Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2022:2723-1
Rating:	important
References:	bsc#1195775 bsc#1195926 bsc#1198484 bsc#1198829 bsc#1200442 bsc#1200598 bsc#1200910 bsc#1201050 bsc#1201429 bsc#1201635 bsc#1201636 bsc#1201926 bsc#1201930 bsc#1201940
Cross-References:	CVE-2020-36557 CVE-2020-36558 CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-20166 CVE-2022-36946
CVSS scores:	CVE-2020-36557 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36557 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-26341 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-26341 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-33655 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2021-33656 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1462 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20166 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-20166 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-36946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Availability Extension 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 LTSS 15 SUSE Linux Enterprise Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 LTSS 15 SUSE Linux Enterprise Server ESPOS 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that solves eight vulnerabilities and has six security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429).
• CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
• CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
• CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
• CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
• CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
• CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598).
• CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940).

The following non-security bugs were fixed:

• Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
• cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926).
• cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926).
• cifs: To match file servers, make sure the server hostname matches (bsc#1201926).
• cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926).
• cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926).
• cifs: set a minimum of 120s for next dns resolution (bsc#1201926).
• cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926).
• kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type.
• kernel-binary.spec: check s390x vmlinux location As a side effect of mainline commit edd4a8667355 ("s390/boot: get rid of startup archive"), vmlinux on s390x moved from "compressed" subdirectory directly into arch/s390/boot. As the specfile is shared among branches, check both locations and let objcopy use one that exists.
• kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
• kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
• pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config
• rpm/*.spec.in: remove backtick usage
• rpm/constraints.in: skip SLOW_DISK workers for kernel-source
• rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
• rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
• rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2723=1
• SUSE Linux Enterprise High Availability Extension 15
  zypper in -t patch SUSE-SLE-Product-HA-15-2022-2723=1
• SUSE Linux Enterprise Server ESPOS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2723=1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2723=1
• SUSE Linux Enterprise Server 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2723=1
• SUSE Linux Enterprise Server for SAP Applications 15
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2723=1

Package List:

• SUSE Linux Enterprise Live Patching 15 (nosrc)
  • kernel-default-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Live Patching 15 (ppc64le x86_64)
  • kernel-default-debugsource-4.12.14-150000.150.98.1
  • kernel-livepatch-4_12_14-150000_150_98-default-1-150000.1.3.1
  • kernel-livepatch-4_12_14-150000_150_98-default-debuginfo-1-150000.1.3.1
  • kernel-default-debuginfo-4.12.14-150000.150.98.1
  • kernel-default-livepatch-4.12.14-150000.150.98.1
• SUSE Linux Enterprise High Availability Extension 15 (aarch64 ppc64le s390x x86_64)
  • kernel-default-debugsource-4.12.14-150000.150.98.1
  • gfs2-kmp-default-debuginfo-4.12.14-150000.150.98.1
  • cluster-md-kmp-default-4.12.14-150000.150.98.1
  • dlm-kmp-default-debuginfo-4.12.14-150000.150.98.1
  • cluster-md-kmp-default-debuginfo-4.12.14-150000.150.98.1
  • ocfs2-kmp-default-debuginfo-4.12.14-150000.150.98.1
  • kernel-default-debuginfo-4.12.14-150000.150.98.1
  • dlm-kmp-default-4.12.14-150000.150.98.1
  • gfs2-kmp-default-4.12.14-150000.150.98.1
  • ocfs2-kmp-default-4.12.14-150000.150.98.1
• SUSE Linux Enterprise High Availability Extension 15 (nosrc)
  • kernel-default-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server ESPOS 15 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server ESPOS 15 (aarch64 x86_64)
  • kernel-default-debugsource-4.12.14-150000.150.98.1
  • kernel-syms-4.12.14-150000.150.98.1
  • kernel-default-devel-debuginfo-4.12.14-150000.150.98.1
  • kernel-obs-build-4.12.14-150000.150.98.1
  • kernel-vanilla-base-debuginfo-4.12.14-150000.150.98.1
  • kernel-default-devel-4.12.14-150000.150.98.1
  • kernel-default-debuginfo-4.12.14-150000.150.98.1
  • kernel-vanilla-debuginfo-4.12.14-150000.150.98.1
  • kernel-vanilla-base-4.12.14-150000.150.98.1
  • kernel-vanilla-debugsource-4.12.14-150000.150.98.1
  • kernel-default-base-4.12.14-150000.150.98.1
  • kernel-obs-build-debugsource-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server ESPOS 15 (noarch)
  • kernel-devel-4.12.14-150000.150.98.1
  • kernel-macros-4.12.14-150000.150.98.1
  • kernel-source-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server ESPOS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150000.150.98.2
• SUSE Linux Enterprise Server ESPOS 15 (nosrc)
  • kernel-vanilla-4.12.14-150000.150.98.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150000.150.98.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 x86_64)
  • kernel-default-debugsource-4.12.14-150000.150.98.1
  • kernel-syms-4.12.14-150000.150.98.1
  • kernel-default-devel-debuginfo-4.12.14-150000.150.98.1
  • kernel-obs-build-4.12.14-150000.150.98.1
  • kernel-vanilla-base-debuginfo-4.12.14-150000.150.98.1
  • kernel-default-devel-4.12.14-150000.150.98.1
  • kernel-default-debuginfo-4.12.14-150000.150.98.1
  • kernel-vanilla-debuginfo-4.12.14-150000.150.98.1
  • kernel-vanilla-base-4.12.14-150000.150.98.1
  • kernel-vanilla-debugsource-4.12.14-150000.150.98.1
  • kernel-default-base-4.12.14-150000.150.98.1
  • kernel-obs-build-debugsource-4.12.14-150000.150.98.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch)
  • kernel-devel-4.12.14-150000.150.98.1
  • kernel-macros-4.12.14-150000.150.98.1
  • kernel-source-4.12.14-150000.150.98.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150000.150.98.2
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (nosrc)
  • kernel-vanilla-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64)
  • kernel-default-debugsource-4.12.14-150000.150.98.1
  • kernel-syms-4.12.14-150000.150.98.1
  • kernel-default-devel-debuginfo-4.12.14-150000.150.98.1
  • kernel-obs-build-4.12.14-150000.150.98.1
  • reiserfs-kmp-default-debuginfo-4.12.14-150000.150.98.1
  • kernel-vanilla-base-debuginfo-4.12.14-150000.150.98.1
  • kernel-default-devel-4.12.14-150000.150.98.1
  • kernel-default-debuginfo-4.12.14-150000.150.98.1
  • kernel-vanilla-debuginfo-4.12.14-150000.150.98.1
  • kernel-vanilla-base-4.12.14-150000.150.98.1
  • reiserfs-kmp-default-4.12.14-150000.150.98.1
  • kernel-vanilla-debugsource-4.12.14-150000.150.98.1
  • kernel-default-base-4.12.14-150000.150.98.1
  • kernel-obs-build-debugsource-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch)
  • kernel-devel-4.12.14-150000.150.98.1
  • kernel-macros-4.12.14-150000.150.98.1
  • kernel-source-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150000.150.98.2
• SUSE Linux Enterprise Server 15 LTSS 15 (nosrc)
  • kernel-zfcpdump-4.12.14-150000.150.98.1
  • kernel-vanilla-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server 15 LTSS 15 (s390x)
  • kernel-zfcpdump-debugsource-4.12.14-150000.150.98.1
  • kernel-default-man-4.12.14-150000.150.98.1
  • kernel-zfcpdump-debuginfo-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server for SAP Applications 15 (nosrc ppc64le x86_64)
  • kernel-default-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le x86_64)
  • kernel-default-debugsource-4.12.14-150000.150.98.1
  • kernel-syms-4.12.14-150000.150.98.1
  • kernel-default-devel-debuginfo-4.12.14-150000.150.98.1
  • kernel-obs-build-4.12.14-150000.150.98.1
  • reiserfs-kmp-default-debuginfo-4.12.14-150000.150.98.1
  • kernel-vanilla-base-debuginfo-4.12.14-150000.150.98.1
  • kernel-default-devel-4.12.14-150000.150.98.1
  • kernel-default-debuginfo-4.12.14-150000.150.98.1
  • kernel-vanilla-debuginfo-4.12.14-150000.150.98.1
  • kernel-vanilla-base-4.12.14-150000.150.98.1
  • reiserfs-kmp-default-4.12.14-150000.150.98.1
  • kernel-vanilla-debugsource-4.12.14-150000.150.98.1
  • kernel-default-base-4.12.14-150000.150.98.1
  • kernel-obs-build-debugsource-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch)
  • kernel-devel-4.12.14-150000.150.98.1
  • kernel-macros-4.12.14-150000.150.98.1
  • kernel-source-4.12.14-150000.150.98.1
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch nosrc)
  • kernel-docs-4.12.14-150000.150.98.2
• SUSE Linux Enterprise Server for SAP Applications 15 (nosrc)
  • kernel-vanilla-4.12.14-150000.150.98.1

References:

• https://www.suse.com/security/cve/CVE-2020-36557.html
• https://www.suse.com/security/cve/CVE-2020-36558.html
• https://www.suse.com/security/cve/CVE-2021-26341.html
• https://www.suse.com/security/cve/CVE-2021-33655.html
• https://www.suse.com/security/cve/CVE-2021-33656.html
• https://www.suse.com/security/cve/CVE-2022-1462.html
• https://www.suse.com/security/cve/CVE-2022-20166.html
• https://www.suse.com/security/cve/CVE-2022-36946.html
• https://bugzilla.suse.com/show_bug.cgi?id=1195775
• https://bugzilla.suse.com/show_bug.cgi?id=1195926
• https://bugzilla.suse.com/show_bug.cgi?id=1198484
• https://bugzilla.suse.com/show_bug.cgi?id=1198829
• https://bugzilla.suse.com/show_bug.cgi?id=1200442
• https://bugzilla.suse.com/show_bug.cgi?id=1200598
• https://bugzilla.suse.com/show_bug.cgi?id=1200910
• https://bugzilla.suse.com/show_bug.cgi?id=1201050
• https://bugzilla.suse.com/show_bug.cgi?id=1201429
• https://bugzilla.suse.com/show_bug.cgi?id=1201635
• https://bugzilla.suse.com/show_bug.cgi?id=1201636
• https://bugzilla.suse.com/show_bug.cgi?id=1201926
• https://bugzilla.suse.com/show_bug.cgi?id=1201930
• https://bugzilla.suse.com/show_bug.cgi?id=1201940