SUSE-SU-2022:4613-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Fri Dec 23 14:44:04 UTC 2022

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2022:4613-1
Rating:             important
References:         #1065729 #1071995 #1156395 #1184350 #1189297 
                    #1192761 #1200845 #1201455 #1203144 #1203746 
                    #1204017 #1204142 #1204215 #1204241 #1204328 
                    #1204446 #1204631 #1204636 #1204693 #1204780 
                    #1204791 #1204810 #1204827 #1204850 #1204868 
                    #1204934 #1204957 #1204963 #1204967 #1205128 
                    #1205130 #1205186 #1205220 #1205329 #1205330 
                    #1205428 #1205473 #1205514 #1205617 #1205671 
                    #1205700 #1205705 #1205709 #1205753 #1205796 
                    #1205984 #1205985 #1205986 #1205987 #1205988 
                    #1205989 #1206032 #1206037 #1206207 
Cross-References:   CVE-2022-2602 CVE-2022-28693 CVE-2022-3567
                    CVE-2022-3628 CVE-2022-3635 CVE-2022-3707
                    CVE-2022-3903 CVE-2022-4095 CVE-2022-4129
                    CVE-2022-4139 CVE-2022-41850 CVE-2022-41858
                    CVE-2022-42895 CVE-2022-42896 CVE-2022-4378
                    CVE-2022-43945 CVE-2022-45934
CVSS scores:
                    CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
                    CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise Micro 5.1
                    SUSE Linux Enterprise Micro 5.2
                    SUSE Linux Enterprise Module for Realtime 15-SP3
                    SUSE Linux Enterprise Real Time 15-SP3
                    openSUSE Leap 15.3
                    openSUSE Leap Micro 5.2

   An update that solves 17 vulnerabilities and has 37 fixes
   is now available.


   The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
   - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file
     drivers/atm/idt77252.c (bsc#1204631).
   - CVE-2022-41850: Fixed a race condition in roccat_report_event() in
     drivers/hid/hid-roccat.c (bsc#1203960).
   - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
     l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
   - CVE-2022-3628: Fixed potential buffer overflow in
     brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
   - CVE-2022-3567: Fixed a to race condition in
     inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
   - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in
     drivers/net/slip (bsc#1205671).
   - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation
   - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
   - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver
     USB driver (bsc#1205220).
   - CVE-2022-2602: Fixed a local privilege escalation vulnerability
     involving Unix socket Garbage Collection and io_uring (bsc#1204228).
   - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU
     to access any physical memory (bsc#1205700).
   - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling
     Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a
     race condition and NULL pointer dereference. (bsc#1205711)
   - CVE-2022-42895: Fixed an information leak in the
     net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
     leak kernel pointers remotely (bsc#1205705).
   - CVE-2022-42896: Fixed a use-after-free vulnerability in the
     net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()
     which may have allowed code execution and leaking kernel memory
     (respectively) remotely via Bluetooth (bsc#1205709).
   - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver

   The following non-security bugs were fixed:

   - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
   - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
   - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
   - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
   - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
   - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source",
     "Routee" -> "Route" (git-fixes).
   - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
   - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
   - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
   - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
   - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
   - ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
   - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
   - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in
     wm5102_probe" (git-fixes).
   - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in
     wm5110_probe" (git-fixes).
   - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
   - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in
     wm8997_probe" (git-fixes).
   - Bluetooth: L2CAP: Fix attempting to access uninitialized memory
   - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
   - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
   - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
   - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes).
   - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
   - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus
     hardening (bsc#1204017).
   - Drivers: hv: vmbus: Drop error message when 'No request id available'
   - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device
   - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero
   - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
   - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
   - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
   - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
   - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
   - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
   - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes).
   - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
   - Drivers: hv: vmbus: fix double free in the error path of
     vmbus_add_channel_work() (git-fixes).
   - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
   - Drivers: hv: vmbus: remove unused function (git-fixes).
   - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
   - Input: i8042 - fix leaking of platform device on module removal
   - Input: iforce - invert valid length check when fetching device IDs
   - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support
   - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1
   - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT)
   - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only
     when apicv is globally disabled (git-fixes).
   - KVM: s390: Add a routine for setting userspace CPU state (git-fixes).
   - KVM: s390: Fix handle_sske page fault handling (git-fixes).
   - KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
   - KVM: s390: get rid of register asm usage (git-fixes).
   - KVM: s390: pv: avoid stalls when making pages secure (git-fixes).
   - KVM: s390: pv: do not allow userspace to set the clock under PV
   - KVM: s390: pv: leak the topmost page table when destroy fails
   - KVM: s390: reduce number of IO pins to 1 (git-fixes).
   - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
   - NFS: Refactor nfs_instantiate() for dentry referencing callers
   - NFSv3: use nfs_add_or_obtain() to create and reference inodes
   - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv()
   - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
   - PCI: hv: Drop msi_controller structure (bsc#1204446).
   - PCI: hv: Fix a race condition when removing the device (bsc#1204446).
   - PCI: hv: Fix sleep while in non-sleep context when removing child
     devices from the bus (bsc#1204446).
   - PCI: hv: Fix synchronization between channel callback and
     hv_compose_msi_msg() (bsc#1204017).
   - PCI: hv: Fix synchronization between channel callback and
     hv_pci_bus_exit() (bsc#1204017).
   - PCI: hv: Fix the definition of vector in hv_compose_msi_msg()
   - PCI: hv: Fix typo (bsc#1204446).
   - PCI: hv: Remove bus device removal unused refcount/functions
   - PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
   - PCI: hv: Support for create interrupt v3 (bsc#1204446).
   - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors
   - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus
     hardening (bsc#1204017).
   - RDMA/core/sa_query: Remove unused argument (git-fixes)
   - RDMA/hns: Fix spelling mistakes of original (git-fixes)
   - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes)
   - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes)
   - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes)
   - RDMA/rxe: Fix memory leak in error path code (git-fixes)
   - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
   - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
   - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
   - USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
   - USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
   - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
   - USB: serial: option: remove old LARA-R6 PID (git-fixes).
   - USB: serial: option: remove old LARA-R6 PID.
   - Xen/gntdev: do not ignore kernel unmapping error (git-fixes).
   - add another bug reference to some hyperv changes (bsc#1205617).
   - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes).
   - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes)
   - arm64: dts: juno: Add thermal critical trip points (git-fixes)
   - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
   - ata: libata-transport: fix double ata_host_put() in ata_tport_add()
   - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes).
   - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes).
   - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes).
   - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
   - blk-crypto: fix check for too-large dun_bytes (git-fixes).
   - blk-mq: Properly init requests from blk_mq_alloc_request_hctx()
   - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created
   - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes).
   - blktrace: Trace remapped requests correctly (git-fixes).
   - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
   - block: Add a helper to validate the block size (git-fixes).
   - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328).
   - block: ataflop: fix breakage introduced at blk-mq refactoring
   - block: ataflop: more blk-mq refactoring fixes (git-fixes).
   - block: fix infinite loop for invalid zone append (git-fixes).
   - block: limit request dispatch loop duration (git-fixes).
   - block: nbd: add sanity check for first_minor (git-fixes).
   - block: use "unsigned long" for blk_validate_block_size() (git-fixes).
