SUSE-SU-2022:3422-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Sep 27 10:19:42 UTC 2022
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3422-1
Rating: important
References: #1054914 #1065729 #1120716 #1179310 #1190397
#1191881 #1194535 #1197158 #1199617 #1201264
#1201420 #1201442 #1201610 #1201726 #1201948
#1202017 #1202096 #1202097 #1202346 #1202347
#1202393 #1202396 #1202528 #1202577 #1202672
#1202830 #1202897 #1202898 #1203013 #1203098
#1203107 #1203126
Cross-References: CVE-2021-4203 CVE-2022-20368 CVE-2022-20369
CVE-2022-21385 CVE-2022-2588 CVE-2022-26373
CVE-2022-2663 CVE-2022-2977 CVE-2022-3028
CVE-2022-36879 CVE-2022-39188
CVSS scores:
CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-2977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________
An update that solves 11 vulnerabilities and has 21 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2021-4203: Fixed use-after-free read flaw that was found in
sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed
unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where
the message handling could be confused and incorrectly matches the
message (bnc#1202097).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
a device driver can free a page while it still has stale TLB entries
(bnc#1203107).
The following non-security bugs were fixed:
- 9p: migrate from sync_inode to filemap_fdatawrite_wbc (bsc#1202528).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- Fix releasing of old bundles in xfrm_bundle_lookup() (bsc#1201264
bsc#1190397 bsc#1199617).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KVM: PPC: Book3S HV: Context tracking exit guest context before enabling
irqs (bsc#1065729).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2
(bsc#1201442)
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (bsc#1120716).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
(git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical
#GP (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
quirk set" (git-fixes).
- Revert "r8152: adjust the settings about MAC clock speed down for
RTL8153" (git-fixes).
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- USB: new quirk for Dell Gen 2 devices (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- ata: libata: add qc->flags in ata_qc_complete_template tracepoint
(git-fixes).
- btrfs: Convert fs_info->free_chunk_space to atomic64_t (bsc#1202528).
- btrfs: add a trace class for dumping the current ENOSPC state
(bsc#1202528).
- btrfs: add a trace point for reserve tickets (bsc#1202528).
- btrfs: adjust the flush trace point to include the source (bsc#1202528).
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1202528).
- btrfs: check worker before need_preemptive_reclaim (bsc#1202528).
- btrfs: do not do preemptive flushing if the majority is global rsv
(bsc#1202528).
- btrfs: do not include the global rsv size in the preemptive used amount
(bsc#1202528).
- btrfs: enable a tracepoint when we fail tickets (bsc#1202528).
- btrfs: handle preemptive delalloc flushing slightly differently
(bsc#1202528).
- btrfs: implement space clamping for preemptive flushing (bsc#1202528).
- btrfs: improve preemptive background space flushing (bsc#1202528).
- btrfs: include delalloc related info in dump space info tracepoint
(bsc#1202528).
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1202528).
- btrfs: make flush_space take a enum btrfs_flush_state instead of int
(bsc#1202528).
- btrfs: only clamp the first time we have to start flushing (bsc#1202528).
- btrfs: only ignore delalloc if delalloc is much smaller than ordered
(bsc#1202528).
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1202528).
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1202528).
- btrfs: rename need_do_async_reclaim (bsc#1202528).
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1202528).
- btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1202528).
- btrfs: rip out may_commit_transaction (bsc#1202528).
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets
(bsc#1202528).
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1202528).
- btrfs: take into account global rsv in need_preemptive_reclaim
(bsc#1202528).
- btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc
(bsc#1202528).
- btrfs: use percpu_read_positive instead of sum_positive for need_preempt
(bsc#1202528).
- btrfs: use the filemap_fdatawrite_wbc helper for delalloc shrinking
(bsc#1202528).
- btrfs: use the global rsv size in the preemptive thresh calculation
(bsc#1202528).
- btrfs: wait on async extents when flushing delalloc (bsc#1202528).
- btrfs: wake up async_delalloc_pages waiters after submit (bsc#1202528).
- ceph: do not truncate file in atomic_open (bsc#1202830).
- cgroup: Use separate src/dst nodes when preloading css_sets for
migration (bsc#1201610).
- check sk_peer_cred pointer before put_cred() call
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
(git-fixes).
- cxgb4: fix endian conversions for L4 ports in filters (git-fixes).
- cxgb4: move handling L2T ARP failures to caller (git-fixes).
- cxgb4: parse TC-U32 key values and masks natively (git-fixes).
- drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX (git-fixes).
- fs: add a filemap_fdatawrite_wbc helper (bsc#1202528).
- fuse: limit nsec (bsc#1203126).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
(git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- kabi/severities: add mlx5 internal symbols
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes,
bsc#1203098).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
- mvpp2: fix panic on module removal (git-fixes).
- mvpp2: refactor the HW checksum setup (git-fixes).
- net/mlx5: Clear LAG notifier pointer after unregister (git-fixes).
- net/mlx5: Fix auto group size calculation (git-fixes).
- net/mlx5: Imply MLXFW in mlx5_core (git-fixes).
- net/mlx5e: Use the inner headers to determine tc/pedit offload
limitation on decap flows (git-fixes).
- net: dsa: mt7530: Change the LINK bit to reflect the link status
(git-fixes).
- net: emaclite: Simplify if-else statements (git-fixes).
- net: ll_temac: Add more error handling of dma_map_single() calls
(git-fixes).
