Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2022:0068-1
Rating: important
References: #1114648 #1124431 #1167162 #1169514 #1172073 #1179599 #1183678 #1183897 #1184804 #1185727 #1185762 #1187167 #1189126 #1189158 #1189305 #1189841 #1190317 #1190358 #1190428 #1191229 #1191384 #1191731 #1191876 #1192032 #1192145 #1192267 #1192740 #1192845 #1192847 #1192866 #1192877 #1192946 #1192974 #1193231 #1193306 #1193318 #1193440 #1193442 #1193575 #1193731 #1194087 #1194094
Cross-References:CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-4002 CVE-2021-43975 CVE-2021-43976 CVE-2021-45485 CVE-2021-45486
Affected Products:
  • SUSE Linux Enterprise Workstation Extension 12-SP5
  • SUSE Linux Enterprise Software Development Kit 12-SP5
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Live Patching 12-SP5
  • SUSE Linux Enterprise High Availability 12-SP5

An update that solves 16 vulnerabilities and has 26 fixes is now available.

Description:


The SUSE Linux Enterprise 12 SP5 kernel was updated.
The following security bugs were fixed:

  • CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka "Kr00k". (bsc#1167162)
  • CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877)
  • CVE-2021-0935: Fixed out of bounds write due to a use after free which could lead to local escalation of privilege with System execution privileges needed in ip6_xmit. (bsc#1192032)
  • CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575)
  • CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc. (bsc#1193731)
  • CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094)
  • CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bsc#1194087)
  • CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442)
  • CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442)
  • CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440)
  • CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440)
  • CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440)
  • CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845)
  • CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bsc#1192847)
  • CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946)
  • CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599)

The following non-security bugs were fixed:
  • blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
  • cifs: Add new mount parameter "acdirmax" to allow caching directory metadata (bsc#1190317).
  • cifs: Add new parameter "acregmax" for distinct file and directory metadata timeout (bsc#1190317).
  • cifs: convert list_for_each to entry variant (jsc#SLE-20656).
  • cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1190317).
  • cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1190317).
  • cifs: fiemap: do not return EINVAL if get nothing (bsc#1190317).
  • cifs: Fix a potencially linear read overflow (git-fixes).
  • cifs: fix a sign extension bug (git-fixes).
  • cifs: fix incorrect check for null pointer in header_assemble (bsc#1190317).
  • cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1190317).
  • cifs: fix missed refcounting of ipc tcon (git-fixes).
  • cifs: fix potential use-after-free bugs (jsc#SLE-20656).
  • cifs: fix print of hdr_flags in dfscache_proc_show() (jsc#SLE-20656).
  • cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1190317).
  • cifs: for compound requests, use open handle if possible (bsc#1190317).
  • cifs: introduce new helper for cifs_reconnect() (jsc#SLE-20656).
  • cifs: move to generic async completion (bsc#1190317).
  • cifs: nosharesock should be set on new server (git-fixes).
  • cifs: nosharesock should not share socket with future sessions (bsc#1190317).
  • cifs: On cifs_reconnect, resolve the hostname again (bsc#1190317).
  • cifs: properly invalidate cached root handle when closing it (bsc#1190317).
  • cifs: release lock earlier in dequeue_mid error case (bsc#1190317).
  • cifs: set a minimum of 120s for next dns resolution (bsc#1190317).
  • cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1190317).
  • cifs: split out dfs code from cifs_reconnect() (jsc#SLE-20656).
  • cifs: support nested dfs links over reconnect (jsc#SLE-20656).
  • cifs: support share failover when remounting (jsc#SLE-20656).
  • cifs: To match file servers, make sure the server hostname matches (bsc#1190317).
  • config: INPUT_EVBUG=n (bsc#1192974). Debug driver unsuitable for production, only enabled on ppc64.
  • constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder.
  • cred: allow get_cred() and put_cred() to be given NULL (git-fixes).
  • EDAC/amd64: Handle three rank interleaving mode (bsc#1114648).
  • elfcore: correct reference to CONFIG_UML (git-fixes).
  • elfcore: fix building with clang (bsc#1169514).
  • fuse: release pipe buf after last use (bsc#1193318).
  • genirq: Move initial affinity setup to irq_startup() (bsc#1193231).
  • genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1193231).
  • genirq: Remove mask argument from setup_affinity() (bsc#1193231).
  • genirq: Rename setup_affinity() to irq_setup_affinity() (bsc#1193231).
  • genirq: Split out irq_startup() code (bsc#1193231).
  • lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
  • md: fix a lock order reversal in md_alloc (git-fixes).
  • net: hso: fix control-request directions (git-fixes).
  • net: hso: fix muxed tty registration (git-fixes).
  • net: lan78xx: fix division by zero in send path (git-fixes).
  • net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185727).
  • net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779, bsc#1185727).
  • net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185727).
  • net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185727).
  • net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185727).
  • net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185727).
  • net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes).
  • net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes).
  • nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes).
  • nfsd: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
  • nvme-fc: avoid race between time out and tear down (bsc#1185762).
  • nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
  • nvme-fc: update hardware queues before using them (bsc#1185762).
  • nvme-fc: wait for queues to freeze before calling update_hr_hw_queues (bsc#1183678).
  • nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
  • objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
  • platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes).
  • platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
  • pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes).
  • rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes).
  • scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes).
  • scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes).
  • scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
  • scsi: lpfc: Add additional debugfs support for CMF (bsc1192145).
  • scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc1192145).
  • scsi: lpfc: Cap CMF read bytes to MBPI (bsc1192145).
  • scsi: lpfc: Change return code on I/Os received during link bounce (bsc1192145).
  • scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc1192145).
  • scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc1192145).
  • scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126).
  • scsi: lpfc: Fix NPIV port deletion crash (bsc1192145).
  • scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc1192145).
  • scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc1192145).
  • scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes).
  • scsi: qla2xxx: edif: Fix app start delay (git-fixes).
  • scsi: qla2xxx: edif: Fix app start fail (git-fixes).
  • scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes).
  • scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes).
  • scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes).
  • scsi: qla2xxx: edif: Increase ELS payload (git-fixes).
  • scsi: qla2xxx: Fix gnl list corruption (git-fixes).
  • scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes).
  • scsi: qla2xxx: Format log strings only if needed (git-fixes).
  • scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
  • smb3: add additional null check in SMB2_ioctl (bsc#1190317).
  • smb3: add additional null check in SMB2_open (bsc#1190317).
  • smb3: add additional null check in SMB2_tcon (bsc#1190317).
  • smb3: correct server pointer dereferencing check to be more consistent (bsc#1190317).
  • smb3: correct smb3 ACL security descriptor (bsc#1190317).
  • smb3: do not error on fsync when readonly (bsc#1190317).
  • smb3: remove trivial dfs compile warning (jsc#SLE-20656).
  • SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866).
  • SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876 bsc#1192866).
  • tracing: Check pid filtering when creating events (git-fixes).
  • tracing: Fix pid filtering when triggers are attached (git-fixes).
  • tty: hvc: replace BUG_ON() with negative return value (git-fixes).
  • usb: Add compatibility quirk flags for iODD 2531/2541 (git-fixes).
  • usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes).
  • usb: serial: option: add Fibocom FM101-GL variants (git-fixes).
  • usb: serial: option: add prod. id for Quectel EG91 (git-fixes).
  • usb: serial: option: add Quectel EC200S-CN module support (git-fixes).
  • usb: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
  • usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes).
  • usb: serial: qcserial: add EM9191 QDL support (git-fixes).
  • x86/msi: Force affinity setup before startup (bsc#1193231).
  • x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1114648).
  • x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1114648).
  • x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1114648).
  • x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514).
  • xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
  • xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
  • xen/blkfront: do not trust the backend response data blindly (git-fixes).
  • xen/blkfront: read response from backend only once (git-fixes).
  • xen/netfront: disentangle tx_skb_freelist (git-fixes).
  • xen/netfront: do not read data from request on the ring page (git-fixes).
  • xen/netfront: do not trust the backend response data blindly (git-fixes).
  • xen/netfront: read response from backend only once (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Workstation Extension 12-SP5:
    zypper in -t patch SUSE-SLE-WE-12-SP5-2022-68=1
  • SUSE Linux Enterprise Software Development Kit 12-SP5:
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-68=1
  • SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-68=1
  • SUSE Linux Enterprise Live Patching 12-SP5:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-68=1
  • SUSE Linux Enterprise High Availability 12-SP5:
    zypper in -t patch SUSE-SLE-HA-12-SP5-2022-68=1

