/cve/CVE-2022-1198.html
   https://www.suse.com/security/cve/CVE-2022-1199.html
   https://www.suse.com/security/cve/CVE-2022-1205.html
   https://www.suse.com/security/cve/CVE-2022-27666.html
   https://www.suse.com/security/cve/CVE-2022-28388.html
   https://www.suse.com/security/cve/CVE-2022-28389.html
   https://www.suse.com/security/cve/CVE-2022-28390.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1175667
   https://bugzilla.suse.com/1177028
   https://bugzilla.suse.com/1178134
   https://bugzilla.suse.com/1179639
   https://bugzilla.suse.com/1180153
   https://bugzilla.suse.com/1189562
   https://bugzilla.suse.com/1194625
   https://bugzilla.suse.com/1194649
   https://bugzilla.suse.com/1195640
   https://bugzilla.suse.com/1195926
   https://bugzilla.suse.com/1196018
   https://bugzilla.suse.com/1196196
   https://bugzilla.suse.com/1196478
   https://bugzilla.suse.com/1196761
   https://bugzilla.suse.com/1196823
   https://bugzilla.suse.com/1197227
   https://bugzilla.suse.com/1197243
   https://bugzilla.suse.com/1197300
   https://bugzilla.suse.com/1197302
   https://bugzilla.suse.com/1197331
   https://bugzilla.suse.com/1197343
   https://bugzilla.suse.com/1197366
   https://bugzilla.suse.com/1197389
   https://bugzilla.suse.com/1197462
   https://bugzilla.suse.com/1197501
   https://bugzilla.suse.com/1197534
   https://bugzilla.suse.com/1197661
   https://bugzilla.suse.com/1197675
   https://bugzilla.suse.com/1197677
   https://bugzilla.suse.com/1197702
   https://bugzilla.suse.com/1197811
   https://bugzilla.suse.com/1197812
   https://bugzilla.suse.com/1197815
   https://bugzilla.suse.com/1197817
   https://bugzilla.suse.com/1197819
   https://bugzilla.suse.com/1197820
   https://bugzilla.suse.com/1197888
   https://bugzilla.suse.com/1197889
   https://bugzilla.suse.com/1197894
   https://bugzilla.suse.com/1198027
   https://bugzilla.suse.com/1198028
   https://bugzilla.suse.com/1198029
   https://bugzilla.suse.com/1198030
   https://bugzilla.suse.com/1198031
   https://bugzilla.suse.com/1198032
   https://bugzilla.suse.com/1198033
   https://bugzilla.suse.com/1198077



More information about the sle-security-updates mailing list