   - bus: sunxi-rsb: Support atomic transfers (git-fixes).
   - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes).
   - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
   - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
   - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989).
   - ceph: do not access the kiocb after aio requests (bsc#1205984).
   - ceph: fix fscache invalidation (bsc#1205985).
   - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988).
   - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
   - ceph: request Fw caps before updating the mtime in ceph_write_iter
   - cifs: skip extra NULL byte in filenames (bsc#1204791).
   - dm era: commit metadata in postsuspend after worker stops (git-fixes).
   - dm integrity: set journal entry unused when shrinking device (git-fixes).
   - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
   - dm mpath: only use ktime_get_ns() in historical selector (git-fixes).
   - dm raid: fix accesses beyond end of raid member array (git-fixes).
   - dm raid: fix address sanitizer warning in raid_resume (git-fixes).
   - dm raid: fix address sanitizer warning in raid_status (git-fixes).
   - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
   - dm verity fec: fix misaligned RS roots IO (git-fixes).
   - dm writecache: fix writing beyond end of underlying device when
     shrinking (git-fixes).
   - dm writecache: return the exact table values that were set (git-fixes).
   - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
   - dm: fix request-based DM to not bounce through indirect dm_submit_bio
   - dm: remove special-casing of bio-based immutable singleton target on
     NVMe (git-fixes).
   - dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
   - dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
   - dmaengine: at_hdmac: Check return code of dma_async_device_register
   - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable
   - dmaengine: at_hdmac: Do not start transactions at tx_submit level
   - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
   - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of
     errors (git-fixes).
   - dmaengine: at_hdmac: Fix impossible condition (git-fixes).
   - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
   - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
   - drivers/hv: remove obsolete TODO and fix misleading typo in comment
   - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes).
   - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes).
   - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes).
   - drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes).
   - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes).
   - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes).
   - drivers: hv: vmbus: Replace symbolic permissions by octal permissions
   - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes).
   - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes).
   - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes).
   - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes).
   - drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
   - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
   - drm/panel: simple: set bpc field for logic technologies displays
   - drm/rockchip: dsi: Force synchronous probe (git-fixes).
   - drm/vc4: Fix missing platform_unregister_drivers() call in
     vc4_drm_register() (git-fixes).
   - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
   - fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
   - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes).
   - ftrace: Fix char print issue in print_ip_ins() (git-fixes).
   - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes).
   - ftrace: Fix the possible incorrect kernel message (git-fixes).
   - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
   - ftrace: Optimize the allocation for mcount entries (git-fixes).
   - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
   - fuse: add file_modified() to fallocate (bsc#1205330).
   - fuse: fix readdir cache race (bsc#1205329).
   - hamradio: fix issue of dev reference count leakage in bpq_device_event()
   - hv: hyperv.h: Remove unused inline functions (git-fixes).
   - hv_netvsc: Add a comment clarifying batching logic (git-fixes).
   - hv_netvsc: Add check for kvmalloc_array (git-fixes).
   - hv_netvsc: Add error handling while switching data path (bsc#1204850).
   - hv_netvsc: Allocate the recv_buf buffers after
     NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
   - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes).
   - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
   - hv_netvsc: Fix race between VF offering and VF association message from
     host (bsc#1204850).
   - hv_netvsc: Print value of invalid ID in
     netvsc_send_{completion,tx_complete}() (git-fixes).
   - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
   - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes).
   - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus
     hardening (bsc#1204017).
   - hv_netvsc: Validate number of allocated sub-channels (git-fixes).
   - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
   - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
   - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
   - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes).
   - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
   - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes).
   - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
   - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes).
   - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
   - iio: adc: at91_adc: fix possible memory leak in
     at91_adc_allocate_trigger() (git-fixes).
   - iio: core: Fix entry not deleted when iio_register_sw_trigger_type()
     fails (git-fixes).
   - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes).
   - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
   - iio: light: apds9960: fix wrong register for gesture gain (git-fixes).
   - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes).
   - iio: pressure: ms5611: changed hardcoded SPI speed to value limited
   - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
   - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes).
   - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes).
   - kABI: Fix after adding trace_iterator.wait_index (git-fixes).
   - kABI: remove new member of usbip_device (git-fixes).
   - kabi: fix transport_add_device change (git-fixes).
   - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
   - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes).
   - loop: Check for overflow while configuring loop (git-fixes).
   - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes).
   - mISDN: fix possible memory leak in mISDN_dsp_element_register()
   - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes).
   - md/raid5: Ensure stripe_fill happens on non-read IO with journal
   - md: Replace snprintf with scnprintf (git-fixes).
   - media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
   - media: meson: vdec: fix possible refcount leak in vdec_probe()
   - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
   - media: venus: dec: Handle the case where find_format fails (git-fixes).
   - media: vim2m: initialize the media device earlier (git-fixes).
   - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
   - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
   - mmc: core: properly select voltage range without power cycle (git-fixes).
   - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
   - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
   - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD#
     debounce timeout (git-fixes).
   - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
   - nbd: Fix use-after-free in pid_show (git-fixes).
   - nbd: fix possible overflow for 'first_minor' in nbd_dev_add()
   - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes).
   - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes).
   - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
   - net: ethernet: nixge: fix NULL dereference (git-fixes).
   - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
   - net: hyperv: remove use of bpf_op_t (git-fixes).
   - net: netvsc: remove break after return (git-fixes).
   - net: phy: fix null-ptr-deref while probe() failed (git-fixes).
   - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes).
   - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
   - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch
   - nfc/nci: fix race with opening and closing (git-fixes).
   - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
   - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
   - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
   - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
   - nfsd: set the server_scope during service startup (bsc#1203746).
   - null_blk: Fail zone append to conventional zones (git-fixes).
   - null_blk: synchronization fix for zoned device (git-fixes).
   - nvmem: core: Check input parameter for NULL in nvmem_unregister()
   - panic, kexec: make __crash_kexec() NMI safe (git-fixes).
   - parport_pc: Avoid FIFO port location truncation (git-fixes).
   - phy: stm32: fix an error code in probe (git-fixes).
   - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
   - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes).
   - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395).
   - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
   - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934).
   - printk: use atomic updates for klogd work (bsc#1204934).
   - printk: wake waiters for safe and NMI contexts (bsc#1204934).
   - r8152: Add MAC passthrough support to new device (git-fixes).
   - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
   - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes).
   - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
   - regulator: core: fix UAF in destroy_regulator() (git-fixes).
   - regulator: core: fix kobject release warning and memory leak in
     regulator_register() (git-fixes).
   - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
   - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
   - ring-buffer: Allow splice to read previous partially read pages
   - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()
   - ring-buffer: Check pending waiters when doing wake ups as well
   - ring-buffer: Fix race between reset page and reading page (git-fixes).
   - ring-buffer: Have the shortest_full queue be the shortest not longest
   - ring-buffer: Include dropped pages in counting dirty patches (git-fixes).
   - ring_buffer: Do not deactivate non-existant pages (git-fixes).
   - rndis_host: increase sleep time in the query-response loop (git-fixes).
   - rtc: mt6397: fix alarm register overwrite (git-fixes).
   - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
   - s390/cpcmd: fix inline assembly register clobbering (git-fixes).
   - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
   - s390/disassembler: increase ebpf disasm buffer size (git-fixes).
   - s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
     (bsc#1205428 LTC#200501).
   - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
     (bsc#1203144 LTC#199881).
   - s390/mm: use non-quiescing sske for KVM switch to keyed guest
   - s390/pci: add missing EX_TABLE entries to
     __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
   - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes).
   - s390/uaccess: add missing EX_TABLE entries to __clear_user(),
     copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and
     __strnlen_user() (bsc#1205428 LTC#200501).
   - s390/vtime: fix inline assembly clobber list (git-fixes).
   - s390/zcore: fix race when reading from hardware system area (git-fixes).
   - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes).
   - s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
   - s390: fix double free of GS and RI CBs on fork() failure (git-fixes).
   - s390: fix nospec table alignments (git-fixes).
   - s390: mark __cpacf_query() as __always_inline (git-fixes).
   - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes).
   - scsi: drivers: base: Propagate errors through the transport component
   - scsi: drivers: base: Support atomic version of
     attribute_container_device_trigger (git-fixes).
   - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729
     bsc#1204810 ltc#200162).
   - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
   - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver
     info (bsc#1204957).
   - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs
   - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
   - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited"
   - scsi: lpfc: Log when congestion management limits are in effect
   - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off
   - scsi: lpfc: Update lpfc version to (bsc#1204957).
   - scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
   - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
   - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds
   - scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
   - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
   - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
   - scsi: storvsc: Fix handling of srb_status and capacity change events
   - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer
   - scsi: storvsc: Fix validation for unsolicited incoming packets
   - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).
   - scsi: storvsc: Miscellaneous code cleanups (git-fixes).
   - scsi: storvsc: Parameterize number hardware queues (git-fixes).
   - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
   - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
   - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
   - scsi: storvsc: Update error logging (git-fixes).
   - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs
   - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
   - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus
     hardening (bsc#1204017).
   - scsi: storvsc: Validate length of incoming packet in
     storvsc_on_channel_callback() (bsc#1204017).
   - scsi: zfcp: Fix double free of FSF request when qdio send fails
   - scsi: zfcp: Fix missing auto port scan and thus missing target ports
   - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes).
   - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in
     omap8250_remove() (git-fixes).
   - serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
   - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes).
   - serial: 8250_omap: remove wait loop from Errata i202 workaround
   - serial: imx: Add missing .thaw_noirq hook (git-fixes).
   - siox: fix possible memory leak in siox_device_add() (git-fixes).
   - slimbus: stream: correct presence rate frequencies (git-fixes).
   - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input
     clock (git-fixes).
   - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes).
   - staging: greybus: light: fix a couple double frees (git-fixes).
   - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes).
   - tracing/ring-buffer: Have polling block on watermark (git-fixes).
   - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
   - tracing: Disable interrupt or preemption before acquiring
     arch_spinlock_t (git-fixes).
   - tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
   - tracing: Fix wild-memory-access in register_synth_event() (git-fixes).
   - tracing: Simplify conditional compilation code in tracing_set_tracer()
   - tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
   - tracing: Wake up waiters when tracing is disabled (git-fixes).
   - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
   - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
   - usb: dwc3: exynos: Fix remove() function (git-fixes).
   - usb: dwc3: fix PHY disable sequence (git-fixes).
   - usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
   - usb: dwc3: gadget: Fix null pointer exception (git-fixes).
   - usb: dwc3: qcom: fix runtime PM wakeup.
   - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
   - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96
     controller (git-fixes).
   - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes).
   - usbip: stub-dev synchronize sysfs code paths (git-fixes).
   - usbip: stub_dev: remake locking for kABI (git-fixes).
   - usbip: synchronize event handler with sysfs code paths (git-fixes).
   - usbip: usbip_event: use global lock (git-fixes).
   - usbip: vudc synchronize sysfs code paths (git-fixes).
   - usbip: vudc_sysfs: use global lock (git-fixes).
   - use __netdev_notify_peers in hyperv (git-fixes).
   - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"
   - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"
   - vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
   - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero
   - virtio-blk: Use blk_validate_block_size() to validate block size
   - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes).
   - virtio_blk: fix the discard_granularity and discard_alignment queue
     limits (git-fixes).
   - Fix placement of '.data..decrypted' section (git-fixes).
   - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes).
   - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes).
   - wifi: cfg80211: silence a sparse RCU warning (git-fixes).
   - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
   - workqueue: do not skip lockdep work dependency in cancel_work_sync()
   - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from
     S3 (bsc#1206037).
   - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
   - x86/hyperv: Output host build info as normal Windows version number
   - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes).
   - x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
   - x86/microcode/AMD: Apply the patch early on every logical thread
   - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery
   - x86/xen: Distribute switch variables for initialization (git-fixes).
   - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes).
   - xen-blkback: prevent premature module unload (git-fixes).
   - xen-netback: correct success/error reporting for the SKB-with-fraglist
     case (git-fixes).
   - xen/balloon: fix balloon kthread freezing (git-fixes).
   - xen/balloon: fix ballooned page accounting without hotplug enabled
   - xen/balloon: fix cancelled balloon action (git-fixes).
   - xen/balloon: use a kernel thread instead a workqueue (git-fixes).
   - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
   - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
   - xen/gntdev: Prevent leaking grants (git-fixes).
   - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
   - xen/privcmd: Corrected error handling path (git-fixes).
   - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
   - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
   - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
   - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
   - xen: Fix event channel callback via INTX/GSI (git-fixes).
   - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
   - xenbus: req->body should be updated before req->state (git-fixes).
   - xenbus: req->err should be updated before req->state (git-fixes).
   - xfs: Lower CIL flush limit for large logs (git-fixes).
   - xfs: Throttle commits on delayed background CIL push (git-fixes).
   - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes).
   - xfs: check owner of dir3 blocks (git-fixes).
   - xfs: factor common AIL item deletion code (git-fixes).
   - xfs: open code insert range extent split helper (git-fixes).
   - xfs: rework collapse range into an atomic operation (git-fixes).
   - xfs: rework insert range into an atomic operation (git-fixes).
   - xfs: tail updates only need to occur when LSN changes (git-fixes).
   - xfs: trylock underlying buffer on dquot flush (git-fixes).
   - xfs: xfs_buf_corruption_error should take __this_address (git-fixes).
   - xhci: Remove device endpoints from bandwidth list when freeing the
     device (git-fixes).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap Micro 5.2:

      zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4613=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-4613=1

   - SUSE Linux Enterprise Module for Realtime 15-SP3:

      zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-4613=1

   - SUSE Linux Enterprise Micro 5.2:

      zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4613=1

   - SUSE Linux Enterprise Micro 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4613=1

Package List:

   - openSUSE Leap Micro 5.2 (x86_64):


   - openSUSE Leap 15.3 (noarch):


   - openSUSE Leap 15.3 (x86_64):


   - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch):


   - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64):


   - SUSE Linux Enterprise Micro 5.2 (x86_64):


   - SUSE Linux Enterprise Micro 5.1 (x86_64):



More information about the sle-security-updates mailing list