Package List:

  • SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
    • kernel-default-debuginfo-4.12.14-122.106.1
    • kernel-default-debugsource-4.12.14-122.106.1
    • kernel-default-extra-4.12.14-122.106.1
    • kernel-default-extra-debuginfo-4.12.14-122.106.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • kernel-obs-build-4.12.14-122.106.1
    • kernel-obs-build-debugsource-4.12.14-122.106.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
    • kernel-docs-4.12.14-122.106.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • kernel-default-4.12.14-122.106.1
    • kernel-default-base-4.12.14-122.106.1
    • kernel-default-base-debuginfo-4.12.14-122.106.1
    • kernel-default-debuginfo-4.12.14-122.106.1
    • kernel-default-debugsource-4.12.14-122.106.1
    • kernel-default-devel-4.12.14-122.106.1
    • kernel-syms-4.12.14-122.106.1
  • SUSE Linux Enterprise Server 12-SP5 (x86_64):
    • kernel-default-devel-debuginfo-4.12.14-122.106.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • kernel-devel-4.12.14-122.106.1
    • kernel-macros-4.12.14-122.106.1
    • kernel-source-4.12.14-122.106.1
  • SUSE Linux Enterprise Server 12-SP5 (s390x):
    • kernel-default-man-4.12.14-122.106.1
  • SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
    • kernel-default-debuginfo-4.12.14-122.106.1
    • kernel-default-debugsource-4.12.14-122.106.1
    • kernel-default-kgraft-4.12.14-122.106.1
    • kernel-default-kgraft-devel-4.12.14-122.106.1
    • kgraft-patch-4_12_14-122_106-default-1-8.3.1
  • SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
    • cluster-md-kmp-default-4.12.14-122.106.1
    • cluster-md-kmp-default-debuginfo-4.12.14-122.106.1
    • dlm-kmp-default-4.12.14-122.106.1
    • dlm-kmp-default-debuginfo-4.12.14-122.106.1
    • gfs2-kmp-default-4.12.14-122.106.1
    • gfs2-kmp-default-debuginfo-4.12.14-122.106.1
    • kernel-default-debuginfo-4.12.14-122.106.1
    • kernel-default-debugsource-4.12.14-122.106.1
    • ocfs2-kmp-default-4.12.14-122.106.1
    • ocfs2-kmp-default-debuginfo-4.12.14-122.106.1

References: