SUSE-SU-2022:4566-1: important: Security update for the Linux Kernel

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Dec 19 17:25:32 UTC 2022


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:4566-1
Rating:             important
References:         #1065729 #1071995 #1106594 #1156395 #1164051 
                    #1184350 #1199365 #1200845 #1201455 #1203183 
                    #1203746 #1203860 #1203960 #1204017 #1204142 
                    #1204414 #1204446 #1204631 #1204636 #1204810 
                    #1204850 #1204868 #1204963 #1205006 #1205128 
                    #1205130 #1205220 #1205234 #1205264 #1205473 
                    #1205514 #1205617 #1205671 #1205705 #1205709 
                    #1205796 #1205901 #1205902 #1205903 #1205904 
                    #1205905 #1205906 #1205907 #1205908 #1206032 
                    #1206037 #1206113 #1206114 #1206117 #1206118 
                    #1206119 #1206120 #1206207 #1206213 
Cross-References:   CVE-2022-28693 CVE-2022-3567 CVE-2022-3628
                    CVE-2022-3635 CVE-2022-3643 CVE-2022-3903
                    CVE-2022-4095 CVE-2022-41850 CVE-2022-41858
                    CVE-2022-42328 CVE-2022-42329 CVE-2022-42895
                    CVE-2022-42896 CVE-2022-4378 CVE-2022-43945
                    CVE-2022-45934
CVSS scores:
                    CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
                    CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
                    CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
                    CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise Desktop 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
                    SUSE Linux Enterprise High Performance Computing 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP Applications 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________

   An update that solves 16 vulnerabilities and has 38 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:


   - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
   - CVE-2022-42328: Guests could trigger denial of service via the netback
     driver (bsc#1206114).
   - CVE-2022-42329: Guests could trigger denial of service via the netback
     driver (bsc#1206113).
   - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via
     netback driver (bsc#1206113).
   - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file
     drivers/atm/idt77252.c (bsc#1204631).
   - CVE-2022-41850: Fixed a race condition in roccat_report_event() in
     drivers/hid/hid-roccat.c (bsc#1203960).
   - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
     l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
   - CVE-2022-3628: Fixed potential buffer overflow in
     brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
   - CVE-2022-3567: Fixed a to race condition in
     inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
   - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in
     drivers/net/slip (bsc#1205671).
   - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation
     (bsc#1205128).
   - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
   - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver
     USB driver (bsc#1205220).
   - CVE-2022-42895: Fixed an information leak in the
     net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
     leak kernel pointers remotely (bsc#1205705).
   - CVE-2022-42896: Fixed a use-after-free vulnerability in the
     net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()
     which may have allowed code execution and leaking kernel memory
     (respectively) remotely via Bluetooth (bsc#1205709).

   The following non-security bugs were fixed:

   - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
   - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus
     hardening (bsc#1204017, bsc#1205617).
   - Drivers: hv: vmbus: Drop error message when 'No request id available'
     (bsc#1204017).
   - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero
     (bsc#1204017).
   - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
   - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017,
     bsc#1205617).
   - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017,
     bsc#1205617).
   - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017,
     bsc#1205617).
   - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017).
   - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
     (git-fixes).
   - Drivers: hv: vmbus: fix double free in the error path of
     vmbus_add_channel_work() (git-fixes).
   - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
     (git-fixes).
   - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
     (git-fixes).
   - FDDI: defxx: Make MMIO the configuration default except for EISA
     (git-fixes).
   - KVM: s390: Add a routine for setting userspace CPU state (git-fixes).
   - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
   - KVM: s390: Fix handle_sske page fault handling (git-fixes).
   - KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
   - KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
     (git-fixes).
   - KVM: s390: reduce number of IO pins to 1 (git-fixes).
   - KVM: s390: split kvm_s390_logical_to_effective (git-fixes).
   - KVM: s390: split kvm_s390_real_to_abs (git-fixes).
   - KVM: s390x: fix SCK locking (git-fixes).
   - NIU: fix incorrect error return, missed in previous revert (git-fixes).
   - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv()
     (bsc#1204446).
   - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017).
   - PCI: hv: Drop msi_controller structure (bsc#1204446).
   - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
     topology (bsc#1199365).
   - PCI: hv: Fix a race condition when removing the device (bsc#1204446).
   - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
   - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
   - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
   - PCI: hv: Fix sleep while in non-sleep context when removing child
     devices from the bus (bsc#1204446).
   - PCI: hv: Fix synchronization between channel callback and
     hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617).
   - PCI: hv: Fix synchronization between channel callback and
     hv_pci_bus_exit() (bsc#1204017, bsc#1205617).
   - PCI: hv: Fix the definition of vector in hv_compose_msi_msg()
     (bsc#1200845).
   - PCI: hv: Make the code arch neutral by adding arch specific interfaces
     (bsc#1200845).
   - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
   - PCI: hv: Remove bus device removal unused refcount/functions
     (bsc#1204446).
   - PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
   - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
     (bsc#1200845).
   - PCI: hv: Support for create interrupt v3 (git-fixes).
   - PCI: hv: Use struct_size() helper (bsc#1204446).
   - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus
     hardening (bsc#1204017).
   - PM: hibernate: fix sparse warnings (git-fixes).
   - Xen/gntdev: do not ignore kernel unmapping error (git-fixes).
   - add missing bug reference to a hv_netvsc patch file (bsc#1204850).
   - always clear the X2APIC_ENABLE bit for PV guest (git-fixes).
   - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes).
   - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
   - bfq: Update cgroup information before merging bio (git-fixes).
   - blk-mq: add callback of .cleanup_rq (git-fixes).
   - blktrace: Trace remapped requests correctly (git-fixes).
   - block/bfq: fix ifdef for CONFIG_BFQ_GROUP_IOSCHED=y (git-fixes).
   - block: Add a helper to validate the block size (git-fixes).
   - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for
     nowait (git-fixes).
   - block: do not delete queue kobject before its children (git-fixes).
   - block: respect queue limit of max discard segment (git-fixes).
   - block: rsxx: select CONFIG_CRC32 (git-fixes).
   - block: use "unsigned long" for blk_validate_block_size() (git-fixes).
   - bnxt_en: Clean up completion ring page arrays completely (git-fixes).
   - bnxt_en: Do not use static arrays for completion ring pages (git-fixes).
   - bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S
     (git-fixes).
   - bnxt_en: Fix TX timeout when TX ring size is set to the smallest
     (git-fixes).
   - bnxt_en: Free context memory after disabling PCI in probe error path
     (git-fixes).
   - bnxt_en: Increase maximum RX ring size if jumbo ring is not used
     (git-fixes).
   - brd: re-enable __GFP_HIGHMEM in brd_insert_page() (git-fixes).
   - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
   - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
     state notification (git-fixes).
   - can: rcar_can: fix suspend/resume (git-fixes).
   - ceph: check availability of mds cluster on mount after wait timeout
     (bsc#1205903).
   - ceph: do not skip updating wanted caps when cap is stale (bsc#1205905).
   - ceph: fix fscache invalidation (bsc#1205907).
   - ceph: fix potential race in ceph_check_caps (bsc#1205906).
   - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205908).
   - ceph: return -EINVAL if given fsc mount option on kernel w/o support
     (bsc#1205902).
   - ceph: return -ERANGE if virtual xattr value didn't fit in buffer
     (bsc#1205901).
   - ceph: return ceph_mdsc_do_request() errors from __get_parent()
     (bsc#1205904).
   - cuse: prevent clone (bsc#1206120).
   - cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
   - dm era: commit metadata in postsuspend after worker stops (git-fixes).
   - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
   - dm mpath: remove harmful bio-based optimization (git-fixes).
   - dm raid: fix accesses beyond end of raid member array (git-fixes).
   - dm raid: fix address sanitizer warning in raid_resume (git-fixes).
   - dm raid: fix address sanitizer warning in raid_status (git-fixes).
   - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
     (git-fixes).
   - dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
   - e100: fix buffer overrun in e100_get_regs (git-fixes).
   - e100: fix length calculation in e100_get_regs_len (git-fixes).
   - floppy: Fix hang in watchdog when disk is ejected (git-fixes).
   - ftrace: Fix char print issue in print_ip_ins() (git-fixes).
   - ftrace: Fix the possible incorrect kernel message (git-fixes).
   - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
   - ftrace: Optimize the allocation for mcount entries (git-fixes).
   - fuse: do not check refcount after stealing page (bsc#1206119).
   - fuse: retrieve: cap requested size to negotiated max_write (bsc#1206118).
   - fuse: use READ_ONCE on congestion_threshold and max_background
     (bsc#1206117).
   - gianfar: Disable EEE autoneg by default (git-fixes).
   - hv_netvsc: Add check for kvmalloc_array (git-fixes).
   - hv_netvsc: Add error handling while switching data path (bsc#1204850).
   - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017).
   - hv_netvsc: Cache the current data path to avoid duplicate call and
     message (bsc#1204017).
   - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017).
   - hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes).
   - hv_netvsc: Fix race between VF offering and VF association message from
     host (git-fixes).
   - hv_netvsc: Print value of invalid ID in
     netvsc_send_{completion,tx_complete}() (bsc#1204017).
   - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
   - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt
     (bsc#1204017).
   - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive()
     (bsc#1204017).
   - hv_netvsc: Sync offloading features to VF NIC (git-fixes).
   - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus
     hardening (bsc#1204017).
   - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
   - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
   - i40e: Fix kernel crash during module removal (git-fixes).
   - i40e: Fix reset path while removing the driver (git-fixes).
   - i40e: fix endless loop under rtnl (git-fixes).
   - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
   - ice: Increase control queue timeout (git-fixes).
   - igb: Fix position of assignment to *ring (git-fixes).
   - igc: Fix use-after-free error during reset (git-fixes).
   - igc: change default return of igc_read_phy_reg() (git-fixes).
   - ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
   - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes).
   - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
   - kprobes/x86/xen: blacklist non-attachable xen interrupt functions
     (git-fixes).
   - livepatch: Add a missing newline character in klp_module_coming()
     (bsc#1071995).
   - livepatch: fix race between fork and KLP transition (bsc#1071995).
   - macsec: check return value of skb_to_sgvec always (git-fixes).
   - macsec: fix memory leaks when skb_to_sgvec fails (git-fixes).
   - md/raid5: Ensure stripe_fill happens on non-read IO with journal
     (git-fixes).
   - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
   - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
     (git-fixes).
   - media: ite-cir: IR receiver stop working after receive overflow
     (git-fixes).
   - media: mceusb: RX -EPIPE (urb status = -32) lockup failure fix
     (git-fixes).
   - media: mceusb: TX -EPIPE (urb status = -32) lockup fix (git-fixes).
   - media: mceusb: do not read data parameters unless required (git-fixes).
   - media: mceusb: fix inaccurate debug buffer dumps, and misleading debug
     messages (git-fixes).
   - media: mceusb: sanity check for prescaler value (git-fixes).
   - media: mceusb: sporadic RX truncation corruption fix (git-fixes).
   - mm, swap, frontswap: fix THP swap if frontswap enabled (git-fixes).
   - module: change to print useful messages from elf_validity_check()
     (git-fixes).
   - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
   - module: harden ELF info handling (git-fixes).
   - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes).
   - nbd: do not update block size after device is started (git-fixes).
   - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode
     (git-fixes).
   - net/mlx5: Fix flow table chaining (git-fixes).
   - net/mlx5e: Fix endianness handling in pedit mask (git-fixes).
   - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
   - net: aquantia: Fix actual speed capabilities reporting (git-fixes).
   - net: bcmgenet: Ensure all TX/RX queues DMAs are disabled (git-fixes).
   - net: ethernet: arc: fix error handling in emac_rockchip_probe
     (git-fixes).
   - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and
     allmulti disabled (git-fixes).
   - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit (git-fixes).
   - net: hns3: add limit ets dwrr bandwidth cannot be 0 (git-fixes).
   - net: hns3: check vlan id before using it (git-fixes).
   - net: hns3: disable sriov before unload hclge layer (git-fixes).
   - net: hns3: do not allow call hns3_nic_net_open repeatedly (git-fixes).
   - net: hns3: fix change RSS 'hfunc' ineffective issue (git-fixes).
   - net: hns3: fix kernel crash when unload VF while it is being reset
     (git-fixes).
   - net: hns3: reset DWRR of unused tc to zero (git-fixes).
   - net: hyperv: remove use of bpf_op_t (git-fixes).
   - net: ieee802154: adf7242: Fix bug if defined DEBUG (git-fixes).
   - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
   - net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
   - net: mdiobus: Fix memory leak in __mdiobus_register (git-fixes).
   - net: moxa: fix UAF in moxart_mac_probe (git-fixes).
   - net: natsemi: Fix missing pci_disable_device() in probe and remove
     (git-fixes).
   - net: netvsc: remove break after return (git-fixes).
   - net: nxp: lpc_eth.c: avoid hang when bringing interface down (git-fixes).
   - net: qcom/emac: fix UAF in emac_remove (git-fixes).
   - net: smsc911x: Fix unload crash when link is up (git-fixes).
   - net: ti: fix UAF in tlan_remove_one (git-fixes).
   - net: xen-netback: fix return type of ndo_start_xmit function (git-fixes).
   - nfsd: set the server_scope during service startup (bsc#1203746).
   - null_blk: Fix the null_add_dev() error path (git-fixes).
   - null_blk: fix ida error handling in null_add_dev() (git-fixes).
   - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes).
   - panic, kexec: make __crash_kexec() NMI safe (git-fixes).
   - phy: mdio: fix memory leak (git-fixes).
   - ptp: dp83640: do not define PAGE0 (git-fixes).
   - qed: Fix missing error code in qed_slowpath_start() (git-fixes).
   - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
   - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
   - ring-buffer: Allow splice to read previous partially read pages
     (git-fixes).
   - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()
     (git-fixes).
   - ring-buffer: Check pending waiters when doing wake ups as well
     (git-fixes).
   - ring-buffer: Fix race between reset page and reading page (git-fixes).
   - ring_buffer: Do not deactivate non-existant pages (git-fixes).
   - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
   - s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes).
   - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
   - s390/cpcmd: fix inline assembly register clobbering (git-fixes).
   - s390/crash: fix incorrect number of bytes to copy to user space
     (git-fixes).
   - s390/crash: make copy_oldmem_page() return number of bytes copied
     (git-fixes).
   - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
   - s390/ctcm: fix potential memory leak (git-fixes).
   - s390/ctcm: fix variable dereferenced before check (git-fixes).
   - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
     (git-fixes).
   - s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
     (git-fixes).
   - s390/lcs: fix variable dereferenced before check (git-fixes).
   - s390/mcck: fix invalid KVM guest condition check (git-fixes).
   - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag
     (git-fixes).
   - s390/mm: use non-quiescing sske for KVM switch to keyed guest
     (git-fixes).
   - s390/module: fix loading modules with a lot of relocations (git-fixes).
   - s390/nmi: handle guarded storage validity failures for KVM guests
     (git-fixes).
   - s390/nmi: handle vector validity failures for KVM guests (git-fixes).
   - s390/pci: add missing EX_TABLE entries to
     __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
   - s390/pkey: fix paes selftest failure with paes and pkey static build
     (git-fixes).
   - s390/pv: fix the forcing of the swiotlb (git-fixes).
   - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
   - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
   - s390/qeth: Fix deadlock in remove_discipline (bsc#1206213 LTC#200742).
   - s390/qeth: Fix error handling during VNICC initialization (git-fixes).
   - s390/qeth: Fix initialization of vnicc cmd masks during set online
     (git-fixes).
   - s390/qeth: Fix vnicc_is_in_use if rx_bcast not set (git-fixes).
   - s390/qeth: do not defer close_dev work during recovery (bsc#1206213
     LTC#200742).
   - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
   - s390/qeth: fix deadlock during failing recovery (bsc#1206213 LTC#200742).
   - s390/qeth: fix false reporting of VNIC CHAR config failure (git-fixes).
   - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
   - s390/qeth: fix notification for pending buffers during teardown
     (git-fixes).
   - s390/qeth: remove driver-wide workqueue (bsc#1206213 LTC#200742).
   - s390/qeth: vnicc Fix EOPNOTSUPP precedence (git-fixes).
   - s390/qeth: vnicc Fix init to default (git-fixes).
   - s390/uaccess: add missing EX_TABLE entries to __clear_user(),
     copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and
     __strnlen_user() (git-fixes).
   - s390/zcore: fix race when reading from hardware system area (git-fixes).
   - s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
   - s390: appldata depends on PROC_SYSCTL (git-fixes).
   - s390: define get_cycles macro for arch-override (git-fixes).
   - s390: fix nospec table alignments (git-fixes).
   - sbitmap: fix possible io hung due to lost wakeup (git-fixes).
   - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes).
   - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729).
   - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
   - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
     (git-fixes).
   - scsi: lpfc: Rework MIB Rx Monitor debug info logic (git-fixes).
   - scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
   - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
   - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds
     (bsc#1204963).
   - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
   - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer
     (bsc#1204017).
   - scsi: storvsc: Fix validation for unsolicited incoming packets
     (bsc#1204017).
   - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
   - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
   - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs
     (bsc#1204017).
   - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus
     hardening (bsc#1204017).
   - scsi: storvsc: Validate length of incoming packet in
     storvsc_on_channel_callback() (bsc#1204017).
   - scsi: zfcp: Fix double free of FSF request when qdio send fails
     (git-fixes).
   - scsi: zfcp: Fix missing auto port scan and thus missing target ports
     (git-fixes).
   - selftests/livepatch: better synchronize test_klp_callbacks_busy
     (bsc#1071995).
   - sfp: fix RX_LOS signal handling (git-fixes).
   - sis900: Fix missing pci_disable_device() in probe and remove (git-fixes).
   - sunrpc: Re-purpose trace_svc_process (bsc#1205006).
   - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
   - tracing: Disable interrupt or preemption before acquiring
     arch_spinlock_t (git-fixes).
   - tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
   - tracing: Simplify conditional compilation code in tracing_set_tracer()
     (git-fixes).
   - tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
   - tracing: Wake up waiters when tracing is disabled (git-fixes).
   - tulip: windbond-840: Fix missing pci_disable_device() in probe and
     remove (git-fixes).
   - usb: chipidea: udc: check request status before setting device address
     (git-fixes).
   - usb: musb: Fix suspend with devices connected for a64 (git-fixes).
   - vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
   - vfio: ccw: fix error return in vfio_ccw_sch_event (git-fixes).
   - virtio-blk: Use blk_validate_block_size() to validate block size
     (git-fixes).
   - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
   - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes).
   - virtio_net: move tx vq operation under tx queue lock (git-fixes).
   - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes).
   - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from
     S3 (bsc#1206037).
   - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
   - x86/hyperv: Output host build info as normal Windows version number
     (git-fixes).
   - x86/hyperv: Set pv_info.name to "Hyper-V" (git-fixes).
   - x86/microcode/AMD: Apply the patch early on every logical thread
     (bsc#1205264).
   - x86/xen: Distribute switch variables for initialization (git-fixes).
   - x86/xen: Return from panic notifier (git-fixes).
   - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes).
   - xen-blkback: prevent premature module unload (git-fixes).
   - xen-netback: correct success/error reporting for the SKB-with-fraglist
     case (git-fixes).
   - xen-netfront: remove warning when unloading module (git-fixes).
   - xen/balloon: fix balloon initialization for PVH Dom0 (git-fixes).
   - xen/balloon: fix balloon kthread freezing (git-fixes).
   - xen/balloon: fix ballooned page accounting without hotplug enabled
     (git-fixes).
   - xen/balloon: fix cancelled balloon action (git-fixes).
   - xen/balloon: use a kernel thread instead a workqueue (git-fixes).
   - xen/blkback: fix memory leaks (git-fixes).
   - xen/efi: Set nonblocking callbacks (git-fixes).
   - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
   - xen/gntdev: Fix off-by-one error when unmapping with holes (git-fixes).
   - xen/gntdev: Fix partial gntdev_mmap() cleanup (git-fixes).
   - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
   - xen/gntdev: Prevent leaking grants (git-fixes).
   - xen/grant-table: Use put_page instead of free_page (git-fixes).
   - xen/pciback: Check dev_data before using it (git-fixes).
   - xen/pciback: remove set but not used variable 'old_state' (git-fixes).
   - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
   - xen/scsiback: add error handling for xenbus_printf (git-fixes).
   - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
   - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
     (git-fixes).
   - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
   - xen: Fix event channel callback via INTX/GSI (git-fixes).
   - xen: XEN_ACPI_PROCESSOR is Dom0-only (git-fixes).
   - xen: add error handling for xenbus_printf (git-fixes).
   - xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
   - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
     (git-fixes).
   - xen: xenbus: use put_device() instead of kfree() (git-fixes).
   - xenbus: req->body should be updated before req->state (git-fixes).
   - xenbus: req->err should be updated before req->state (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2022-4566=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4566=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4566=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4566=1

      Please note that this is the initial kernel livepatch without fixes
      itself, this livepatch package is later updated by seperate standalone
      livepatch updates.

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2022-4566=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.144.1
      kernel-default-debugsource-4.12.14-122.144.1
      kernel-default-extra-4.12.14-122.144.1
      kernel-default-extra-debuginfo-4.12.14-122.144.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.144.1
      kernel-obs-build-debugsource-4.12.14-122.144.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.144.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.144.1
      kernel-default-base-4.12.14-122.144.1
      kernel-default-base-debuginfo-4.12.14-122.144.1
      kernel-default-debuginfo-4.12.14-122.144.1
      kernel-default-debugsource-4.12.14-122.144.1
      kernel-default-devel-4.12.14-122.144.1
      kernel-syms-4.12.14-122.144.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.144.1
      kernel-macros-4.12.14-122.144.1
      kernel-source-4.12.14-122.144.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.144.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.144.1

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.144.1
      kernel-default-debugsource-4.12.14-122.144.1
      kernel-default-kgraft-4.12.14-122.144.1
      kernel-default-kgraft-devel-4.12.14-122.144.1
      kgraft-patch-4_12_14-122_144-default-1-8.5.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.144.1
      cluster-md-kmp-default-debuginfo-4.12.14-122.144.1
      dlm-kmp-default-4.12.14-122.144.1
      dlm-kmp-default-debuginfo-4.12.14-122.144.1
      gfs2-kmp-default-4.12.14-122.144.1
      gfs2-kmp-default-debuginfo-4.12.14-122.144.1
      kernel-default-debuginfo-4.12.14-122.144.1
      kernel-default-debugsource-4.12.14-122.144.1
      ocfs2-kmp-default-4.12.14-122.144.1
      ocfs2-kmp-default-debuginfo-4.12.14-122.144.1


References:

   https://www.suse.com/security/cve/CVE-2022-28693.html
   https://www.suse.com/security/cve/CVE-2022-3567.html
   https://www.suse.com/security/cve/CVE-2022-3628.html
   https://www.suse.com/security/cve/CVE-2022-3635.html
   https://www.suse.com/security/cve/CVE-2022-3643.html
   https://www.suse.com/security/cve/CVE-2022-3903.html
   https://www.suse.com/security/cve/CVE-2022-4095.html
   https://www.suse.com/security/cve/CVE-2022-41850.html
   https://www.suse.com/security/cve/CVE-2022-41858.html
   https://www.suse.com/security/cve/CVE-2022-42328.html
   https://www.suse.com/security/cve/CVE-2022-42329.html
   https://www.suse.com/security/cve/CVE-2022-42895.html
   https://www.suse.com/security/cve/CVE-2022-42896.html
   https://www.suse.com/security/cve/CVE-2022-4378.html
   https://www.suse.com/security/cve/CVE-2022-43945.html
   https://www.suse.com/security/cve/CVE-2022-45934.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1106594
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1164051
   https://bugzilla.suse.com/1184350
   https://bugzilla.suse.com/1199365
   https://bugzilla.suse.com/1200845
   https://bugzilla.suse.com/1201455
   https://bugzilla.suse.com/1203183
   https://bugzilla.suse.com/1203746
   https://bugzilla.suse.com/1203860
   https://bugzilla.suse.com/1203960
   https://bugzilla.suse.com/1204017
   https://bugzilla.suse.com/1204142
   https://bugzilla.suse.com/1204414
   https://bugzilla.suse.com/1204446
   https://bugzilla.suse.com/1204631
   https://bugzilla.suse.com/1204636
   https://bugzilla.suse.com/1204810
   https://bugzilla.suse.com/1204850
   https://bugzilla.suse.com/1204868
   https://bugzilla.suse.com/1204963
   https://bugzilla.suse.com/1205006
   https://bugzilla.suse.com/1205128
   https://bugzilla.suse.com/1205130
   https://bugzilla.suse.com/1205220
   https://bugzilla.suse.com/1205234
   https://bugzilla.suse.com/1205264
   https://bugzilla.suse.com/1205473
   https://bugzilla.suse.com/1205514
   https://bugzilla.suse.com/1205617
   https://bugzilla.suse.com/1205671
   https://bugzilla.suse.com/1205705
   https://bugzilla.suse.com/1205709
   https://bugzilla.suse.com/1205796
   https://bugzilla.suse.com/1205901
   https://bugzilla.suse.com/1205902
   https://bugzilla.suse.com/1205903
   https://bugzilla.suse.com/1205904
   https://bugzilla.suse.com/1205905
   https://bugzilla.suse.com/1205906
   https://bugzilla.suse.com/1205907
   https://bugzilla.suse.com/1205908
   https://bugzilla.suse.com/1206032
   https://bugzilla.suse.com/1206037
   https://bugzilla.suse.com/1206113
   https://bugzilla.suse.com/1206114
   https://bugzilla.suse.com/1206117
   https://bugzilla.suse.com/1206118
   https://bugzilla.suse.com/1206119
   https://bugzilla.suse.com/1206120
   https://bugzilla.suse.com/1206207
   https://bugzilla.suse.com/1206213



More information about the sle-updates mailing list