Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2022:1256-1
Rating:	important
References:	bsc#1189562 bsc#1193738 bsc#1194943 bsc#1195051 bsc#1195254 bsc#1195353 bsc#1196018 bsc#1196114 bsc#1196433 bsc#1196468 bsc#1196488 bsc#1196514 bsc#1196639 bsc#1196761 bsc#1196830 bsc#1196836 bsc#1196942 bsc#1196973 bsc#1197227 bsc#1197331 bsc#1197366 bsc#1197391 bsc#1198031 bsc#1198032 bsc#1198033 jsc#SLE-18234 jsc#SLE-23652
Cross-References:	CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390
CVSS scores:	CVE-2021-39713 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-45868 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-45868 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0812 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0812 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0850 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-0850 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1016 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1016 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23036 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26966 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-28356 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28356 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28388 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28388 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28389 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28390 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability Extension 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 SUSE Linux Enterprise Live Patching 15-SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0

An update that solves 19 vulnerabilities, contains two features and has six security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc#1197391).
• CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227).
• CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032).
• CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033).
• CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031).
• CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma (bsc#1196639).
• CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331).
• CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761).
• CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836).
• CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366).
• CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1196973).
• CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488).
• CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).

The following non-security bugs were fixed:

• ax88179_178a: Fixed memory issues that could be triggered by malicious USB devices (bsc#1196018).
• genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
• gve/net: Fixed multiple bugfixes (jsc#SLE-23652).
• net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
• net: tipc: validate domain record count on input (bsc#1195254).
• powerpc: Fixed issues related to slow I/O on PowerPC (bsc#1196433).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15-SP1
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1256=1
• SUSE Linux Enterprise High Availability Extension 15 SP1
  zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1256=1
• SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1256=1
• SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1256=1
• SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1256=1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1256=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP1
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1256=1
• SUSE Enterprise Storage 6
  zypper in -t patch SUSE-Storage-6-2022-1256=1
• SUSE CaaS Platform 4.0
  To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List:

• SUSE Linux Enterprise Live Patching 15-SP1 (nosrc)
  • kernel-default-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64)
  • kernel-default-livepatch-4.12.14-150100.197.111.1
  • kernel-livepatch-4_12_14-150100_197_111-default-1-150100.3.3.1
  • kernel-default-livepatch-devel-4.12.14-150100.197.111.1
  • kernel-default-debugsource-4.12.14-150100.197.111.1
  • kernel-default-debuginfo-4.12.14-150100.197.111.1
• SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64)
  • dlm-kmp-default-4.12.14-150100.197.111.1
  • ocfs2-kmp-default-debuginfo-4.12.14-150100.197.111.1
  • gfs2-kmp-default-4.12.14-150100.197.111.1
  • ocfs2-kmp-default-4.12.14-150100.197.111.1
  • gfs2-kmp-default-debuginfo-4.12.14-150100.197.111.1
  • cluster-md-kmp-default-debuginfo-4.12.14-150100.197.111.1
  • dlm-kmp-default-debuginfo-4.12.14-150100.197.111.1
  • cluster-md-kmp-default-4.12.14-150100.197.111.1
  • kernel-default-debugsource-4.12.14-150100.197.111.1
  • kernel-default-debuginfo-4.12.14-150100.197.111.1
• SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc)
  • kernel-default-4.12.14-150100.197.111.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150100.197.111.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (aarch64 x86_64)
  • kernel-syms-4.12.14-150100.197.111.1
  • kernel-default-base-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-base-4.12.14-150100.197.111.1
  • kernel-obs-build-4.12.14-150100.197.111.1
  • kernel-default-debugsource-4.12.14-150100.197.111.1
  • kernel-obs-build-debugsource-4.12.14-150100.197.111.1
  • kernel-default-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-devel-4.12.14-150100.197.111.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (noarch)
  • kernel-devel-4.12.14-150100.197.111.1
  • kernel-macros-4.12.14-150100.197.111.1
  • kernel-source-4.12.14-150100.197.111.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (noarch nosrc)
  • kernel-docs-4.12.14-150100.197.111.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150100.197.111.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64)
  • kernel-syms-4.12.14-150100.197.111.1
  • kernel-default-base-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-base-4.12.14-150100.197.111.1
  • kernel-obs-build-4.12.14-150100.197.111.1
  • kernel-default-debugsource-4.12.14-150100.197.111.1
  • kernel-obs-build-debugsource-4.12.14-150100.197.111.1
  • kernel-default-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-devel-4.12.14-150100.197.111.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
  • kernel-devel-4.12.14-150100.197.111.1
  • kernel-macros-4.12.14-150100.197.111.1
  • kernel-source-4.12.14-150100.197.111.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc)
  • kernel-docs-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (nosrc x86_64)
  • kernel-default-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (x86_64)
  • reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
  • kernel-syms-4.12.14-150100.197.111.1
  • kernel-default-base-debuginfo-4.12.14-150100.197.111.1
  • reiserfs-kmp-default-4.12.14-150100.197.111.1
  • kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-base-4.12.14-150100.197.111.1
  • kernel-obs-build-4.12.14-150100.197.111.1
  • kernel-default-debugsource-4.12.14-150100.197.111.1
  • kernel-obs-build-debugsource-4.12.14-150100.197.111.1
  • kernel-default-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-devel-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (noarch)
  • kernel-devel-4.12.14-150100.197.111.1
  • kernel-macros-4.12.14-150100.197.111.1
  • kernel-source-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (noarch nosrc)
  • kernel-docs-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64)
  • reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
  • kernel-syms-4.12.14-150100.197.111.1
  • kernel-default-base-debuginfo-4.12.14-150100.197.111.1
  • reiserfs-kmp-default-4.12.14-150100.197.111.1
  • kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-base-4.12.14-150100.197.111.1
  • kernel-obs-build-4.12.14-150100.197.111.1
  • kernel-default-debugsource-4.12.14-150100.197.111.1
  • kernel-obs-build-debugsource-4.12.14-150100.197.111.1
  • kernel-default-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-devel-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
  • kernel-devel-4.12.14-150100.197.111.1
  • kernel-macros-4.12.14-150100.197.111.1
  • kernel-source-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc)
  • kernel-docs-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x)
  • kernel-zfcpdump-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-man-4.12.14-150100.197.111.1
  • kernel-zfcpdump-debugsource-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc)
  • kernel-zfcpdump-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64)
  • kernel-default-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
  • reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
  • kernel-syms-4.12.14-150100.197.111.1
  • kernel-default-base-debuginfo-4.12.14-150100.197.111.1
  • reiserfs-kmp-default-4.12.14-150100.197.111.1
  • kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-base-4.12.14-150100.197.111.1
  • kernel-obs-build-4.12.14-150100.197.111.1
  • kernel-default-debugsource-4.12.14-150100.197.111.1
  • kernel-obs-build-debugsource-4.12.14-150100.197.111.1
  • kernel-default-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-devel-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
  • kernel-devel-4.12.14-150100.197.111.1
  • kernel-macros-4.12.14-150100.197.111.1
  • kernel-source-4.12.14-150100.197.111.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc)
  • kernel-docs-4.12.14-150100.197.111.1
• SUSE Enterprise Storage 6 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150100.197.111.1
• SUSE Enterprise Storage 6 (aarch64 x86_64)
  • reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
  • kernel-syms-4.12.14-150100.197.111.1
  • kernel-default-base-debuginfo-4.12.14-150100.197.111.1
  • reiserfs-kmp-default-4.12.14-150100.197.111.1
  • kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-base-4.12.14-150100.197.111.1
  • kernel-obs-build-4.12.14-150100.197.111.1
  • kernel-default-debugsource-4.12.14-150100.197.111.1
  • kernel-obs-build-debugsource-4.12.14-150100.197.111.1
  • kernel-default-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-devel-4.12.14-150100.197.111.1
• SUSE Enterprise Storage 6 (noarch)
  • kernel-devel-4.12.14-150100.197.111.1
  • kernel-macros-4.12.14-150100.197.111.1
  • kernel-source-4.12.14-150100.197.111.1
• SUSE Enterprise Storage 6 (noarch nosrc)
  • kernel-docs-4.12.14-150100.197.111.1
• SUSE CaaS Platform 4.0 (nosrc x86_64)
  • kernel-default-4.12.14-150100.197.111.1
• SUSE CaaS Platform 4.0 (x86_64)
  • reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
  • kernel-syms-4.12.14-150100.197.111.1
  • kernel-default-base-debuginfo-4.12.14-150100.197.111.1
  • reiserfs-kmp-default-4.12.14-150100.197.111.1
  • kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
  • kernel-default-base-4.12.14-150100.197.111.1
  • kernel-obs-build-4.12.14-150100.197.111.1
  • kernel-default-debugsource-4.12.14-150100.197.111.1
  • kernel-obs-build-debugsource-4.12.14-150100.197.