SUSE-SU-2022:4505-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Fri Dec 16 17:20:10 UTC 2022

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2022:4505-1
Rating:             important
References:         #1065729 #1071995 #1106594 #1156395 #1164051 
                    #1184350 #1199365 #1200845 #1201455 #1203183 
                    #1203746 #1203860 #1203960 #1204017 #1204142 
                    #1204414 #1204446 #1204631 #1204636 #1204810 
                    #1204850 #1204868 #1204963 #1205006 #1205128 
                    #1205130 #1205220 #1205234 #1205264 #1205473 
                    #1205514 #1205617 #1205671 #1205705 #1205709 
                    #1205796 #1205901 #1205902 #1205903 #1205904 
                    #1205905 #1205906 #1205907 #1205908 #1206032 
                    #1206037 #1206113 #1206114 #1206117 #1206118 
                    #1206119 #1206120 #1206207 #1206213 
Cross-References:   CVE-2022-28693 CVE-2022-3567 CVE-2022-3628
                    CVE-2022-3635 CVE-2022-3643 CVE-2022-3903
                    CVE-2022-4095 CVE-2022-41850 CVE-2022-41858
                    CVE-2022-42328 CVE-2022-42329 CVE-2022-42895
                    CVE-2022-42896 CVE-2022-4378 CVE-2022-43945
CVSS scores:
                    CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
                    CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
                    CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
                    CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise Server 12-SP5

   An update that solves 16 vulnerabilities and has 38 fixes
   is now available.


   The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
   - CVE-2022-42328: Guests could trigger denial of service via the netback
     driver (bnc#1206114).
   - CVE-2022-42329: Guests could trigger denial of service via the netback
     driver (bnc#1206113).
   - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via
     netback driver (bnc#1206113).
   - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file
     drivers/atm/idt77252.c (bsc#1204631).
   - CVE-2022-41850: Fixed a race condition in roccat_report_event() in
     drivers/hid/hid-roccat.c (bsc#1203960).
   - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
     l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
   - CVE-2022-3628: Fixed potential buffer overflow in
     brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
   - CVE-2022-3567: Fixed a to race condition in
     inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
   - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in
     drivers/net/slip (bsc#1205671).
   - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation
   - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
   - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver
     USB driver (bsc#1205220).
   - CVE-2022-42895: Fixed an information leak in the
     net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
     leak kernel pointers remotely (bsc#1205705).
   - CVE-2022-42896: Fixed a use-after-free vulnerability in the
     net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()
     which may have allowed code execution and leaking kernel memory
     (respectively) remotely via Bluetooth (bsc#1205709).

   The following non-security bugs were fixed:

   - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
   - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus
     hardening (bsc#1204017, bsc#1205617).
   - Drivers: hv: vmbus: Drop error message when 'No request id available'
   - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero
   - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
   - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017,
   - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017,
   - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017,
   - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017).
   - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
   - Drivers: hv: vmbus: fix double free in the error path of
     vmbus_add_channel_work() (git-fixes).
   - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
   - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
   - FDDI: defxx: Make MMIO the configuration default except for EISA
   - KVM: s390: Add a routine for setting userspace CPU state (git-fixes).
   - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
   - KVM: s390: Fix handle_sske page fault handling (git-fixes).
   - KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
   - KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
   - KVM: s390: reduce number of IO pins to 1 (git-fixes).
   - KVM: s390: split kvm_s390_logical_to_effective (git-fixes).
   - KVM: s390: split kvm_s390_real_to_abs (git-fixes).
   - KVM: s390x: fix SCK locking (git-fixes).
   - NIU: fix incorrect error return, missed in previous revert (git-fixes).
   - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv()
   - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017).
   - PCI: hv: Drop msi_controller structure (bsc#1204446).
   - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
     topology (bsc#1199365).
   - PCI: hv: Fix a race condition when removing the device (bsc#1204446).
   - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
   - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
   - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
   - PCI: hv: Fix sleep while in non-sleep context when removing child
     devices from the bus (bsc#1204446).
   - PCI: hv: Fix synchronization between channel callback and
     hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617).
   - PCI: hv: Fix synchronization between channel callback and
     hv_pci_bus_exit() (bsc#1204017, bsc#1205617).
   - PCI: hv: Fix the definition of vector in hv_compose_msi_msg()
   - PCI: hv: Make the code arch neutral by adding arch specific interfaces
   - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
   - PCI: hv: Remove bus device removal unused refcount/functions
   - PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
   - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
   - PCI: hv: Support for create interrupt v3 (git-fixes).
   - PCI: hv: Use struct_size() helper (bsc#1204446).
   - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus
     hardening (bsc#1204017).
   - PM: hibernate: fix sparse warnings (git-fixes).
   - Xen/gntdev: do not ignore kernel unmapping error (git-fixes).
   - add missing bug reference to a hv_netvsc patch file (bsc#1204850).
   - always clear the X2APIC_ENABLE bit for PV guest (git-fixes).
   - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes).
   - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
   - bfq: Update cgroup information before merging bio (git-fixes).
   - blk-mq: add callback of .cleanup_rq (git-fixes).
   - blktrace: Trace remapped requests correctly (git-fixes).
   - block/bfq: fix ifdef for CONFIG_BFQ_GROUP_IOSCHED=y (git-fixes).
   - block: Add a helper to validate the block size (git-fixes).
   - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for
     nowait (git-fixes).
   - block: do not delete queue kobject before its children (git-fixes).
   - block: respect queue limit of max discard segment (git-fixes).
   - block: rsxx: select CONFIG_CRC32 (git-fixes).
   - block: use "unsigned long" for blk_validate_block_size() (git-fixes).
   - bnxt_en: Clean up completion ring page arrays completely (git-fixes).
   - bnxt_en: Do not use static arrays for completion ring pages (git-fixes).
   - bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S
   - bnxt_en: Fix TX timeout when TX ring size is set to the smallest
   - bnxt_en: Free context memory after disabling PCI in probe error path
   - bnxt_en: Increase maximum RX ring size if jumbo ring is not used
   - brd: re-enable __GFP_HIGHMEM in brd_insert_page() (git-fixes).
   - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
   - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
     state notification (git-fixes).
   - can: rcar_can: fix suspend/resume (git-fixes).
   - ceph: check availability of mds cluster on mount after wait timeout
   - ceph: do not skip updating wanted caps when cap is stale (bsc#1205905).
   - ceph: fix fscache invalidation (bsc#1205907).
   - ceph: fix potential race in ceph_check_caps (bsc#1205906).
   - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205908).
   - ceph: return -EINVAL if given fsc mount option on kernel w/o support
   - ceph: return -ERANGE if virtual xattr value didn't fit in buffer
   - ceph: return ceph_mdsc_do_request() errors from __get_parent()
   - cuse: prevent clone (bsc#1206120).
   - cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
   - dm era: commit metadata in postsuspend after worker stops (git-fixes).
   - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
   - dm mpath: remove harmful bio-based optimization (git-fixes).
   - dm raid: fix accesses beyond end of raid member array (git-fixes).
   - dm raid: fix address sanitizer warning in raid_resume (git-fixes).
   - dm raid: fix address sanitizer warning in raid_status (git-fixes).
   - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
   - dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
   - e100: fix buffer overrun in e100_get_regs (git-fixes).
   - e100: fix length calculation in e100_get_regs_len (git-fixes).
   - floppy: Fix hang in watchdog when disk is ejected (git-fixes).
   - ftrace: Fix char print issue in print_ip_ins() (git-fixes).
   - ftrace: Fix the possible incorrect kernel message (git-fixes).
   - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
   - ftrace: Optimize the allocation for mcount entries (git-fixes).
   - fuse: do not check refcount after stealing page (bsc#1206119).
   - fuse: retrieve: cap requested size to negotiated max_write (bsc#1206118).
   - fuse: use READ_ONCE on congestion_threshold and max_background
   - gianfar: Disable EEE autoneg by default (git-fixes).
   - hv_netvsc: Add check for kvmalloc_array (git-fixes).
   - hv_netvsc: Add error handling while switching data path (bsc#1204850).
   - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017).
   - hv_netvsc: Cache the current data path to avoid duplicate call and
     message (bsc#1204017).
   - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017).
   - hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes).
   - hv_netvsc: Fix race between VF offering and VF association message from
     host (git-fixes).
   - hv_netvsc: Print value of invalid ID in
     netvsc_send_{completion,tx_complete}() (bsc#1204017).
   - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
   - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt
   - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive()
   - hv_netvsc: Sync offloading features to VF NIC (git-fixes).
   - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus
     hardening (bsc#1204017).
   - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
   - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
   - i40e: Fix kernel crash during module removal (git-fixes).
   - i40e: Fix reset path while removing the driver (git-fixes).
   - i40e: fix endless loop under rtnl (git-fixes).
   - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
   - ice: Increase control queue timeout (git-fixes).
   - igb: Fix position of assignment to *ring (git-fixes).
   - igc: Fix use-after-free error during reset (git-fixes).
   - igc: change default return of igc_read_phy_reg() (git-fixes).
   - ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
   - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes).
   - kABI: Fix after adding trace_iterator.wait_index (git-fixes).
   - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
   - kprobes/x86/xen: blacklist non-attachable xen interrupt functions
   - macsec: check return value of skb_to_sgvec always (git-fixes).
   - macsec: fix memory leaks when skb_to_sgvec fails (git-fixes).
   - md/raid5: Ensure stripe_fill happens on non-read IO with journal
   - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
   - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
   - media: ite-cir: IR receiver stop working after receive overflow
   - media: mceusb: RX -EPIPE (urb status = -32) lockup failure fix
   - media: mceusb: TX -EPIPE (urb status = -32) lockup fix (git-fixes).
   - media: mceusb: do not read data parameters unless required (git-fixes).
   - media: mceusb: fix inaccurate debug buffer dumps, and misleading debug
     messages (git-fixes).
   - media: mceusb: sanity check for prescaler value (git-fixes).
   - media: mceusb: sporadic RX truncation corruption fix (git-fixes).
   - mm, swap, frontswap: fix THP swap if frontswap enabled (git-fixes).
   - module: change to print useful messages from elf_validity_check()
   - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
   - module: harden ELF info handling (git-fixes).
   - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes).
   - nbd: do not update block size after device is started (git-fixes).
   - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode
   - net/mlx5: Fix flow table chaining (git-fixes).
   - net/mlx5e: Fix endianness handling in pedit mask (git-fixes).
   - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
   - net: aquantia: Fix actual speed capabilities reporting (git-fixes).
   - net: bcmgenet: Ensure all TX/RX queues DMAs are disabled (git-fixes).
   - net: ethernet: arc: fix error handling in emac_rockchip_probe
   - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and
     allmulti disabled (git-fixes).
   - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit (git-fixes).
   - net: hns3: add limit ets dwrr bandwidth cannot be 0 (git-fixes).
   - net: hns3: check vlan id before using it (git-fixes).
   - net: hns3: disable sriov before unload hclge layer (git-fixes).
   - net: hns3: do not allow call hns3_nic_net_open repeatedly (git-fixes).
   - net: hns3: fix change RSS 'hfunc' ineffective issue (git-fixes).
   - net: hns3: fix kernel crash when unload VF while it is being reset
   - net: hns3: reset DWRR of unused tc to zero (git-fixes).
   - net: hyperv: remove use of bpf_op_t (git-fixes).
   - net: ieee802154: adf7242: Fix bug if defined DEBUG (git-fixes).
   - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
   - net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
   - net: mdiobus: Fix memory leak in __mdiobus_register (git-fixes).
   - net: moxa: fix UAF in moxart_mac_probe (git-fixes).
   - net: natsemi: Fix missing pci_disable_device() in probe and remove
   - net: netvsc: remove break after return (git-fixes).
   - net: nxp: lpc_eth.c: avoid hang when bringing interface down (git-fixes).
   - net: qcom/emac: fix UAF in emac_remove (git-fixes).
   - net: smsc911x: Fix unload crash when link is up (git-fixes).
   - net: ti: fix UAF in tlan_remove_one (git-fixes).
   - net: xen-netback: fix return type of ndo_start_xmit function (git-fixes).
   - nfsd: set the server_scope during service startup (bsc#1203746).
   - null_blk: Fix the null_add_dev() error path (git-fixes).
   - null_blk: fix ida error handling in null_add_dev() (git-fixes).
   - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes).
   - panic, kexec: make __crash_kexec() NMI safe (git-fixes).
   - phy: mdio: fix memory leak (git-fixes).
   - ptp: dp83640: do not define PAGE0 (git-fixes).
   - qed: Fix missing error code in qed_slowpath_start() (git-fixes).
   - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
   - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
   - ring-buffer: Allow splice to read previous partially read pages
   - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()
   - ring-buffer: Check pending waiters when doing wake ups as well
   - ring-buffer: Fix race between reset page and reading page (git-fixes).
   - ring_buffer: Do not deactivate non-existant pages (git-fixes).
   - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
   - s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes).
   - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
   - s390/cpcmd: fix inline assembly register clobbering (git-fixes).
   - s390/crash: fix incorrect number of bytes to copy to user space
   - s390/crash: make copy_oldmem_page() return number of bytes copied
   - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
   - s390/ctcm: fix potential memory leak (git-fixes).
   - s390/ctcm: fix variable dereferenced before check (git-fixes).
   - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
   - s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
   - s390/lcs: fix variable dereferenced before check (git-fixes).
   - s390/mcck: fix invalid KVM guest condition check (git-fixes).
   - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag
   - s390/mm: use non-quiescing sske for KVM switch to keyed guest
   - s390/module: fix loading modules with a lot of relocations (git-fixes).
   - s390/nmi: handle guarded storage validity failures for KVM guests
   - s390/nmi: handle vector validity failures for KVM guests (git-fixes).
   - s390/pci: add missing EX_TABLE entries to
     __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
   - s390/pkey: fix paes selftest failure with paes and pkey static build
   - s390/pv: fix the forcing of the swiotlb (git-fixes).
   - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
   - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
   - s390/qeth: Fix deadlock in remove_discipline (bsc#1206213 LTC#200742).
   - s390/qeth: Fix error handling during VNICC initialization (git-fixes).
   - s390/qeth: Fix initialization of vnicc cmd masks during set online
   - s390/qeth: Fix vnicc_is_in_use if rx_bcast not set (git-fixes).
   - s390/qeth: do not defer close_dev work during recovery (bsc#1206213
   - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
   - s390/qeth: fix deadlock during failing recovery (bsc#1206213 LTC#200742).
   - s390/qeth: fix false reporting of VNIC CHAR config failure (git-fixes).
   - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
   - s390/qeth: fix notification for pending buffers during teardown
   - s390/qeth: remove driver-wide workqueue (bsc#1206213 LTC#200742).
   - s390/qeth: vnicc Fix EOPNOTSUPP precedence (git-fixes).
   - s390/qeth: vnicc Fix init to default (git-fixes).
   - s390/uaccess: add missing EX_TABLE entries to __clear_user(),
     copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and
     __strnlen_user() (git-fixes).
   - s390/zcore: fix race when reading from hardware system area (git-fixes).
   - s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
   - s390: appldata depends on PROC_SYSCTL (git-fixes).
   - s390: define get_cycles macro for arch-override (git-fixes).
   - s390: fix nospec table alignments (git-fixes).
   - sbitmap: fix possible io hung due to lost wakeup (git-fixes).
   - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes).
   - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729).
   - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
   - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
   - scsi: lpfc: Rework MIB Rx Monitor debug info logic (git-fixes).
   - scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
   - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
   - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds
   - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
   - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer
   - scsi: storvsc: Fix validation for unsolicited incoming packets
   - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
   - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
   - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs
   - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus
     hardening (bsc#1204017).
   - scsi: storvsc: Validate length of incoming packet in
     storvsc_on_channel_callback() (bsc#1204017).
   - scsi: zfcp: Fix double free of FSF request when qdio send fails
   - scsi: zfcp: Fix missing auto port scan and thus missing target ports
   - sfp: fix RX_LOS signal handling (git-fixes).
   - sis900: Fix missing pci_disable_device() in probe and remove (git-fixes).
   - sunrpc: Re-purpose trace_svc_process (bsc#1205006).
   - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
   - tracing: Disable interrupt or preemption before acquiring
     arch_spinlock_t (git-fixes).
   - tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
   - tracing: Simplify conditional compilation code in tracing_set_tracer()
   - tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
   - tracing: Wake up waiters when tracing is disabled (git-fixes).
   - tulip: windbond-840: Fix missing pci_disable_device() in probe and
     remove (git-fixes).
   - usb: chipidea: udc: check request status before setting device address
   - usb: musb: Fix suspend with devices connected for a64 (git-fixes).
   - vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
   - vfio: ccw: fix error return in vfio_ccw_sch_event (git-fixes).
   - virtio-blk: Use blk_validate_block_size() to validate block size
   - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
   - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes).
   - virtio_net: move tx vq operation under tx queue lock (git-fixes).
   - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes).
   - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from
     S3 (bsc#1206037).
   - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
   - x86/hyperv: Output host build info as normal Windows version number
   - x86/hyperv: Set to "Hyper-V" (git-fixes).
   - x86/microcode/AMD: Apply the patch early on every logical thread
   - x86/xen: Distribute switch variables for initialization (git-fixes).
   - x86/xen: Return from panic notifier (git-fixes).
   - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes).
   - xen-blkback: prevent premature module unload (git-fixes).
   - xen-netback: correct success/error reporting for the SKB-with-fraglist
     case (git-fixes).
   - xen-netfront: remove warning when unloading module (git-fixes).
   - xen/balloon: fix balloon initialization for PVH Dom0 (git-fixes).
   - xen/balloon: fix balloon kthread freezing (git-fixes).
   - xen/balloon: fix ballooned page accounting without hotplug enabled
   - xen/balloon: fix cancelled balloon action (git-fixes).
   - xen/balloon: use a kernel thread instead a workqueue (git-fixes).
   - xen/blkback: fix memory leaks (git-fixes).
   - xen/efi: Set nonblocking callbacks (git-fixes).
   - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
   - xen/gntdev: Fix off-by-one error when unmapping with holes (git-fixes).
   - xen/gntdev: Fix partial gntdev_mmap() cleanup (git-fixes).
   - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
   - xen/gntdev: Prevent leaking grants (git-fixes).
   - xen/grant-table: Use put_page instead of free_page (git-fixes).
   - xen/pciback: Check dev_data before using it (git-fixes).
   - xen/pciback: remove set but not used variable 'old_state' (git-fixes).
   - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
   - xen/scsiback: add error handling for xenbus_printf (git-fixes).
   - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
   - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
   - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
   - xen: Fix event channel callback via INTX/GSI (git-fixes).
   - xen: XEN_ACPI_PROCESSOR is Dom0-only (git-fixes).
   - xen: add error handling for xenbus_printf (git-fixes).
   - xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
   - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
   - xen: xenbus: use put_device() instead of kfree() (git-fixes).
   - xenbus: req->body should be updated before req->state (git-fixes).
   - xenbus: req->err should be updated before req->state (git-fixes).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4505=1

Package List:

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):


   - SUSE Linux Enterprise Server 12-SP5 (noarch):



More information about the sle-security-updates mailing list