Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2022:1163-1
Rating:	important
References:	bsc#1065729 bsc#1156395 bsc#1175667 bsc#1177028 bsc#1178134 bsc#1179639 bsc#1180153 bsc#1189562 bsc#1194589 bsc#1194625 bsc#1194649 bsc#1194943 bsc#1195051 bsc#1195353 bsc#1195640 bsc#1195926 bsc#1196018 bsc#1196130 bsc#1196196 bsc#1196478 bsc#1196488 bsc#1196761 bsc#1196823 bsc#1196956 bsc#1197227 bsc#1197243 bsc#1197245 bsc#1197300 bsc#1197302 bsc#1197331 bsc#1197343 bsc#1197366 bsc#1197389 bsc#1197460 bsc#1197462 bsc#1197501 bsc#1197534 bsc#1197661 bsc#1197675 bsc#1197677 bsc#1197702 bsc#1197811 bsc#1197812 bsc#1197815 bsc#1197817 bsc#1197819 bsc#1197820 bsc#1197888 bsc#1197889 bsc#1197894 bsc#1198027 bsc#1198028 bsc#1198029 bsc#1198030 bsc#1198031 bsc#1198032 bsc#1198033 bsc#1198077
Cross-References:	CVE-2021-39698 CVE-2021-45402 CVE-2021-45868 CVE-2022-0850 CVE-2022-0854 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1205 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-27223 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390
CVSS scores:	CVE-2021-39698 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-45402 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2021-45402 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45868 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-45868 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0850 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-0850 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-0854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0854 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1011 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1016 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1195 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1195 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1198 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1199 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1199 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1205 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1205 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23036 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23036 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27223 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-27223 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-27666 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28388 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28389 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28390 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	openSUSE Leap 15.3 Public Cloud Module 15-SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2

An update that solves 25 vulnerabilities and has 33 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823)
CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028)
CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027)
CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030).
CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029)
CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702)
CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
CVE-2022-27223: Fixed an out-of-array access in /usb/gadget/udc/udc-xilinx.c. (bsc#1197245)
CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956)
CVE-2021-45402: Fixed a pointer leak in check_alu_op() of kernel/bpf/verifier.c. (bsc#1196130).
CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)

The following non-security bugs were fixed:

ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes).
ACPI: APEI: fix return value of __setup handlers (git-fixes).
ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes).
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes).
ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes).
ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes).
ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes).
ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes).
ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes).
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes).
ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes).
ALSA: spi: Add check for clk_enable() (git-fixes).
ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes).
ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes).
ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes).
ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes).
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes).
ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
ASoC: fsi: Add check for clk_enable (git-fixes).
ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes).
ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes).
ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes).
ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes).
ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
ASoC: SOF: topology: remove redundant code (git-fixes).
ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes).
ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
ASoC: topology: Allow TLV control to be either read or write (git-fixes).
ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes).
ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes).
ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes).
ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
block: update io_ticks when io hang (bsc#1197817).
block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819).
bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes).
bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028).
btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649).
btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649).
btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649).
btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649).
btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649).
btrfs: check if a log tree exists at inode_logged() (bsc#1194649).
btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649).
btrfs: do not log new dentries when logging that a new name exists (bsc#1194649).
btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649).
btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649).
btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649).
btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649).
btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649).
btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649).
btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649).
btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649).
btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649).
btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649).
btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649).
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes).
can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes).
can: mcba_usb: properly check endpoint type (git-fixes).
can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes).
cifs: do not skip link targets when an I/O fails (bsc#1194625).
cifs: use the correct max-length for dentry_path_raw() (bsc1196196).
clk: actions: Terminate clk_div_table with sentinel element (git-fixes).
clk: bcm2835: Remove unused variable (git-fixes).
clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes).
clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
clk: Initialize orphan req_rate (git-fixes).
clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes).
clk: nxp: Remove unused variable (git-fixes).
clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes).
clk: uniphier: Fix fixed-rate initialization (git-fixes).
clocksource: acpi_pm: fix return value of __setup handler (git-fixes).
clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes).
cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes).
crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes).
crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes).
crypto: ccree - do not attempt 0 len DMA mappings (git-fixes).
crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
crypto: qat - do not cast parameter in bit operations (git-fixes).
crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes).
crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes).
crypto: rsa-pkcs1pad - restore signature length check (git-fixes).
crypto: vmx - add missing dependencies (git-fixes).
dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501).
driver core: dd: fix return value of __setup handler (git-fixes).
drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes).
drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes).
drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes).
drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes).
drm/doc: overview before functions for drm_writeback.c (git-fixes).
drm/i915: Fix dbuf slice config lookup (git-fixes).
drm/i915/gem: add missing boundary check in vm_access (git-fixes).
drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes).