Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2022:1197-1
Rating:	important
References:	bsc#1179639 bsc#1189562 bsc#1193731 bsc#1194943 bsc#1195051 bsc#1195254 bsc#1195353 bsc#1195403 bsc#1195939 bsc#1196018 bsc#1196196 bsc#1196468 bsc#1196488 bsc#1196761 bsc#1196823 bsc#1196830 bsc#1196836 bsc#1196956 bsc#1197227 bsc#1197331 bsc#1197366 bsc#1197389 bsc#1197462 bsc#1197702 bsc#1197914 bsc#1198031 bsc#1198032 bsc#1198033
Cross-References:	CVE-2021-0920 CVE-2021-39698 CVE-2021-45868 CVE-2022-0850 CVE-2022-0854 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390
CVSS scores:	CVE-2021-0920 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-45868 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-45868 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0850 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-0850 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-0854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0854 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1016 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1016 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23036 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26966 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-27666 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-27666 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28388 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28389 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28390 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Live Patching 15-SP2 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 21 vulnerabilities and has seven security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated.

The following security bugs were fixed:

• CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
• CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
• CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
• CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702)
• CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
• CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
• CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
• CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
• CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
• CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823)
• CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836)
• CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956)
• CVE-2021-0920: Fixed a race condition during UNIX socket garbage collection that could lead to local privilege escalation. (bsc#119373)
• CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)
• CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830)

The following non-security bugs were fixed:

• ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
• cifs: use the correct max-length for dentry_path_raw() (bsc1196196).
• drm: add a locked version of drm_is_current_master (bsc#1197914).
• drm: drm_file struct kABI compatibility workaround (bsc#1197914).
• drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
• drm: serialize drm_file.master with a new spinlock (bsc#1197914).
• drm: use the lookup lock in drm_is_current_master (bsc#1197914).
• net: tipc: validate domain record count on input (bsc#1195254).
• llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
• net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
• net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
• netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389).
• powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
• SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403).
• usb: host: xen-hcd: add missing unlock in error path (git-fixes).
• xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15-SP2
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1197=1
  Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates.
• SUSE Linux Enterprise High Availability Extension 15 SP2
  zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-1197=1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1197=1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1197=1
• SUSE Linux Enterprise Real Time 15 SP2
  zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1197=1
• SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1197=1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1197=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1197=1
• SUSE Manager Proxy 4.1
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1197=1
• SUSE Manager Retail Branch Server 4.1
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1197=1
• SUSE Manager Server 4.1
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1197=1
• SUSE Enterprise Storage 7
  zypper in -t patch SUSE-Storage-7-2022-1197=1
• SUSE Linux Enterprise Micro 5.0
  zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1197=1

Package List:

• SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.112.1
• SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
  • kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-1-150200.5.5.1
  • kernel-default-livepatch-5.3.18-150200.24.112.1
  • kernel-default-debugsource-5.3.18-150200.24.112.1
  • kernel-livepatch-5_3_18-150200_24_112-default-1-150200.5.5.1
  • kernel-default-livepatch-devel-5.3.18-150200.24.112.1
  • kernel-default-debuginfo-5.3.18-150200.24.112.1
  • kernel-livepatch-SLE15-SP2_Update_26-debugsource-1-150200.5.5.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
  • dlm-kmp-default-5.3.18-150200.24.112.1
  • kernel-default-debugsource-5.3.18-150200.24.112.1
  • kernel-default-debuginfo-5.3.18-150200.24.112.1
  • ocfs2-kmp-default-5.3.18-150200.24.112.1
  • dlm-kmp-default-debuginfo-5.3.18-150200.24.112.1
  • cluster-md-kmp-default-debuginfo-5.3.18-150200.24.112.1
  • ocfs2-kmp-default-debuginfo-5.3.18-150200.24.112.1
  • gfs2-kmp-default-debuginfo-5.3.18-150200.24.112.1
  • gfs2-kmp-default-5.3.18-150200.24.112.1
  • cluster-md-kmp-default-5.3.18-150200.24.112.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.112.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.112.1
  • kernel-default-5.3.18-150200.24.112.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (aarch64 x86_64)
  • kernel-obs-build-debugsource-5.3.18-150200.24.112.1
  • kernel-default-debugsource-5.3.18-150200.24.112.1
  • kernel-default-debuginfo-5.3.18-150200.24.112.1
  • kernel-preempt-devel-5.3.18-150200.24.112.1
  • kernel-preempt-debugsource-5.3.18-150200.24.112.1
  • kernel-default-devel-5.3.18-150200.24.112.1
  • kernel-syms-5.3.18-150200.24.112.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1
  • kernel-obs-build-5.3.18-150200.24.112.1
  • kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2
  • kernel-preempt-debuginfo-5.3.18-150200.24.112.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.112.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (noarch)
  • kernel-source-5.3.18-150200.24.112.1
  • kernel-macros-5.3.18-150200.24.112.1
  • kernel-devel-5.3.18-150200.24.112.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.112.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.112.1
  • kernel-default-5.3.18-150200.24.112.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
  • kernel-obs-build-debugsource-5.3.18-150200.24.112.1
  • kernel-default-debugsource-5.3.18-150200.24.112.1
  • kernel-default-debuginfo-5.3.18-150200.24.112.1
  • kernel-preempt-devel-5.3.18-150200.24.112.1
  • kernel-preempt-debugsource-5.3.18-150200.24.112.1
  • kernel-default-devel-5.3.18-150200.24.112.1
  • kernel-syms-5.3.18-150200.24.112.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1
  • kernel-obs-build-5.3.18-150200.24.112.1
  • kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2
  • kernel-preempt-debuginfo-5.3.18-150200.24.112.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.112.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
  • kernel-source-5.3.18-150200.24.112.1
  • kernel-macros-5.3.18-150200.24.112.1
  • kernel-devel-5.3.18-150200.24.112.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.112.1
• SUSE Linux Enterprise Real Time 15 SP2 (nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.112.1
  • kernel-default-5.3.18-150200.24.112.1
• SUSE Linux Enterprise Real Time 15 SP2 (x86_64)
  • kernel-obs-build-debugsource-5.3.18-150200.24.112.1
  • kernel-default-debugsource-5.3.18-150200.24.112.1
  • kernel-default-debuginfo-5.3.18-150200.24.112.1
  • kernel-preempt-devel-5.3.18-150200.24.112.1
  • kernel-preempt-debugsource-5.3.18-150200.24.112.1
  • kernel-default-devel-5.3.18-150200.24.112.1
  • kernel-syms-5.3.18-150200.24.112.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1
  • kernel-obs-build-5.3.18-150200.24.112.1
  • kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2
  • kernel-preempt-debuginfo-5.3.18-150200.24.112.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.112.1
• SUSE Linux Enterprise Real Time 15 SP2 (noarch)
  • kernel-source-5.3.18-150200.24.112.1
  • kernel-macros-5.3.18-150200.24.112.1
  • kernel-devel-5.3.18-150200.24.112.1
• SUSE Linux Enterprise Real Time 15 SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.112.1
• SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 (nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.112.1
  • kernel-default-5.3.18-150200.24.112.1
• SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 (x86_64)
  • kernel-obs-build-debugsource-5.3.18-150200.24.112.1
  • kernel-default-debugsource-5.3.18-150200.24.112.1
  • kernel-default-debuginfo-5.3.18-150200.24.112.1
  • kernel-preempt-devel-5.3.18-150200.24.112.1
  • kernel-preempt-debugsource-5.3.18-150200.24.112.1
  • kernel-default-devel-5.3.18-150200.24.112.1
  • kernel-syms-5.3.18-150200.24.112.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1
  • kernel-obs-build-5.3.18-150200.24.112.1
  • kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2
  • kernel-preempt-debuginfo-5.3.18-150200.24.112.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.112.1
• SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 (noarch)
  • kernel-source-5.3.18-150200.24.112.1
  • kernel-macros-5.3.18-150200.24.112.1
  • kernel-devel-5.3.18-150200.24.112.1