SUSE-SU-2022:3294-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Fri Sep 16 22:20:07 UTC 2022

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2022:3294-1
Rating:             important
References:         #1133374 #1191881 #1196616 #1201420 #1201726 
                    #1201948 #1202096 #1202346 #1202347 #1202393 
                    #1202897 #1202898 #1203098 #1203107 
Cross-References:   CVE-2019-3900 CVE-2020-36516 CVE-2022-20368
                    CVE-2022-20369 CVE-2022-21385 CVE-2022-2588
                    CVE-2022-26373 CVE-2022-2991 CVE-2022-3028
                    CVE-2022-36879 CVE-2022-39188
CVSS scores:
                    CVE-2019-3900 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
                    CVE-2019-3900 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
                    CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
                    CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-2991 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-2991 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
                    CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL

   An update that solves 11 vulnerabilities and has three
   fixes is now available.


   The SUSE Linux Enterprise 12 SP2 kernel was updated receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
     a device driver can free a page while it still has stale TLB entries
   - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
     net/xfrm/xfrm_policy.c where a refcount could be dropped twice
   - CVE-2022-3028: Fixed race condition that was found in the IP framework
     for transforming packets (XFRM subsystem) (bnc#1202898).
   - CVE-2022-2991: Fixed an heap-based overflow in the lightnvm
     implemenation (bsc#1201420).
   - CVE-2022-26373: Fixed non-transparent sharing of return predictor
     targets between contexts in some Intel Processors (bnc#1201726).
   - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
   - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed
     unprivileged local users to crash the machine (bnc#1202897).
   - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
     v4l2-mem2mem.c (bnc#1202347).
   - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
   - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
     an attacker was able to inject data into or terminate a victim's TCP
     session (bnc#1196616).
   - CVE-2019-3900: Fixed infinite loop the vhost_net kernel module that
     could result in a DoS scenario (bnc#1133374).

   The following non-security bugs were fixed:

   - net_sched: cls_route: Disallowed handle of 0 (bsc#1202393).
   - mm, rmap: Fixed anon_vma->degree ambiguity leading to double-reuse
   - lightnvm: Removed lightnvm implemenation (bsc#1191881).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3294=1

Package List:

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):


   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):



More information about the sle-security-updates mailing list