- net: ll_temac: Enable DMA when ready, not before (git-fixes).
- net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure
(git-fixes).
- net: ll_temac: Fix iommu/swiotlb leak (git-fixes).
- net: ll_temac: Fix support for 64-bit platforms (git-fixes).
- net: ll_temac: Fix support for little-endian platforms (git-fixes).
- net: ll_temac: Fix typo bug for 32-bit (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
pointer (git-fixes).
- net: stmmac: gmac4: bitrev32 returns u32 (git-fixes).
- net: usb: lan78xx: Connect PHY before registering MAC (git-fixes).
- net: xilinx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop
profiles (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add --backtrace support (bsc#1202396).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- objtool: Convert insn type to enum (bsc#1202396).
- objtool: Do not use ignore flag for fake jumps (bsc#1202396).
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- objtool: Fix ORC vs alternatives (bsc#1202396).
- objtool: Fix sibling call detection (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Remove check preventing branches within alternative
(bsc#1202396).
- objtool: Rename elf_open() to prevent conflict with libelf from
elftoolchain (bsc#1202396).
- objtool: Rename struct cfi_state (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- objtool: Set insn->func for alternatives (bsc#1202396).
- objtool: Support conditional retpolines (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- objtool: Track original function across branches (bsc#1202396).
- objtool: Uniquely identify alternative instruction groups (bsc#1202396).
- objtool: Use Elf_Scn typedef instead of assuming struct name
(bsc#1202396).
- phy: tegra: fix device-tree node lookups (git-fixes).
- powerpc/perf: Add privileged access check for thread_imc (bsc#1054914,
git-fixes).
- powerpc/perf: Fix loop exit condition in nest_imc_event_init
(bsc#1054914, git-fixes).
- powerpc/perf: Return accordingly on invalid chip-id in (bsc#1054914,
git-fixes).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: Use sizeof(*foo) rather than sizeof(struct foo) (bsc#1054914,
git-fixes).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- qed: Add EDPM mode type for user-fw compatibility (git-fixes).
- qed: fix kABI in qed_rdma_create_qp_in_params (git-fixes).
- scsi: smartpqi: set force_blk_mq=1.(bsc#1179310)
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
(git-fixes).
- squashfs: add more sanity checks in id lookup (git-fixes).
- squashfs: add more sanity checks in inode lookup (git-fixes).
- squashfs: add more sanity checks in xattr id lookup (git-fixes).
- squashfs: fix divide error in calculate_skip() (git-fixes).
- squashfs: fix inode lookup sanity checks (bsc#1203013).
- squashfs: fix xattr id and id lookup sanity checks (bsc#1203013).
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
(git-fixes).
- tracing/perf: Use strndup_user() instead of buggy open-coded version
(git-fixes).
- tracing/uprobes: Check the return value of kstrdup() for tu->filename
(git-fixes).
- tracing: Fix race in perf_trace_buf initialization (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe()
(git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xfs: always free inline data before resetting inode fork during ifree
(bsc#1202017).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xprtrdma: Fix trace point use-after-free race (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time Extension 12-SP5:
zypper in -t patch SUSE-SLE-RT-12-SP5-2022-3422=1
Package List:
- SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):
cluster-md-kmp-rt-4.12.14-10.100.1
cluster-md-kmp-rt-debuginfo-4.12.14-10.100.1
dlm-kmp-rt-4.12.14-10.100.1
dlm-kmp-rt-debuginfo-4.12.14-10.100.1
gfs2-kmp-rt-4.12.14-10.100.1
gfs2-kmp-rt-debuginfo-4.12.14-10.100.1
kernel-rt-4.12.14-10.100.1
kernel-rt-base-4.12.14-10.100.1
kernel-rt-base-debuginfo-4.12.14-10.100.1
kernel-rt-debuginfo-4.12.14-10.100.1
kernel-rt-debugsource-4.12.14-10.100.1
kernel-rt-devel-4.12.14-10.100.1
kernel-rt-devel-debuginfo-4.12.14-10.100.1
kernel-rt_debug-4.12.14-10.100.1
kernel-rt_debug-debuginfo-4.12.14-10.100.1
kernel-rt_debug-debugsource-4.12.14-10.100.1
kernel-rt_debug-devel-4.12.14-10.100.1
kernel-rt_debug-devel-debuginfo-4.12.14-10.100.1
kernel-syms-rt-4.12.14-10.100.1
ocfs2-kmp-rt-4.12.14-10.100.1
ocfs2-kmp-rt-debuginfo-4.12.14-10.100.1
- SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):
kernel-devel-rt-4.12.14-10.100.1
kernel-source-rt-4.12.14-10.100.1
References:
https://www.suse.com/security/cve/CVE-2021-4203.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-21385.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2663.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1054914
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1120716
https://bugzilla.suse.com/1179310
https://bugzilla.suse.com/1190397
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1194535
https://bugzilla.suse.com/1197158
https://bugzilla.suse.com/1199617
https://bugzilla.suse.com/1201264
https://bugzilla.suse.com/1201420
https://bugzilla.suse.com/1201442
https://bugzilla.suse.com/1201610
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1202017
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202097
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202396
https://bugzilla.suse.com/1202528
https://bugzilla.suse.com/1202577
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202830
https://bugzilla.suse.com/1202897
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1203013
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203107
https://bugzilla.suse.com/1203126
More information about the sle-security-updates
mailing list