SUSE-SU-2022:2741-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Aug 10 13:17:02 UTC 2022


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2741-1
Rating:             important
References:         #1178134 #1198829 #1199364 #1199647 #1199665 
                    #1199670 #1200521 #1200598 #1200644 #1200651 
                    #1200762 #1200910 #1201196 #1201206 #1201251 
                    #1201381 #1201429 #1201458 #1201635 #1201636 
                    #1201644 #1201664 #1201672 #1201673 #1201676 
                    #1201846 #1201930 #1201940 #1201954 #1201956 
                    #1201958 SLE-24559 
Cross-References:   CVE-2020-36557 CVE-2020-36558 CVE-2021-33655
                    CVE-2021-33656 CVE-2022-1116 CVE-2022-1462
                    CVE-2022-20166 CVE-2022-21505 CVE-2022-2318
                    CVE-2022-26365 CVE-2022-29581 CVE-2022-32250
                    CVE-2022-33740 CVE-2022-33741 CVE-2022-33742
                    CVE-2022-36946
CVSS scores:
                    CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
                    CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
                    CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
                    CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise High Performance Computing 15-SP3
                    SUSE Linux Enterprise Module for Public Cloud 15-SP3
                    SUSE Linux Enterprise Server 15-SP3
                    SUSE Linux Enterprise Server for SAP Applications 15-SP3
                    SUSE Linux Enterprise Storage 7.1
                    SUSE Manager Proxy 4.2
                    SUSE Manager Retail Branch Server 4.2
                    SUSE Manager Server 4.2
                    openSUSE Leap 15.3
______________________________________________________________________________

   An update that solves 16 vulnerabilities, contains one
   feature and has 15 fixes is now available.

Description:


   The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
   security bugfixes.

   The following security bugs were fixed:

   - CVE-2022-36946: Fixed an incorrect packet trucation operation which
     could lead to denial of service (bnc#1201940).
   - CVE-2022-29581: Fixed improper update of reference count in net/sched
     that could cause root privilege escalation (bnc#1199665).
   - CVE-2022-20166: Fixed several possible memory safety issues due to
     unsafe operations (bsc#1200598).
   - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could
     lead to a NULL pointer dereference and general protection fault
     (bnc#1200910).
   - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl
     and closing/opening of TTYs that could lead to a use-after-free
     (bnc#1201429).
   - CVE-2021-33655: Fixed an out of bounds write by ioctl cmd
     FBIOPUT_VSCREENINFO (bnc#1201635).
   - CVE-2021-33656: Fixed an out of bounds write related to ioctl cmd
     PIO_FONT (bnc#1201636).
   - CVE-2022-21505: Fixed a kernel lockdown bypass via IMA policy
     (bsc#1201458).
   - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem
     (bnc#1198829).
   - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring which
     allowed a local attacker to escalate privileges to root (bnc#1199647).-
     CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler
     in Rose subsystem that allowed unprivileged attackers to crash the
     system (bsc#1201251).
   - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed
     multiple potential data leaks with Block and Network devices when using
     untrusted backends (bsc#1200762).

   The following non-security bugs were fixed:

   - Fixed a system crash related to the recent RETBLEED mitigation
     (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
   - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651
     bsc#1200644 bsc#1201954 bsc#1201958).
   - kvm: emulate: do not adjust size of fastop and setcc subroutines
     (bsc#1201930).
   - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature
     (bsc#1199364).
   - bpf: enable BPF type format (BTF) (jsc#SLE-24559).
   - nfs: avoid NULL pointer dereference when there is unflushed data
     (bsc#1201196).
   - hv_netvsc: Add (more) validation for untrusted Hyper-V values
     (bsc#1199364).
   - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
   - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
   - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer
     (bsc#1199364).
   - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
   - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
   - lkdtm: Disable return thunks in rodata.c (bsc#1178134).
   - net, xdp: Introduce __xdp_build_skb_from_frame utility routine
     (bsc#1199364).
   - net, xdp: Introduce xdp_build_skb_from_frame utility routine
     (bsc#1199364).
   - nvme: consider also host_iface when checking ip options (bsc#1199670).
   - powerpc/mobility: wait for memory transfer to complete (bsc#1201846
     ltc#198761).
   - powerpc/pseries/mobility: set NMI watchdog factor during an LPM
     (bsc#1201846 ltc#198761).
   - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
     ltc#198761).
   - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
   - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
     (bsc#1201956).
   - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
     (bsc#1201956 bsc#1200521).
   - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE
     (bsc#1201956).
   - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb()
     (bsc#1201956).
   - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed
     user input (bsc#1201956).
   - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
     lpfc_sli_prep_abort_xri() (bsc#1201956).
   - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
   - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after
     VMID (bsc#1201956).
   - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration
     (bsc#1201956).
   - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb
     (bsc#1201956).
   - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
   - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
     (bsc#1201958).
   - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
   - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
   - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
   - scsi: qla2xxx: Fix response queue handler reading stale packets
     (bsc#1201958).
   - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
   - scsi: qla2xxx: Update manufacturer details (bsc#1201958).
   - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
   - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
   - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
   - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
   - x86/bugs: Remove apostrophe typo (bsc#1178134).
   - x86/entry: Remove skip_r11rcx (bsc#1201644).
   - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
   - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
     (bsc#1201381).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-2741=1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2741=1



Package List:

   - openSUSE Leap 15.3 (noarch):

      kernel-devel-azure-5.3.18-150300.38.75.1
      kernel-source-azure-5.3.18-150300.38.75.1

   - openSUSE Leap 15.3 (x86_64):

      cluster-md-kmp-azure-5.3.18-150300.38.75.1
      cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.75.1
      dlm-kmp-azure-5.3.18-150300.38.75.1
      dlm-kmp-azure-debuginfo-5.3.18-150300.38.75.1
      gfs2-kmp-azure-5.3.18-150300.38.75.1
      gfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
      kernel-azure-5.3.18-150300.38.75.1
      kernel-azure-debuginfo-5.3.18-150300.38.75.1
      kernel-azure-debugsource-5.3.18-150300.38.75.1
      kernel-azure-devel-5.3.18-150300.38.75.1
      kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
      kernel-azure-extra-5.3.18-150300.38.75.1
      kernel-azure-extra-debuginfo-5.3.18-150300.38.75.1
      kernel-azure-livepatch-devel-5.3.18-150300.38.75.1
      kernel-azure-optional-5.3.18-150300.38.75.1
      kernel-azure-optional-debuginfo-5.3.18-150300.38.75.1
      kernel-syms-azure-5.3.18-150300.38.75.1
      kselftests-kmp-azure-5.3.18-150300.38.75.1
      kselftests-kmp-azure-debuginfo-5.3.18-150300.38.75.1
      ocfs2-kmp-azure-5.3.18-150300.38.75.1
      ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
      reiserfs-kmp-azure-5.3.18-150300.38.75.1
      reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.75.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):

      kernel-azure-5.3.18-150300.38.75.1
      kernel-azure-debuginfo-5.3.18-150300.38.75.1
      kernel-azure-debugsource-5.3.18-150300.38.75.1
      kernel-azure-devel-5.3.18-150300.38.75.1
      kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
      kernel-syms-azure-5.3.18-150300.38.75.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):

      kernel-devel-azure-5.3.18-150300.38.75.1
      kernel-source-azure-5.3.18-150300.38.75.1


References:

   https://www.suse.com/security/cve/CVE-2020-36557.html
   https://www.suse.com/security/cve/CVE-2020-36558.html
   https://www.suse.com/security/cve/CVE-2021-33655.html
   https://www.suse.com/security/cve/CVE-2021-33656.html
   https://www.suse.com/security/cve/CVE-2022-1116.html
   https://www.suse.com/security/cve/CVE-2022-1462.html
   https://www.suse.com/security/cve/CVE-2022-20166.html
   https://www.suse.com/security/cve/CVE-2022-21505.html
   https://www.suse.com/security/cve/CVE-2022-2318.html
   https://www.suse.com/security/cve/CVE-2022-26365.html
   https://www.suse.com/security/cve/CVE-2022-29581.html
   https://www.suse.com/security/cve/CVE-2022-32250.html
   https://www.suse.com/security/cve/CVE-2022-33740.html
   https://www.suse.com/security/cve/CVE-2022-33741.html
   https://www.suse.com/security/cve/CVE-2022-33742.html
   https://www.suse.com/security/cve/CVE-2022-36946.html
   https://bugzilla.suse.com/1178134
   https://bugzilla.suse.com/1198829
   https://bugzilla.suse.com/1199364
   https://bugzilla.suse.com/1199647
   https://bugzilla.suse.com/1199665
   https://bugzilla.suse.com/1199670
   https://bugzilla.suse.com/1200521
   https://bugzilla.suse.com/1200598
   https://bugzilla.suse.com/1200644
   https://bugzilla.suse.com/1200651
   https://bugzilla.suse.com/1200762
   https://bugzilla.suse.com/1200910
   https://bugzilla.suse.com/1201196
   https://bugzilla.suse.com/1201206
   https://bugzilla.suse.com/1201251
   https://bugzilla.suse.com/1201381
   https://bugzilla.suse.com/1201429
   https://bugzilla.suse.com/1201458
   https://bugzilla.suse.com/1201635
   https://bugzilla.suse.com/1201636
   https://bugzilla.suse.com/1201644
   https://bugzilla.suse.com/1201664
   https://bugzilla.suse.com/1201672
   https://bugzilla.suse.com/1201673
   https://bugzilla.suse.com/1201676
   https://bugzilla.suse.com/1201846
   https://bugzilla.suse.com/1201930
   https://bugzilla.suse.com/1201940
   https://bugzilla.suse.com/1201954
   https://bugzilla.suse.com/1201956
   https://bugzilla.suse.com/1201958



More information about the sle-security-updates mailing list