Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2022:2080-1
Rating: important
References: #1024718 #1055117 #1061840 #1065729 #1129770 #1158266 #1162338 #1162369 #1173871 #1188885 #1194124 #1195612 #1195651 #1196426 #1196570 #1197219 #1197601 #1198438 #1198577 #1198899 #1198989 #1199035 #1199063 #1199237 #1199239 #1199314 #1199399 #1199426 #1199505 #1199507 #1199526 #1199602 #1199605 #1199606 #1199631 #1199650 #1199671 #1199839 #1200015 #1200045 #1200057 #1200143 #1200144 #1200173 #1200249
Cross-References:CVE-2019-19377 CVE-2021-33061 CVE-2021-39711 CVE-2022-1184 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-24448 CVE-2022-30594
Affected Products:
  • SUSE Linux Enterprise Server 12-SP5

An update that solves 18 vulnerabilities and has 27 fixes is now available.

Description:


The SUSE Linux Enterprise 12 SP5 kernel was updated.
The following security bugs were fixed:

  • CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
  • CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143)
  • CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
  • CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
  • CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
  • CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
  • CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
  • CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
  • CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426)
  • CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
  • CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
  • CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
  • CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).

The following non-security bugs were fixed:
  • ACPI: property: Release subnode properties with data nodes (git-fixes).
  • ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770)
  • arm64: set plt* section addresses to 0x0 (git-fixes)
  • arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes)
  • arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes)
  • arm64: avoid -Woverride-init warning (git-fixes)
  • arm64: berlin: Select DW_APB_TIMER_OF (git-fixes) Update arm64 default config too.
  • arm64: Clear OSDLR_EL1 on CPU boot (git-fixes)
  • arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes).
  • arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes)
  • arm64: compat: Reduce address limit (git-fixes)
  • arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes)
  • arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes)
  • arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes)
  • arm64: csum: Fix handling of bad packets (git-fixes)
  • arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug (git-fixes)
  • arm64: debug: Ensure debug handlers check triggering exception level (git-fixes)
  • arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes)
  • arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes)
  • arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
  • arm64: Fix HCR.TGE status for NMI contexts (git-fixes)
  • arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
  • arm64: Fix size of __early_cpu_boot_status (git-fixes)
  • arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes)
  • arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes)
  • arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP (git-fixes)
  • arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (git-fixes)
  • arm64: futex: Restore oldval initialization to work around buggy (git-fixes)
  • arm64: hibernate: check pgd table allocation (git-fixes)
  • arm64: hugetlb: avoid potential NULL dereference (git-fixes)
  • arm64: hw_breakpoint: Do not invoke overflow handler on uaccess (git-fixes)
  • arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes)
  • arm64: kdump: update ppos when reading elfcorehdr (git-fixes)
  • arm64: kgdb: Fix single-step exception handling oops (git-fixes)
  • arm64: kprobes: Recover pstate.D in single-step exception handler (git-fixes)
  • arm64: module: remove (NOLOAD) from linker script (git-fixes)
  • arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
  • arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes)
  • arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
  • arm64: Relax GIC version check during early boot (git-fixes)
  • arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes)
  • arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes)
  • arm64: smp: fix smp_send_stop() behaviour (git-fixes)
  • arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess (git-fixes)
  • arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
  • arm64: handle non-remapped addresses in ->mmap and (git-fixes)
  • arm64: avoid fixmap race condition when create pud mapping (git-fixes)
  • bonding: pair enable_port with slave_arr_updates (git-fixes).
  • btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
  • btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
  • cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839).
  • cputime, cpuacct: Include guest time in user time in (git-fixes)
  • crypto: arm64/aes-neonbs - do not access already-freed walk.iv (git-fixes)
  • crypto: ixp4xx - dma_unmap the correct address (git-fixes).
  • crypto: qat - do not cast parameter in bit operations (git-fixes).
  • crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (bsc#1197601).
  • crypto: virtio - deal with unsupported input sizes (git-fixes).
  • crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes).
  • drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes).
  • drbd: Fix five use after free bugs in get_initial_state (git-fixes).
  • drivers: net: xgene: Fix regression in CRC stripping (git-fixes).
  • drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770)
  • i40e: always propagate error value in i40e_set_vsi_promisc() (git-fixes).
  • i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
  • i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc (git-fixes).
  • i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (git-fixes).
  • i40e: Fix virtchnl_queue_select bitmap validation (git-fixes).
  • i40e: Refactoring VF MAC filters counting to make more reliable (git-fixes).
  • i40e: Remove scheduling while atomic possibility (git-fixes).
  • iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
  • Input: aiptek - properly check endpoint type (git-fixes).
  • Input: appletouch - initialize work before device registration (git-fixes).
  • Input: elantench - fix misreporting trackpoint coordinates (git-fixes).
  • Input: spaceball - fix parsing of movement data packets (git-fixes).
  • Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
  • Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes).
  • Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
  • KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
  • KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
  • KVM: PPC: Propagate errors to the guest when failed instead of ignoring (bsc#1061840 git-fixes).
  • lpfc: drop driver update 14.2.0.x The amount of backport changes necessary for due to the refactoring is introducing to much code churn and is likely to introduce regressions. This ends the backport effort to keep the lpfc in sync with mainline.
  • lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899).
  • media: cpia2: fix control-message timeouts (git-fixes).
  • media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
  • media: dib0700: fix undefined behavior in tuner shutdown (git-fixes).
  • media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes).
  • media: em28xx: fix control-message timeouts.
  • media: flexcop-usb: fix control-message timeouts (git-fixes).
  • media: mceusb: fix control-message timeouts (git-fixes).
  • media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes).
  • media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes).
  • media: pvrusb2: fix control-message timeouts (git-fixes).
  • media: redrat3: fix control-message timeouts (git-fixes).
  • media: s2255: fix control-message timeouts (git-fixes).
  • media: stk1160: fix control-message timeouts (git-fixes).
  • media: vim2m: Remove surplus name initialization (git-fixes).
  • mm, page_alloc: fix build_zonerefs_node() (git-fixes).
  • net: bcmgenet: Do not claim WOL when its not available (git-fixes).
  • net: mana: Add counter for packet dropped by XDP (bsc#1195651).
  • net: mana: Add counter for XDP_TX (bsc#1195651).
  • net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
  • net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
  • net: mana: Reuse XDP dropped page (bsc#1195651).
  • net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
  • net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes).
  • net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (git-fixes).
  • netfilter: conntrack: connection timeout after re-register (bsc#1199035).
  • netfilter: conntrack: move synack init code to helper (bsc#1199035).
  • netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035).
  • netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035).
  • netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
  • netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc#1200015).
  • NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
  • NFSv4: Do not invalidate inode attributes on delegation return (git-fixes).
  • PCI / ACPI: Mark expected switch fall-through (git-fixes).
  • PCI: Do not enable AtomicOps on VFs (bsc#1129770)
  • PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
  • powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753).
  • powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753).
  • powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes).
  • powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173 ltc#198329).
  • powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
  • powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
  • powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
  • powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes).
  • powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
  • qed: display VF trust config (git-fixes).
  • qed: return status of qed_iov_get_link (git-fixes).
  • qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
  • revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
  • sched/core: Add __sched tag for io_schedule() (git-fixes)
  • sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes)
  • sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
  • scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
  • scsi: fnic: Fix a tracing statement (git-fixes).
  • scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
  • scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
  • scsi: pm8001: Fix abort all task initialization (git-fixes).
  • scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes).
  • scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes).
  • scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes).
  • scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes).
  • scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes).
  • scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
  • scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
  • scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes).
  • scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes).
  • scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045).
  • scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045).
  • scsi: qla2xxx: Remove free_sg command flag (bsc#1200045).
  • scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045).
  • scsi: sr: Do not leak information in ioctl (git-fixes).
  • scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes).
  • scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
  • smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes).
  • SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
  • SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes).
  • timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
  • tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729).
  • USB: cdc-wdm: fix reading stuck on device close (git-fixes).
  • USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
  • USB: dwc3: gadget: Do not send unintended link state change (git-fixes).
  • USB: hub: Fix locking issues with address0_mutex (git-fixes).
  • USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
  • USB: quirks: add a Realtek card reader (git-fixes).
  • USB: quirks: add STRING quirk for VCOM device (git-fixes).
  • USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
  • USB: serial: option: add Fibocom L610 modem (git-fixes).
  • USB: serial: option: add Fibocom MA510 modem (git-fixes).
  • USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
  • USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes).
  • USB: serial: pl2303: add device id for HP LM930 Display (git-fixes).
  • USB: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
  • USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes).
  • veth: Ensure eth header is in skb's linear part (git-fixes).
  • video: backlight: Drop maximum brightness override for brightness (bsc#1129770)
  • video: hyperv_fb: Fix validation of screen resolution (bsc#1129770)
  • vxlan: fix memleak of fdb (git-fixes).
  • xhci: stop polling roothubs after shutdown (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2080=1

Package List:

  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • kernel-devel-azure-4.12.14-16.100.1
    • kernel-source-azure-4.12.14-16.100.1
  • SUSE Linux Enterprise Server 12-SP5 (x86_64):
    • kernel-azure-4.12.14-16.100.2
    • kernel-azure-base-4.12.14-16.100.2
    • kernel-azure-base-debuginfo-4.12.14-16.100.2
    • kernel-azure-debuginfo-4.12.14-16.100.2
    • kernel-azure-debugsource-4.12.14-16.100.2
    • kernel-azure-devel-4.12.14-16.100.2
    • kernel-syms-azure-4.12.14-16.100.1

References: